Global payment companies held their first joint cybersecurity war games to test their systems’ readiness for simultaneous attacks, uncovering differences in their defences including even how to define a crisis.
JPMorgan Chase & Co, Mastercard, WorldPay and Fidelity National Information Services were among the 18 payment processors from the US and the UK that took part in the exercises, which were held Friday at IBM’s test centre in Cambridge, Massachusetts. Some of the findings, which will be disclosed at a conference in Atlanta on Wednesday, were shared with Bloomberg News in advance.
Financial firms have led spending on cybersecurity as high-profile attacks exposing customer data and theft of funds raised pressure on the industry. Executives and regulators are concerned that a systemic attack on the plumbing of the financial system could disrupt the global economy, and cooperation between the industry and government agencies is increasing.
“We put competitors in the same room together, which initially they were hesitant to do,” said Rob Johnston, head of operations at FIS and one of the organisers. “But they realised pretty fast how valuable such a gathering is. When there are multiple breaches in an organised attack, it’s better to coordinate the response.”
The participants discovered that they had varying definitions of a crisis related to breaches as well as differing approaches in how they reach out to law enforcement. Agreeing on a common definition and streamlining cooperation with government agencies will be goals for the payments industry, Johnston said. The sector will also seek a more formal way of sharing information on threats, he said.
Some of the payments firms are members of the Financial Services Information Sharing and Analysis Centre, known as FS-ISAC, a forum for banks, broker-dealers and insurance companies to share data on threats. Banks and brokerage firms have been holding cyber war games regularly since 2011, testing the US capital markets’ readiness for attacks. — Reported by Yalman Onaran, (c) 2018 Bloomberg LP