January 31, 2017: Chargebacks911™, a global risk technologies company and an internationally-renowned leader for risk mitigation, announces the appointment of Tracy Cray as Director of Card Scheme Compliance at Chargebacks911’s new Essex location.

Tracy Cray, former Chargebacks & Disputes Manager for The Royal Bank of Scotland, has led Europe’s most successful chargeback processing division for the majority of her 34-year tenure in the payments industry. She also chaired a number of chargeback and scheme forums, including the European Experts Chargebacks Group.

As an unrivalled expert in the field of chargeback management and risk mitigation, Tracy’s in-depth understanding of card schemes and influential relationships within the industry will serve as the cornerstone of Chargebacks911’s latest venture — services tailored to assist issuers, acquirers and enterprise-level merchants. The service will launch in Q1 in Europe and will be offered to qualified clients, backed by a performance and ROI guarantee.

Tracy says, “When it comes to chargeback management, financial institutions are burdened in many ways — it’s impossible to stay current on constantly-evolving regulations, there is little transparency regarding the processes of other entities, and an inability to maintain compliance becomes a major liability. These hidden issues have continued to accumulate without reprieve.”

According to some reports, internal chargeback-related expenses have climbed by 21% since 2015 and are expected to double in 2017.

“For this reason,” Tracy continues, “the services Chargebacks911 is offering will be a godsend to many, taking the guesswork out of the equation completely with effective results that last. I couldn’t be more pleased to lead this unprecedented industry initiative.”

Monica Eaton-Cardone, co-founder of Chargebacks911, says, “Tracy is undoubtedly the most astute chargeback expert I have met, with an undeniable and persistent approach to positively address the core source of any problem she takes on. Her in-depth understanding of the inner-workings of chargeback management is unmatched, and we’re thrilled to have her join our growing leadership team in the UK.”

Chargebacks911’s new services will include, among other things, personalised consulting and results-oriented strategies to assess current policies and procedures. By identifying oversight, errors, and unrealised opportunities, clients will experience an immediate improvement to their bottom line.

The post Payments industry expert leaves RBS to Join Chargebacks911 appeared first on International Finance.

Florian Douetteau

December 12, 2016: In 2016, there are very few industries that big tech players (Google, Apple, Facebook and Amazon – or GAFA) don’t have their hands in. The finance industry is no exception; after having recovered from the global economic crisis of the early 2000s, banks and insurance companies now face a new threat from these large tech companies as well as small, nimble, well-funded startups.

Silicon Valley poses a real threat to traditional banking and insurance industries; but companies in those industries still have the opportunity to fight back.

Big Data: Big Tech’s Weapon

The largest advantage that financial startups and GAFA have over traditional players in the industry is data science. Data science and algorithms are GAFA’s bread and butter – they’ve built their businesses based on complex algorithms and have made huge investments in data science. Similarly, startups in the space are arising out of a mobile, digital era, so they are naturally in tune with big data, having been born out of that era.

Another big differentiator is that GAFA and startups don’t view data science just as a job title for one person at the company; data science is core to the business and driving it forward. It’s the collaborative discipline (the combination of people, data, tools and processes) used to transform raw data into actionable insights and business innovation.

As a result of data science, cutting-edge, technical companies are able to make strides in the financial space by leveraging data mining and predictive modelling to do things like:

• Personalise offers
• Reduce risk
• Create disruptive new products
• Expand markets
• Minimise operating expenses
• Automate traditionally manually processes

And this is just the beginning. With the rise of the internet of things and advancements in machine learning, there will be much, much more.

Big Data in Traditional Banks and Insurance Companies

Thus far, unfortunately, traditional banks and insurance companies have been slower to embrace data science and use advanced technology like predictive modelling and machine learning to improve business. However, those that have started to use big data for meaningful insights have done powerful things, including:

• Enabling personalised policies and premiums in the auto insurance market. Allianz offers a car insurance policy leveraging IoT that allows data tracking through a mobile app and a GPS-equipped dongle. The company can now deliver personalised pricing models, better understand customers, decrease fraud, and encourage positive driving behaviour.
• Proactively preventing customer defections in banking. Bank of America used transaction history to develop new behaviour models of mortgage customers at risk of switching. Data scientists built models based on these recommendations and pushed retention offers to at-risk clients.
• Discovering new customer segments. A large retail banking group mined large archives of transactional data to develop new models of customer behaviour. From these models, marketing and sales identified new offers and promotional campaigns with a threefold improvement in conversion rates.
• Automating life event marketing. A mid-sized insurance company combined customer relationship management (CRM) data, contracts data, weblogs, and social media data to analyse and develop predictive models about when life events were likely to occur. The marketing team was able to successfully develop new event-themed, personalised campaigns automatically triggered in real time.
• Efficiently and accurately detecting fraudulent claims. A large provider of supplemental insurance combined siloed data sets and created fraud detection algorithms, which routed claims real time based on their likely validity. This proved to be three times more effective at fraud detection than the legacy approach.

When competing with the likes of nimble startups and GAFA, data science is clearly the path to levelling the playing field. And in some ways, it even allows traditional banks and insurance companies to get ahead because these businesses have some additional advantages over startups and GAFA. For example, the traditional finance industry already has deep troves of historical (and largely untapped) customer data, physical touchpoints (or branches), a high level of consumer trust, and a deep reservoir of professionals with extensive domain expertise and advanced quantitative skills.

Next Steps

Once traditional finance companies realise the value of using big data to drive business decisions and implement innovative machine learning techniques to get ahead, the next step is actually putting a data lab in place.

Again, banks and insurance companies have the advantage of a professional staff with deep experience in the industry coupled with quantitative skills. These are perfect tools for assembling a data lab; it’s not necessarily about hiring new staff, but assembling a team of the right staff from the business and IT side that will be able to effectively communicate, collaborate, and execute on projects.

Of course, once assembled, this team also needs access to data and an effective tool with which to qualify and prepare that data as well as easily deploy data projects to production. But already equipped with the right staff to make up a team, this is the easy part.

Ultimately, equipped with the right people, processes, and tools, traditional banks and insurance companies can avoid the fate of becoming the back-end plumbing for GAFA and other challengers. They can appropriate the advantages of these newcomers and merge them with their own to become the new marketplace innovators of the 21st century.

Florian Douetteau is CEO and co-founder of Dataiku

The post Banks need not fear startups appeared first on International Finance.

November 24, 2016: With the holiday season just around the corner, merchants are preparing for the most active online shopping time of the year. But, while many focus on marketing and deals, retailers and issuers face a bigger overlooked issue that could move them into the red.

In the US, the sales spree will be initiated on the fourth Friday of November with Black Friday, the day after the Thanksgiving holiday. In 2015, online sales for this event added up to an astounding $2.72 billion, with an additional $1.73 billion spent on Thanksgiving Day.

What started in the 1990s as a curious ‘anti-Valentine’s’ celebration for single people in China, has transformed into the biggest online shopping day in the world. Ostensibly held on November 11, but often extending to a week-long sale, the holiday set a new sales record of around £19 billion in just one day this year.

While these celebrations are increasingly global and popular, with record-breaking sales, huge amounts of attention from customers and greater earning potential for merchants, statistics reveal that severe consequences are likely to follow in terms of chargebacks.

Chargeback volumes can increase by as much as 50% during the holiday season, and this percentage is only likely to continue. But, what are the reasons behind this?

Buyer’s remorse is one of the biggest problems most closely associated with peak shopping days. The drop in prices and the multiple sales during the shopping seasons make customers feel pressured into buying something before it disappears. But, later, with a cool head, customers sometimes change their minds or find a better deal elsewhere and no longer want the product. This regret often results in illegitimate chargebacks for customers trying to find another way to get a ‘refund’.

Similarly, customers are becoming increasingly demanding. Tight deadlines and high pressure around the holidays means small mistakes can be unforgivable to shoppers. If consumers are having a bad shopping experience and are not satisfied with the merchant’s performance, they may initiate a chargeback. A new report from Radial indicated that 71% of shoppers expect their online orders to arrive within five days, while 51% would stop shopping with a retailer if their order arrived later than the promised delivery date.

Adding to this problem, there is a flawed impression for ecommerce regarding the source of fraudulent chargebacks. Even though fighting cybercriminals and protecting customer’s data and money must be a priority for all merchants, criminally fraudulent purchases are surprisingly low on Black Friday, Cyber Monday and Singles’ Day. Only 10% of chargebacks can be attributable to criminal fraud, with 20% coming from merchant error and 70% from friendly fraud.

Friendly fraud occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. It is a problem which is not currently being properly addressed by most retailers.

The truth is the industry is also slow to react. Merchant liability often surfaces in the weeks following these shopping holidays – approximately 90 days after the purchase — as the costs of online fraud and chargebacks become apparent. In addition, big purchasing events, like Black Friday, produce significant alterations to normal customer shopping behaviours, making it even harder for merchants to identify and stop friendly fraud.

For them, sales are often seen as more important, but chargebacks can essentially make a greater loss when adding the value of the lost sale, as well as the cost of the goods and a chargeback fine. Worse still, ineffective or poor chargeback management is about to become even more costly.

The burden of chargebacks is not only owned by online merchants; issuers are getting increasingly serious about enforcing better governance on them. MasterCard recently acted to help reduce its own encumbrance by introducing its new Dispute Administration Fee (DAF). This is a fee passed through to merchants who fall foul of customer chargebacks and fail to effectively dispute their legitimacy. Ecommerce merchants can expect to pay an additional €15 fee for chargebacks they accept without filing rebuttal, and up to €30 if a non-compliant response is filed. Issuers are penalised as well with the reverse incentive.

As this year’s shopping season progresses, merchants who lack a disciplined chargeback policy are likely to be more vulnerable than ever before. The only way to avoid this is for retailers to understand chargebacks and the detrimental affect an ineffective risk mitigation system can have on their business. Beyond losing merchandise and revenue, online retailers can face additional fees and consequences, particularly if they exceed allotted chargeback thresholds.

Adhering to best practices reduces the risk of chargebacks. Superior results are obtained through the use of combined methods which leverage both in-house and outside expertise.

Recent studies performed by Global Risk Technologies revealed that merchants using a combination of fraud management strategies experienced improved performance within every fraud detection tool and reported a gain on average of 22.4% over those who did not utilise a layered approach or combination method.

Retailers don’t need to accept chargebacks as a cost of doing business. Acknowledging the problem and putting in place comprehensive management strategies can ensure merchants benefit from huge shopping days without sustaining enormous financial disasters.

Monica Eaton-Cardone is CIO and co-founder of Chargebacks911

The post The real shopping season sales killer appeared first on International Finance.

Monica Eaton-Cardone

November 24, 2016: With the holiday season just around the corner, merchants are preparing for the most active online shopping time of the year. But, while many focus on marketing and deals, retailers and issuers face a bigger overlooked issue that could move them into the red.

In the US, the sales spree will be initiated on the fourth Friday of November with Black Friday, the day after the Thanksgiving holiday. In 2015, online sales for this event added up to an astounding $2.72 billion, with an additional $1.73 billion spent on Thanksgiving Day.

What started in the 1990s as a curious ‘anti-Valentine’s’ celebration for single people in China, has transformed into the biggest online shopping day in the world. Ostensibly held on November 11, but often extending to a week-long sale, the holiday set a new sales record of around £19 billion in just one day this year.

While these celebrations are increasingly global and popular, with record-breaking sales, huge amounts of attention from customers and greater earning potential for merchants, statistics reveal that severe consequences are likely to follow in terms of chargebacks.

Chargeback volumes can increase by as much as 50% during the holiday season, and this percentage is only likely to continue. But, what are the reasons behind this?

Buyer’s remorse is one of the biggest problems most closely associated with peak shopping days. The drop in prices and the multiple sales during the shopping seasons make customers feel pressured into buying something before it disappears. But, later, with a cool head, customers sometimes change their minds or find a better deal elsewhere and no longer want the product. This regret often results in illegitimate chargebacks for customers trying to find another way to get a ‘refund’.

Similarly, customers are becoming increasingly demanding. Tight deadlines and high pressure around the holidays means small mistakes can be unforgivable to shoppers. If consumers are having a bad shopping experience and are not satisfied with the merchant’s performance, they may initiate a chargeback. A new report from Radial indicated that 71% of shoppers expect their online orders to arrive within five days, while 51% would stop shopping with a retailer if their order arrived later than the promised delivery date.

Adding to this problem, there is a flawed impression for ecommerce regarding the source of fraudulent chargebacks. Even though fighting cybercriminals and protecting customer’s data and money must be a priority for all merchants, criminally fraudulent purchases are surprisingly low on Black Friday, Cyber Monday and Singles’ Day. Only 10% of chargebacks can be attributable to criminal fraud, with 20% coming from merchant error and 70% from friendly fraud.

Friendly fraud occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. It is a problem which is not currently being properly addressed by most retailers.

The truth is the industry is also slow to react. Merchant liability often surfaces in the weeks following these shopping holidays – approximately 90 days after the purchase — as the costs of online fraud and chargebacks become apparent. In addition, big purchasing events, like Black Friday, produce significant alterations to normal customer shopping behaviours, making it even harder for merchants to identify and stop friendly fraud.

For them, sales are often seen as more important, but chargebacks can essentially make a greater loss when adding the value of the lost sale, as well as the cost of the goods and a chargeback fine. Worse still, ineffective or poor chargeback management is about to become even more costly.

The burden of chargebacks is not only owned by online merchants; issuers are getting increasingly serious about enforcing better governance on them. MasterCard recently acted to help reduce its own encumbrance by introducing its new Dispute Administration Fee (DAF). This is a fee passed through to merchants who fall foul of customer chargebacks and fail to effectively dispute their legitimacy. Ecommerce merchants can expect to pay an additional €15 fee for chargebacks they accept without filing rebuttal, and up to €30 if a non-compliant response is filed. Issuers are penalised as well with the reverse incentive.

As this year’s shopping season progresses, merchants who lack a disciplined chargeback policy are likely to be more vulnerable than ever before. The only way to avoid this is for retailers to understand chargebacks and the detrimental affect an ineffective risk mitigation system can have on their business. Beyond losing merchandise and revenue, online retailers can face additional fees and consequences, particularly if they exceed allotted chargeback thresholds.

Adhering to best practices reduces the risk of chargebacks. Superior results are obtained through the use of combined methods which leverage both in-house and outside expertise.

Recent studies performed by Global Risk Technologies revealed that merchants using a combination of fraud management strategies experienced improved performance within every fraud detection tool and reported a gain on average of 22.4% over those who did not utilise a layered approach or combination method.

Retailers don’t need to accept chargebacks as a cost of doing business. Acknowledging the problem and putting in place comprehensive management strategies can ensure merchants benefit from huge shopping days without sustaining enormous financial disasters.

Monica Eaton-Cardone is CIO and co-founder of Chargebacks911

The post The real shopping season sales killer appeared first on International Finance.

IFM Correspondent

April 27, 2016: In order to promote home-grown product startups, angel investors Naganand Doraswamy and Prashant Deshpande; T V Mohandas Pai, co-founder of venture capital firm Aarin Capital; Rajiv Mody, managing director of Sasken Technologies; and Amit and Arihant Patni, founders of Nirvana Venture Advisors came together to launch a Rs 125 crore fund called Ideaspring Capital.

The fund will focus on early stage product innovation startups and entrepreneurs in India. It will invest in technology start-ups with differentiated intellectual property in domains such as machine learning, health tech and internet of things, among others.

The fund will participate in seed deals where it will invest up to Rs 3 crore, as well as series A or pre-Series A deals where it will pump in another Rs 5 crore, said Doraswamy.

Ideaspring plans to handhold its portfolio companies in the first 18 months of their lifecycle and help them with customer feedback and product development.

“Fundamentally, we believe that the enterprise market is a larger cycle. We feel there are several areas which an entrepreneur may not give enough attention. They may not know how to market their product. We will partner with them and help these startups address areas which are crucial,” said Doraswamy.

The fund will invest in four to five startups in a year. India is known globally for its IT services companies, but of late, IT product companies have been making a mark. Facebook’s acquisition of Little Eye Lab and Yahoo’s acquisition of Bookpad shows that the country is capable of producing IT product companies as well.

“See, we know we have the talent. But startups do not know how to access the global market. We will help them get that platform,” said Doraswamy.

The post Tech veterans to promote product startups appeared first on International Finance.

Suparna Goswami Bhattacharya

July 22, 2015: In the last decade, the one revolution that has taken everybody by storm is probably the evolution of mobile phones. From a device meant for making and accepting calls to a multipurpose gadget, the mobile phone has come a long way.

So much that e-commerce companies want to ditch websites altogether or shift to the mobile phone.

While computers remain the device most used for shopping online, mobile is a close second, with smartphones and tablets being the preferred devices for m-commerce. Even here, people prefer mobile apps over mobile browsers.

According to Amit Goel, co-founder, GrowthPraxis, an information resource for the payments industry, of the total online payments made in Q1 of 2015, the share of mobile devices was 27.2 percent. “Of this, the share of the US was 26.7 percent while Europe’swas 28.6 percent. Asia stood at 20 percent. M-commerce is growing so fast that I expect retailers and commerce players shifting their focus completelyfrom web apps and desktop websites to mobile apps and mobile sites,” says Goel.Myntra, the leading online fashion retailer in India, has shut down its website and moved its entire operation onto the mobile app. The company is expecting sales through the app to reach 90 percent of its total sales by the end of the year. Hence, they see no point in managing the web interface any more. Myntra is owned by India’s e-commerce giant Flipkart, which acquired the company in 2014. In fact, Flipkart is expected to follow suit in September this year. “Today, well over 75% of our traffic comes via the mobile app, compared to low single digits in 2013.Majority of these shoppers are from Tier II & III cities. The way India shops has changed.We are seeing a new wave of confidence from shoppers in smaller towns across all age groups,” says Mausam Bhatt, senior director, (Mobile & Digital), Flipkart. The story is nodifferent for the other Asian giant — China. For Alibaba, the leading Chinese ecommerce company, m-commerce has become a key driver of success. The mobile gross merchandise volume (GMV) for the quarter ending March 2015 rose by 157% as compared to the corresponding period in 2014. “Mobile shopping is a rising trend in China and Alibaba Group and its suite of mobile-shopping apps is the leading player in the country.

Source: Statista, 2015

According to third-party research (iResearch), Alibaba leads the China mobile commerce market with an 86% share of the total mobile GMV,” says a spokeswoman from Alibaba.

With plans to expand abroad, Alibaba is likely to be one of the dominant mobile players even in the US where the company is busy with the groundwork.

Though the US has been a little slow in adopting m-commerce, lately it is seeing a surge. US-based Groupon, a deal-of-the-day firm, has also started seeing a shift towards mobile trend. “For us, the shift to mobile happened without us making any effort. We did not really initiate this push. But now, we are concentrating on m-commerce with website being equally important. We have tied up with ApplePay in the US to create a seamless mobile experience for our users,” says Sachin Kapur, CMO, Groupon India.

And the trend is not country specific anymore. “We are definitely witnessing this trend across the globe. According to Forrester, there will be nearly 3.5 billion individual smartphone users globally by the end of 2019. Because of such a huge number of users, every web-based company must take smartphone users very seriously,” says Bhatt

Despite witnessing huge growth in the past three years, m-commerce still remains a small portion of retail as a whole. According to IBM data analytics, on Black Friday, US biggest shopping day, mobile was 39.7 percent of all online traffic. However, mobile sales (21.8 percent of all online sales), though strong, was considerably less than the traffic. This is mainly because many companies are yet to develop a seamless mobile shopping experience for consumers. There is a shortage of mobile friendly m-commerce enabled sites forcing people to continue using their PCs or laptops for online shopping.

Also Read:

IT, mobile to drive growth in retail

‘Payments via mobile phones are predicted to grow to $58 billion by 2017’

The post M-commerce set to leave e-commerce behind appeared first on International Finance.

April 23, 2015

Karan Belani

How do the various payment systems — cash, cheque, credit cards, net banking, mobile payment — compare in terms of

1.       Cost incurred by the customer

2.       Safety issues

There are virtually no costs incurred by the customer when paying in cash. But there are safety issues, especially if you’re carrying a large sum of money. If your credit card is stolen for example, you’re generally protected. If you are robbed of $500 cash, you basically have no recourse. When paying with a cheque, that assumes that you have a bank account which may come with various consumer fees. Most likely, you will also pay a charge for the cheques themselves. Paying with cheques can also represent safety issues if you carry your cheque book around with you. It typically has almost all of the information a criminal would need in order to steal your identity. Costs are incurred by consumers when paying with credit cards only if they carry a balance or go over their spending limit. Safety issues can arise if you’re purchasing items with a credit card over the Internet from an unsafe website. Although you might be able to recoup any lost money, if you don’t recognize what happened quickly, a criminal could run up a lot of charges, and it might take quite a while to get everything sorted out. Internet banking is basically free for the consumer as far as I know, and is generally recognised as being safe as well. However, you do need to take certain precautions, such as installing anti-virus software on your computer. Most mobile payment systems are free to use for the consumer, and they’re generally safe as well. Just make sure you are downloading apps from reputable resources such as iTunes or Google Play and be sure that your mobile device is password protected.

What is the basis for businesses selecting a certain payment system? For example, coffee shops accept cash, CC or mobile payments, but not cheques. Some public transport systems accept pre-loaded cards and cash.

Businesses need to factor in the cost of the particular payment system (credit card processing fee, for example) as well as preferences of consumers who normally want a system that is simple and easy to use. Generally speaking however, the more payment options you can offer to your customers, the more revenues you’ll potentially be able to generate.

How do you see the payment systems evolving in the next 5 years? Especially, in terms of payment via mobile phones.

According to research conducted by eMarketer, payments via mobile phones surpassed $1 billion last year in the United States, and are predicted to grow to $58 billion by 2017.

How does payment by mobile phones work?

You simply place your mobile phone near (or tap it to) the merchant’s Near Field Communication (NFC) reader and your credit card information is transferred over to the business and your payment is then processed.

Would it not be easier to pay by mobile phone as you are saved the trouble of carrying a CC?

I do think it’s easier to pay with a mobile phone.

Is there a possibility that mobile phones will diminish the utility of CCs?

You may see an eventual diminishing of the utility of credit cards, but I doubt that will happen any time soon. They’ll still likely continue to occupy a space in the payments industry. While smartphone ownership is increasing, only 64% of Americans currently own one.

Can mobile payments replace CCs, or other payment systems?

Mobile payments could eventually replace credit cards and other payment options, although I feel that will not happen in the near future.

What is the role, if any, of banks/MasterCard/Visa etc in mobile phone payments?

MasterCard actually entered the mobile payment realm before some of the more recent options, like Google Wallet and Apple Pay. It introduced its PayPass system several years ago. Visa launched its Visa Ready mobile payment system in 2013 as well.

As alternative payment systems mature in the next few years, how will the role of banks/MasterCard/Visa change?

Banks and credit card companies will either have to expand existing mobile payment options or get such a program in place in order to remain competitive.

Also Read:

Exploring digital payments at Money 20/20

Mobile payments: Trends in 2015

Americans being served cards with chips

The post ‘Payments via mobile phones are predicted to grow to $58 billion by 2017’ appeared first on International Finance.

Tim Ring

Aug 4, 2014: The fear of economic cyber espionage is now so great that companies rate cyber security as one of the top three global business risks, according to Lloyd’s of London, along with high taxation and loss of customers.

The worst-case scenario is that your business could, without you knowing it, be targeted by a rogue nation-state that infiltrates your corporate computers, siphons off your IP and confidential data on a massive scale, and passes it on to competitors. And one country’s name stands out above all others in this nightmare scenario: China.

In the last quarter alone, security researchers have disclosed cyber attacks from China against international shipping, logistics and manufacturing companies, US and European satellite, aerospace and communications companies, Japanese and European telecoms companies, and specific targets like Boeing and Lockheed Martin.

But the precise scale and nature of the threat became most clear on May 19 when, in an unprecedented move, five officers from the Chinese People’s Liberation Army (PLA) were indicted by a US court on 31 charges of hacking, economic espionage and stealing trade secrets, dating back to 2006.

The victims were American companies across a number of industries, and the beneficiaries were all state-owned Chinese enterprises. The accusations – vehemently denied by China – help to explain how, and why, businesses are targeted:

* In 2010, Sun Kailiang, an officer in Unit 61398 of the Third Department of the PLA, hacked US power plant manufacturer Westinghouse to steal technical and design specifications for power plant pipes and related products. At the time, Westinghouse was building four plants in China and negotiating terms of the construction with a Chinese state-owned enterprise (SOE), including technology transfers.

* In 2008, Sun Kailiang sent a “spear-phishing” email (a plausible fake message containing hidden ‘malware’) to US aluminium producer Alcoa that resulted in thousands of email messages and attachments being siphoned from Alcoa’s computers, including internal discussions concerning its partnership with a Chinese SOE.

* In 2012, another Chinese army officer, Wen Xinyu, stole thousands of computer files from US solar energy supplier SolarWorld, the charges say. The theft happened just as the US Commerce Department ruled that Chinese solar product manufacturers had ‘dumped’ products into US markets at prices below fair value. The stolen data included cashflow, costs and production line data, and privileged attorney-client communications relating to ongoing trade litigation. “Such information would have enabled a Chinese competitor to target SolarWorld’s business operations aggressively from a variety of angles,” say the charges.

China not alone

The evidence shows that businesses are being deliberately targeted by government hackers in search of specific types of IP and data, to gain commercial advantage and sometimes improve their negotiating position.

But is the threat limited to China? The answer is: no.

While every developed country spies on other nations, the US insists that (unlike China) it draws the line at infiltrating foreign firms and passing what it finds to its own companies.

Yet in claiming this moral high ground, White House spokeswoman, Caitlin M Hayden, revealed that it is not just China who fail to reciprocate: “We do not give intelligence we collect to US companies to enhance their international competitiveness or increase their bottom line. Many countries cannot say the same,” she told the New York Times in March.

Paul Simmonds, founder of the international Jericho Forum, which aims to improve companies’ information security, agrees: “As much as we like to name and shame China, everyone is involved. Every major power is doing it to some extent,” he said.

Simmonds believes even the US may be culpable, pointing to a recent report by Glenn Greenwald, a journalist close to whistleblower Edward Snowden, which revealed that America’s NSA intelligence agency routinely planted ‘spyware’ in internet routers and servers before they were shipped to international customers – potentially allowing the US to hack industrial companies across the globe.

But Dmitri Alperovitch, co-founder and CTO of CrowdStrike, a US cyber security firm which specialises in tracking advanced attacks, is adamant the threat is limited to China and a few other nation-state attackers – who, unlike China, tend to target specific industry sectors.

Alperovitch singles out Russia (attacking primarily energy firms, oil & gas, nuclear), India (financial and legal firms), Iran (so far reconnaissance-only attacks on energy companies) and even France who have “traditionally not shied away from economic espionage; we have seen some activity in the aerospace sector from French actors”.

He also points out there is a dramatically different scale of threat between China and the rest. Attacks from China since 2005 have numbered in the tens of thousands, he said. From other countries – dozens.

“China is not the only player but they are by far the largest,” he said. “It’s literally orders of magnitude difference.”

Chinese hackers have hit a wide range of industries, he says, including energy, manufacturing, high-tech, environmental sciences, solar power, nuclear energy, finance (primarily M&A banking divisions of financial institutions); as well as law firms who hold confidential data on clients spanning many industries and typically have “very little security so they are the soft underbelly”.

Jen Weedon, principal threat intelligence analyst at Mandiant, another well-known pursuer of state cyber criminals, agrees with Alperovitch’s take: “In terms of economic espionage, China is vastly ahead of everybody else in the quantity of their activity,” she says.

Weedon also tops up the list of industries being hacked: “We’re seeing more and more utilities, energy companies and pharmaceutical/healthcare companies targeted. We’re also seeing financial companies get targeted not for financial theft but for information related to their business processes – information that might allow other people doing trading platforms and things like that to replicate business processes.”

Out of patience

In the face of this persistent Chinese cyber threat to business, America has abandoned tact and quiet diplomacy. Along with the ‘naming and shaming’ court indictments in May, both President Obama and US Secretary of State John Kerry have raised the issue publicly. On a July 9-11 visit to China, Kerry spoke of the country’s cyber attacks having a “chilling effect” on business innovation and investment.

Despite that, there is little optimism that China, and others, will moderate their activity.

There is “absolutely no sign” of change, Alperovitch said. “It’s no longer the art of war with China, it’s the art of denial. So far they have issued blanket statements saying China does not hack in the face of overwhelming evidence to the contrary. The Chinese have just rejected all accusations and basically tried to shut down discussions.”

Weedon agrees: “There’s been no appreciable difference in activity from China since the indictments and these dialogues that we’ve noticed. Maybe in the long term it might start to shift, but because this activity is so institutionalised it’s not easy just to stop on a dime.”

So with little prospect of change, what can companies do to protect themselves?

Instead of simply installing swathes of security hardware and software, Alperovitch suggests businesses need to use ‘threat intelligence’ (detailed knowledge of attackers, their likely targets and methods).

“In this day and age you can’t just defend yourself against everything and everyone. You need intelligence on who they are, how they operate, what information do they want,” he says.

“That’s probably the biggest shift in mindset that we’re seeing – the use of intelligence to look out for specific attackers who are likely to go after you, based on your business and based on the intellectual property that you’re going to have.”

Paul Simmonds puts less faith in current security approaches. “What we’re doing at the moment is horribly broken. Basically your systems are wide open,” he says. “But you can do one thing right now: you have to start encrypting your data. Then if someone accesses your data, guess what, it’s totally useless to them because it’s encrypted.

“That’s a do-it-today. For me that’s better than any magic thing sitting there sniffing my traffic, trying to detect strange packets coming in from China.”

But Jen Weedon only partially backs this advice: “If you are out and about and have disks or devices that are mobile or removable, then you should encrypt the files on it is as it adds that extra layer of security,” she says.

“But having a business encrypt all of the information on all of its servers in its environment may not be a feasible solution. Encrypting all these files can lead to your business being affected (for example, by complicating nimble communications or operations) which could outweigh the overall boost to security for many businesses. Ultimately it is a risk/reward calculus that each business must do for itself.”

Currently then, there are few glimmers of hope for companies who, armed with inadequate security shields, stand against what remains a powerful and apparently unrelenting economic cyber espionage threat.

The post There is no escaping the cyber threat appeared first on International Finance.