Mastercard, WorldPay and Amex among the payment processors in first-ever 'cyber war game'

Payment processors tighten collaboration to fight rising IT security threats

Payments organisations and banks held their first-ever joint cyber-security war game on Tuesday in a bid to test their systems amid rising IT security threats.

Mastercard, WorldPay and American Express (Amex) were among the payment processors that took part in the exercise, held at IBM's test centre in Cambridge, Massachusetts.

Some of the findings from the exercise will be divulged at a press conference in Atlanta, Georgia today.

One of the organisers of the exercise, FIS chief information security officer (CISO) Rob Johnston, told Bloomberg: "We put competitors in the same room together, which initially they were hesitant to do. But they realised pretty fast how valuable such a gathering is. When there are multiple breaches in an organised attack, it's better to coordinate the response."

While initially reluctant, as Johnston notes, to share information the organisations found that they had different definitions of what constitutes a security threat and different approaches to engaging law enforcement.

Talking to Bloomberg, Johnston indicated that the organisations planned to agree on common definitions and streamline their cooperation with government agencies. The sector had also committed to more formal ways of sharing information regarding threats.

The exercise comes as banks and payment processors are increasingly targeted by sophisticated attackers.

In February 2016, for example, an attempt to steal $951 million from Bangladesh Bank, the central bank of Bangladesh, almost succeeded with the attackers managing to steal $101 million before the series of transactions were stopped. Some $20 million was also returned before the thieves were able to withdraw or transfer it.

That and a number of other, similar attacks - some of them successful - had targeted banks' SWIFT international payments systems. Other attacks have focused on cash machine ‘jackpotting', with Cosmos Bank in India recently taken for $13.5 million over one weekend after the attackers had compromised the bank's internal ATM management software.

This enabled the attackers to use cloned cards to, effectively, make unlimited withdrawals using hundreds of agents across the world.

The finger of blame for many of these attacks has been pointed at North Korea, which runs a shadowy organisation dedicated to raising foreign currency by various illegal means, including counterfeiting, manufacture and sale of illicit drugs and cyber attacks on banks and crypto-currency exchanges.

North Korea has also been blamed for the WannaCry ransomware outbreak last year.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.