Who controls our data? A common theme at the MasterCard academy of risk management

With online credit card fraud only continuing to rise, the latest MasterCard Academy of Risk Management event reminded us that the only way to fight this threat is together as an industry.

Kicking off the Asia Pacific segment of the event series in Kuala Lumpur, Malaysia, the General Counsel and Chief Franchise for MasterCard, Tim Murphy, reminded us that EMV and Tokenisation are important tools in the fight against hacking. This advice is particularly relevant for retail given the number of major US retail chains suffering a credit card data breach recently.

Balance was a key theme that was stressed throughout the conference; Tim and the other event speakers reiterated that that businesses need to earn the trust of their consumers through a sense of security, but at the same time this should not get in the way of them providing a quality customer service experience.

The Senior Regional Counsel for Privacy Data at MasterCard, Derek Ho, also emphasized the need for balance when dealing with sensitive data, asking hard-hitting questions like where the line should be drawn when deciding who gets to control data, and to what degree.

Derek spoke at length about the laws and penalties countries are adopting to force companies to take data protection more seriously. He strongly believes that more data breach laws are on the horizon, and that Japan is a country worth keeping an eye on, as they try to find a balance between using data in a big data world and respecting the individuals right to control the use of data.

Representatives from law enforcement also presented and revealed the current cybercrime trends, even giving insights into the minds of internet criminals. The Detective Chief Inspector attached to the Counterfeit & Forgery Section of the Hong Kong Police, Ian Cowieson, shared the alarming statistic that Card Not Present online fraud has an abysmal 4% detection rate. Rebecca Ledingham from Interpol shared profiles of malware developers they have caught, and the fact that they all share very similar backgrounds and psychological patterns. So the good news is the bad guys are being actively chased by international law enforcement. The bad news is that new criminals are surfacing all the time given the high ROI a successful data breach can generate.

Ground Labs supported the Mastercard event as a sponsor and contributed to the knowledge exchanging throughout the event. As the broader industry knows well, the Asia region is lagging far behind its European and North American counterparts for security compliance initiatives due to a lack of compliance enforcement. However, given the level of interest shown towards PCI compliance and data privacy by attendees, it’s a positive sign that sensitive data security & protection will be given the attention it deserves by businesses in the region, once more compromises are announced in the public domain through mandatory data breach disclosure.

On the heels of last week’s solid event, MasterCard is getting ready for the next leg of the MasterCard Academy of Risk Management series, which will be held in Dublin, Ireland, from September 29 to October 2, 2014. The event is set to cover a wide range of important topics such as European fraud trends and data security threats impacting the region.

Ground Labs will once again be attending and sponsoring the event, and we are looking forward to more great learning and sharing opportunities with other industry professionals.