In the 2013 film "White House Down," Jamie Foxx portrays the President of the United States. His life is at risk after the White House is taken over by a group of terrorists. In order to infiltrate what is arguably one of the nation's most closely guarded residences, terrorists compromise the Secret Service. As with all Hollywood blockbusters portraying threats to the White House, elaborate efforts are undertaken to evade the terrorists by way of the "secret" underground tunnel system that was created below 1600 Pennsylvania Ave. during the Truman administration. While this all makes for an extremely entertaining film, in real life it turns out there is a far simpler way to put the White House on lockdown - simply send a toddler through the fence. At least that's how a toddler did it last August when he got away from his parents, squeezed through the gates and caused a temporary lockdown.
As the parents of any toddler can attest, little people are frequently capable of creating major drama in the most unexpected ways. Naturally, this made us think about the potential disruptions regulators are concerned could be introduced into the banking system through any one of the numerous new payment systems that are being adopted by the banking industry and making their way into the daily usage by consumers. As such, the OCC has said it is focusing its efforts for the second half of 2016 on ensuring that banks are prepared for the new cyber risks that could occur when new payment systems are rolled out.
As banks small and large aggressively adopt and incorporate new payment methods into their offerings to meet customer demand, one thing they can be certain of is the fact that hackers are equally aware of these same offerings. As such, it is more than likely that hackers have already begun searching for ways to access and exploit any new payment method. They will likely use a variety of tactics, including identity theft, weakness in app security or more elaborate money laundering efforts. Because of this reality, the OCC wants to be sure that banks are not only aware of the risks new payment methods present, but that they are also measuring their own vulnerabilities.
The OCC wants banks to make sure they continuously educate themselves about the risks of mobile payment services and digital currencies. Further, banks need to be sure to look beyond their own operations to include every step of the payment chain (such as the inherent risks at merchants themselves). Since banks and credit agencies are already more knowledgeable about the inherent risks of money laundering and cyber-crime than merchants, the OCC suggests that it would be beneficial for banks to take the time to educate merchants. Education programs for merchant customers and prospects should include the rising threat of cyber security, weaknesses that can occur at the merchant level and a primer of basic steps merchants can take to help with the problem on their end.
Additionally, the OCC wants banks to plan to regularly use the self-assessment tool that will be included in the updates to its soon-to-be-released Information Technology Examination Handbook. The OCC is hoping to level the playing field a bit more for banks by taking advantage of the authority it has under Dodd-Frank to enhance its oversight of payment providers outside of the traditional banking industry (such as ApplePay & Google Wallet).
Lots of opportunities await with the adoption of new payment systems, so banks just need to keep up with the risks as well. Doing so will ensure both those schemes elaborately planned and those more accidental (like the kid who slipped through the White House fence) are handled quickly and professionally.