Author: Margaret Ford

Margaret is a Consultant at Consult Hyperion. She has extensive experience in the design, delivery and management of enterprise scale network security systems. With a special interest in Identity, Privacy and Risk Management, she has delivered numerous projects for major financial institutions and corporate clients. She also has many published papers in the area of Digital Identity and Information Security Risk Management, including extensive work with the European Commission.

Brazilians wow the world of Open Banking

Posted on by Leave a comment
flag of brazil

At last week’s FDX Virtual Spring Global Summit, I received a glimpse into the huge strides being made by the Financial Data Exchange in the adoption of their data sharing API for the US market. In the context of minimal centralised regulation in the US, progress is driven by industry. This marks a substantial move away from screen scraping, which has historically been prominent in the US market. While the API approach provides value in terms of security and standardisation, many organisations still depend on screen scraping to support their business model.

Continue reading “Brazilians wow the world of Open Banking”

Safer Internet Day 2022 – It’s all about you!

Posted on by Leave a comment
person in red pants sitting on couch using macbook

For Safer Internet Day, I thought I’d bring a Mediterranean theme. As a classicist, I frequently switch between ancient and modern, applying time-tested principles to emerging technologies. Plato had it right on data protection: the price of not participating in public life is to be ruled by less able men.

Continue reading “Safer Internet Day 2022 – It’s all about you!”

Children’s Digital Rights

Posted on by Leave a comment
mother helping her daughter with her homework

At Consult Hyperion we frequently discuss the implications of financial crime migrating online. You’re less likely to be mugged at the cashpoint but the online environment is of course open to a wider range of attackers, often well hidden, and operating in diverse geographies. Personally, I have little patience with those who cite the Four Horsemen of the Information Apocalypse’: terrorists, drug dealers, kidnappers and child pornographers. It is, therefore, particularly refreshing to see a genuinely practical approach to child protection being promoted by TrustElevate, drawing on opinions expressed by young people themselves.

Continue reading “Children’s Digital Rights”

#IWD2021 – Cybersecurity really is a great place to work

Posted on by Leave a comment
photo of people reaching each other s hands

As an example of creative thinking in promoting inclusion, I would like to highlight John Patrick Crichton-Stuart, 3rd Marquess of Bute, a thoroughly modern Victorian, educated by his mother until the age of 12. He was ridiculed by society for his progressive views in paying great attention to the education of his daughters as well as his sons. Considered the richest man of his time, his hobby was building the finest fairy tale castles. He also built a magnificent building for the medical school at the University of St Andrews and endowed the Bute Chair of Medicine. When the male anatomy lecturer refused to teach women, he simply hired a woman as an additional lecturer, to teach any students who wished to learn with her. In this way, he managed to provide an environment in which women and men could train alongside one another, without coming into conflict with the existing hierarchy. Perhaps surprisingly, we still have lessons to learn from his approach.

Continue reading “#IWD2021 – Cybersecurity really is a great place to work”

Paying for food

Posted on by 1 Comment

It feels strange to be writing about paying for food, one of the basic skills we learn in early childhood. However, these are exceptional times, when the basic notion of how we pay is being challenged. It seems we are now considering the different options for paying safely when physical contact must be kept to a minimum.

Consult Hyperion has been alerted to many requests for advice from community groups who normally rely on cash payments, so in response we have drawn up some guiding principles:

1. Maintain good practice: be aware of the vulnerability, both real and perceived, of people unable to leave their homes. Asking them to do things differently risks increasing anxiety and leaving them open to fraud.

2. Keep it simple: work with payments options people already use, and those they are familiar with. The large spike in phishing attacks over the past month highlights scammers’ eagerness to abuse this situation.

3. Maintain records: clear and consistent transaction logging is essential to protect both organisers and the people they are helping. Keep invoices for tracking and reconciliation purposes.

4. Work with existing networks: local authorities, housing associations, care providers, charities, community groups, faith groups, even village shops. The mix will vary according to the community.

5. Only allow demonstrably trustworthy individuals to handle payments: the list of people permitted to countersign passport applications could be a good starting point, but each community is different. Trust is vital in payments.

6. Keep payments and shopping separate: older readers will remember having an account with their local shop and having items added to their tally, paying the bill weekly or monthly.

7. School meals provide a good example: cards (or biometrics) are used to ensure all students have equal access to food, without the stigma attached with free school meals. Food is still served, even if the system has technical issues.

8. Take the time to discuss people’s preferences over the phone: The person receiving the shopping doesn’t have to be the person who pays. Be creative in encouraging people to contribute a little extra, or allow friends and family to pay on their behalf.

When organising payments, only use options people already have. This is not the time for a stressful sign-up process. In order of preference:

Online – PayPal, Bank Transfer, Pingit

With any new online payment, if there is a level of trust through an existing relationship, ask the account holder to send a small sum of 1p or 10p to the intended account, to check that it does arrive in the right place.

PayPal: convenient if you already have an account. Allows you to choose different sources of funds to transfer. Can be used for paying individuals as well as organisations. Includes a degree of protection.

Bank transfer (frequently referred to as Faster Payments): Despite communication from many of our banks, the full roll out of Confirmation of Payee is delayed. There is uncertainty over whether the money will arrive in the right place, so test initially with small amounts. It is irreversible. It can be performed easily via internet banking if you have the capability. Telephone banking is currently overloaded.

Some apps enable an invoice with bank details to be presented through a link to web page. This is better than simply sending requests for payments within an email, as fraudsters can’t just intercept the email and change the recipient details. It requires more effort to set up a fraud and is more likely to get spotted.

Pingit: Less widespread but convenient person-to-person payments which can be sent to a mobile number.

Contactless at the door

Using a portable reader from companies like iZettle, SumUp and Square. Apple Pay and Google Pay are good options as they allow higher value payments without the need to touch the device, if people already have the capability. Appropriate distancing must be observed.

Cheques

The householder only has to part with a single piece of paper and does not have to receive change. Cheques will have to be paid in and take a while to clear but there is very little risk of the householder absconding.

Cash

People are encouraged to avoid handling cash and avoid touching ATMs. Keeping cash in the home makes people more vulnerable. However, some people rely on cash. Where change is to be given, this should be arranged in advance and put in an envelope.

These are extraordinary times, which force us to look differently at the way we pay. Consult Hyperion have been enabling secure payments for over 30 years and we are able to apply our own Structured Risk Analysis process to understand the threats and possible countermeasures in every situation. These threats normally relate to the security of systems but in this case also encompass the risk of infection and people being left without essential supplies.

Finally

If you are reading this from home and need help, try phoning your local shop. If they are not organising deliveries themselves, they may well be aware of groups who are. Many local stores and community groups are providing help to these who need it, providing a much needed service. Get in touch with your local group.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights