The Developing World of Online Security: A PayCLT Discussion

On May 20, 2016, The Garage at Packard Place was once again the host location of PayCLT, this time hosting Paul Falor who is the VP of Global Information Technology at North Highland. Falor is an expert in information security management and talked about the developing world of online security, most notably in regards to mobile payment transactions. Due to the rapid expansion of FinTech in our day-to-day lives we are more susceptible than ever to cybersecurity attacks and need to stay aware of both the current threats and preventative measures that can be taken to secure ourselves.

The first thing Falor elaborated on in his presentation was how different the world of financial fraud has become. The most prized possession in financial theft used to be a debit or credit card number that you could use to run up purchases before anyone noticed, but now the biggest target is a social security number in order to open many cards and accounts, and these are obtained not by stealing a wallet, but by taking advantage of weaknesses in cyber security. In our age of technology, there are more inventive and accessible ways than ever for people to have their financial information stolen and this has created a massive and lucrative market for individuals who have the means and desire to steal this information. There are also cultural issues that have exacerbated the threat of cyber security breaches. For instance, there is a negative stigma associated with cybersecurity, especially within a business environment, that it has a tendency to slow down processes and make them less efficient. Embracing this mindset will cause vital security steps to be overlooked and put an entire company at risk of an attack that could have been avoided with a more forward-thinking approach to cybersecurity.

Falor also noted a number of considerations that need to be made when making mobile payments, as they are some of the most vulnerable transmissions for a data breach that can expose an individual to theft. The first thing you always need to remember is that public Wi-Fi is just that: public. Technically speaking, anything you do on public Wi-Fi can be tracked by anyone in the vicinity using easily available methods, and if you input payment information while someone is doing this then you have exposed yourself to the theft of your personal financial information. Mobile payment methods that equip NFC, audio-jack transmissions (such as Square), or barcode-based payment systems are also open to having your financial transaction information stolen. On top of all of this, there is a significant lack of malware and antivirus software available for mobile devices and this puts them at even greater overall risk, as compared to completing transactions via a computer where anti-virus software is very common and constantly updated to protect against the newest threats.

Despite all of the ways in which you can have your personal financial information stolen through mobile payments or other methods of exploiting technological weaknesses, Falor named some steps that can be taken to protect yourself from these attacks.

Some ways that you or your business can protect yourselves are:

  • Restrict remote access to anything you want to keep secure
  • Enforce password policies for all employees of a business
  • Assure employees are using secure company devices only for business activities
  • Monitor all outbound traffic
  • Eliminate flat networks
  • Validate ALL inputs
  • Enforce lockout policies
  • Know your data, where it is, and who has access
  • Audit user access and publish results
  • Encrypt and backup everything

The next event is on June 20 in The Garage at Packard Place and the topic for the event has not yet been announced, but any updates can be found at