The reign of credit card and identity fraud for profit will come to an end in a number of years as the cyber crime scope changes.
Speaking to IT Security Guru at the Dell Security Summit in Brussels, Tim Brown, executive director of security at Dell Software, said that he felt that espionage would increase as we see an attacker who goes after information systems, and there will be more attacks on data using an insider, but stealing identities and credit cards will be passé.
Brown said: “The reason that there are so many incidents is because cyber criminals turn incidents into money, and that is why it is so attractive. But this will change in the next five years, due to the introduction of Chip and PIN, near field communication (NFC) and the fact that credit card data itself will not be very valuable.
“Look at black hat security as a business: credit card fraud will be a big piece of the pie; identity fraud will be there too but will be a bit smaller; while espionage and cyber crime will be there, but we do not see the market space as dramatically. But we will see a shift that changes into other models.”
He said that one to consider is cyber espionage, as the capabilities are there and he said that it will be interesting to look at how the “adversary economy” changes. “From a business perspective, they will have to change their model or join an espionage army,” he said.
Christopher Boyd, malware intelligence analyst at Malwarebytes, referred to statistical data from 2012, where there were more than a billion credit cards in use in the US alone, and add debit and credit cards to that list for everyone globally.
He said: “There are only ever going to be a limited amount of companies or individuals worth targeting with espionage – but everybody has a piece of plastic in their wallet worth chasing down.
“Security mechanisms will always develop as time goes by, but banks will have a hard sell convincing customers that they have to jump though more hoops when withdrawing money. ATM skimmers will always be around, banking phishes and Trojans won’t go away anytime soon and if we have a way into our bank account online or off, so do they.
“It’s also questionable how quickly any new forms of security technology could be rolled out in places outside of the US and Europe, especially within a five year timeframe.”
Payment security consultant Neira Jones, told IT Security Guru that there were many “faces of fraud”, and that the threat never ends, and often if one side is reduced, another form emerges. “Look at the UK’s move to EMV, we were in the same position as the USA before the rollout when it came to fraud,” she said.
“We deployed EMV and eradicated fraud and we also added 3D Secure to provide better security, but we want to eradicate reliance on numbers as tokenization will become more prominent.”