2015 Predictions: Financial services and payment processing

Joseph Green, Vice President, Systems Engineering, APAC, Palo Alto Networks

Although financial institutions have long allocated resources to security, they have often been under siege, and have frequently been victims of some of the largest breaches in recent years, including the Standard Chartered hack affecting 650 clients within the region.

Bottom line: they still need to do more. Here are a few of my predictions on this industry for 2015:

1. The pace of investment will accelerate and companies with best-in-class security will stand out.
2015 will see a change in the level of innovation and investment, and overall spending and investment in resources will accelerate, driven by companies that have kept pace with security, implementing all best practices, from network segmentation to systematic patching.

Organisations that have best in class security will stand out from others who still need to catch up. We'll know this because hackers will prey on the least protected companies as low hanging fruit — easy to spot.

2. More regulations will surface for segments that are core to the integrity of the international financial markets including trading exchanges.
With various tech innovations in banking (ie card payments, mobile and system virtualisation), we expect Asian regulators to step-in and implement compliance measures to ensure that financial institutions have technology risk management strategies in place for IT security and system failures. Singapore is a great example, having introduced its "Technology Risk Management Guidelines", which include government requirementson maintaining high levels of availability, reliability and recoverability of financial institutions' critical IT systems.

However, incidents such as the recent power outage at the Singapore Exchange (SGX) can still happen to any other financial organisation. Technology risks are inevitable, so regulators will continue to craft safeguards that will seek to avert disruptions caused by lapses in technology.

3. 2015 will see the start of the overhaul of the payment processing segment
Asian countries are slowly catching-up in terms of card security. For example, banks in the Philippines have recently been mandated to replace all magnetic strip cards, with EMV chip cards by 2017. However, risks in general, will still persist in other payment channels such as online and mobile. 

Furthermore, as we anticipate the introduction of new innovative payment technologies such as ApplePay, security will remain to be a threat. Priorities on new payment technologies are still based on costs and fees more than security.

Just like any other new and hyped technology, Apple Pay and virtual payment schemes will no doubt become prime hacking targets. Securing payment processes should remain a top priority for any business.