Coordinated cyberattacks against financial institutions are not likely to disappear anytime soon, but a recent surge unfolding in Brazil should heighten payments industry security awareness in light of the country’s growing electronic-payments market.
A computer-hacker group calling itself Anonymous Brasil has pushed its message about government corruption in Brazil through a series of cyberattacks over the past week that shut down parts of several bank websites.
No card or personal data were exposed during the attacks, but the fact that hackers could shut down some bank service pages doesn’t rule out the next phase possibly being an attempt to gather card data, experts warn.
Indeed, the economy in Brazil has grown dramatically in the past few years, and the payments industry has been restructured to provide more security and standard policies, Scott Strumello, associate analyst for Auriemma Consulting Group, tells PaymentsSource.
“Though it doesn’t eliminate the fact that attacks on card data could occur next, the era of being able to easily create fake cards has become somewhat of a distant memory,” Strumello says.
When Brazilian officials got the country’s rampant inflation under control, it did not take long for the economy to become one of the fastest growing in the world, Strumello says. As such, the payments industry as a whole advanced in Brazil, with standards being established for operating systems and fraud protection, he adds.
“Visa Inc. and MasterCard Worldwide have their fraud-protection standards in place in Brazil, as well as the Payments Card Industry security standards, so it is not a country lacking in that area,” Strumello suggests.
The hackers launched attacks against website pages for the Febraban, the title of the Brazilian banking federation. In addition, the hackers implemented “denial-of-service” attacks on website pages for Banco BMG, Banco Panamericano and Citigroup, both in Brazil and the United States.
Before those attacks, Anonymous Brasil took credit for shutting down services through websites at other major state-run and private-sector Brazilian financial institutions on Jan. 30 and 31, including Banco do Brasil SA, Itau Unibanco Holding SA, Banco Bradesco SA and HSBC Holdings PLC.
During the breaches, the hackers reportedly noted through a Twitter account they were not interested in stealing data or money from the banks. And the banks were quick to inform customers that no personal data were in jeopardy from the attacks.
Still, any type of breach within a bank website should raise concerns, Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs, the research wing of the Chicago-based fraud-prevention and risk-management provider, tells PaymentsSource.
“If a breach happens on an online-banking site, the attackers likely eventually gain access to the functions that can allow for the transfer of funds in and out of the affected accounts,” Percoco says.
Brazil has been aware of an increase in cyberattacks on banks the past three years, Trustwave indicates in a 2012 Global Security Report released Feb. 7 (
The Brazilian National Computer Emergency Response Team has evolved in the past five years as an agency to coordinate antifraud efforts and monitor incidents, the report notes. As a result, Brazil has more than 35 computer security incident-response teams in operation throughout the country.
Despite the recent ups and downs of the global economy, Brazil will remain one of the most attractive markets for growth in payments for the next few years, Zil Bareisis, senior analyst with London-based Celent, tells PaymentsSource.
“The fact that the payments industry has been significantly restructured in the last few years in Brazil, it also makes it an attractive market for new entrants and investors,” Bareisis says.
As such, the country’s financial institutions can expect an increase in breach attempts, Bareisis suggests.
Though it remains unclear why this particular hacking group has decided to initiate a series of attacks against Brazilian banks, Bareisis contends an increase in cyberattacks is always “something to be expected” in a fast-growing market where new companies make significant investments.
Fraud expert Julie Conroy McNelley of Boston-based Aite Consulting tells PaymentsSource that her research has revealed that card-issuing banks in South America fully follow PCI-compliance standards. In fact, the South American payments market has been “a great market for new fraud-technology platforms,” she says.
Quarterly earnings reports from payments companies reflect Brazil’s rapid rise as a solid payments market. Companies investing in the region routinely report increased sales and market growth in Brazil.
San Jose, Calif.-based VeriFone Systems Inc. reported record equipment sales in the Latin American market in last year’s fourth quarter, citing Brazil as a key to that growth (
A VeriFone spokesperson was not available for comment.
Besides staying current with preventive measures, companies involved in the payments industry in Brazil should focus on what happens in the wake of a data-security breach, Strumello suggests.
“There is a likelihood of cyberattacks on payments, so the legal infrastructure of Brazil would come into play in terms of what happens if systems are compromised, and who protects the consumer,” Strumello contends.
What do you think about this? Send us your feedback.
