The cybersecurity opportunity is growing

A

report from GlobalData entitled Cybersecurity in Payments identifies which companies are best placed to succeed in a future filled with multiple disruptive threats.

Released by the Thematic Research unit of GlobalData, the report deploys its 'thematic engine', a unique thematic methodology for ranking all companies in all sectors based on their relative strength in the big investment themes.

GlobalData’s Thematic Research team defines a theme as any issue that keeps a CEO awake at night. GlobalData’s thematic research ecosystem is a single, integrated global research platform that provides an easy-to-use framework for tracking all themes across all companies in all sectors. It has a proven track record of identifying the important themes early, enabling companies to make the right investments ahead of the competition, and secure that all-important competitive advantage.

The researchers rate the performance of the top 1,000 companies against the 50 most important themes impacting those companies, generating 50,000 thematic scores. The algorithms in GlobalData’s thematic engine help to identify the long-term winners and losers within each sector.

The main technology trends shaping the cybersecurity in payments theme over the next 12-24 months are shown below.

AI: Plays a key role in defending against cyberattacks – especially when hackers are implementing methods including the use of AI that make cyberattacks more difficult to detect. In the payments space, AI will play a key role in fraud detection and prevention.

AI is capable of unifying all facets of payments, including card present, card not present, digital banking and payments, various forms of authentication, and behavioural changes in activity. All of these will leverage the use of AI technology – and its capacity to adapt, learn, and adjust – in the detection and prevention of cyberattacks

Ransomware: The May 2021 ransomware attack on the Colonial Pipeline petroleum distribution network in the US shows that such attacks are becoming more frequent and high profile. The banking and payments industry experienced a 520% surge in ransomware and phishing attacks during the second quarter of 2020 according to Arctic Wolf.

And it is not just banks that are being targeted, but also systems providers to the banking and payments industry. American Bank Systems, a provider of banking software and systems in the US, experienced a ransomware attack in November 2020 that saw client data leaked. Ransomware is an area of cybersecurity the payment segment will need to be extra vigilant about.

FIDO Alliance: Identity authentication is an area the banking and payments sector cannot operate without. But consumers find it annoying to have to remember different passwords and types of authentication processes. Banks and payment providers are also constantly trying to keep up with managing and securing customer identity and authentication processes.

Many from the technology industry – along with banking and payment providers – are part of the FIDO Alliance, where members aim to address issues around passwords and authentication. In February 2020 Apple joined the alliance alongside existing members such as Amazon, Facebook, Google, and Microsoft.

FIDO hopes to address the problems associated with passwords by providing a set of standards for simple yet strong authentication. Despite today’s sophisticated cyberattacks, safety mechanisms (notably passwords) remain stuck in the past, meaning attacks are easy to launch. Fingerprint or facial recognition are likely long-term solutions, although facial recognition is raising privacy concerns.

Cross-site scripting (XSS) attacks: XSS is a security weakness in web applications. XSS allows attackers to slip a malicious script into victims’ web browsers. Web application security is the most vulnerable element according to Verizon’s tracking of global cybersecurity breaches.

Around the world over 40% of all cybersecurity breaches experienced by the information industry involve web applications as per Verizon’s 2020 Data Breach Investigations Report. The report stated that there were over 15 million XSS attacks in the last quarter of 2020 alone.

Staged payloads: Malware authors are starting to pack and build their attack payloads in such a way as to evade AI defences. Attackers have begun packing larger samples with a significant amount of commodity libraries and benign code, accompanied by a tiny percentage – sometimes less than 1% – of malicious payload, or code with malicious intent.

The intention is to bias the package by including so much benign code or common software that a machine learning algorithm will let it through. However, new machine learning-led monotonic defensive models are beginning to catch on, down-weighting code that looks too good to be true.

Opportunities and demand for cybersecurity protection in payments will continue to grow across the world as the value of payment transaction grows. Over 2019–24 the size of payment transactions by value will continue to grow – especially in the payment card and mobile payments spaces.

Mobile payments will record a CAGR of 21.9% over the period, followed by payment cards at 10.4%. Based on data collected by banking and payment sector association UK Finance, around $1.03bn was lost due to fraudulent payment card transactions in 2020, accounting for around 45% of all payment-related fraud in the UK.

Over the next few years, the key area of growth for payments will be ecommerce as consumer purchasing habits continue to shift from offline to online. This trend has been accelerated by the Covid-19 pandemic.

Based on our forecast, ecommerce payment value will grow by almost 60% from 2020 to 2024, rising from $4.6tn to $7.3tn. As payment gateways and the ecommerce segment record higher volumes and values of transactions, they will experience greater challenges on the security front. Therefore, over the next few years, ecommerce transactions will be a key area for cybersecurity service providers to target.

According to fraud data tracked by UK Finance, fraud derived from ecommerce transactions is the fastest-growing area by value. Between 2011 and 2020, the value of fraud in the ecommerce space recorded a CAGR of 11.7%, followed by online payments (CAGR: 8.3%) and card present transactions (CAGR: 6.0%). While tackling fraud is crucial across all areas of payments, opportunities will be most pronounced in the ecommerce space.

The image below shows the key players in the cybersecurity value chain. The companies are segmented to show leading cybersecurity vendors, specialist cybersecurity vendors in the payments industry, and the banks that are leading the way in terms of cybersecurity adoption.

Vendors with large customer bases – and especially customers in the Fortune 500 category – are how we identify the leading cybersecurity vendors. They are also companies that generally get the most exposure in business and industry journals. Specialist cybersecurity vendors in payments are not commonly known, except to those working in the specified areas.

Lastly, the leading cybersecurity adopters in payments are the providers whose implementations of cybersecurity technologies are often the benchmark in the industry that other payment providers could learn from.

GlobalData’s Thematic Research unit ranks companies based on overall leadership in the 10 themes that matter most to their industry, generating a leading indicator of future performance. In the payments sector, the thematic leaders are shown in the table below.