The following is a transcript of an interview between PaymentsJournal and Tia Ilori, VISA’s Senior Director of Global Fraud and Breach Investigations, at the Money 20/20 event:
PaymentsJournal
Welcome to the PaymentsJournal podcast. I’m your host Ryan Mac, and today’s episode was recorded at the Money20/20 event in 2019. Now during this episode, I’m going to be joined with Tia Ilori, who is the Senior Director of Global Fraud and Breach Investigations for VISA around hackers. But more specifically, we’re going to be taking a look at hackers’ motivations, how they’ve evolved throughout the years and a specific type of attack called ATM cash-out attacks. So without any further delay, let’s start the show.
So Tia, thank you so much for joining me on today’s episode. So you’ll be speaking about the evolution of hackers during a panel discussion at Money20/20. So how have hackers evolved over the past couple years?
Tia Ilori
Well, thanks, Ryan. So hackers, they don’t wear hoodies. They’re a cast of misfits and criminals today are sophisticated in talent funding, organization, and tactics. They’re increasingly backed by nation state actors and they use a combination of attacks that are leveraged concurrently against mainly financial institutions.
PaymentsJournal
Yeah, I think it’s always so interesting that there’s just that the stereotype of what a hacker looks like and how it is that they are in that dark room, with a hoodie, in their parents’ basement, and it’s just the one individual. But hackers really have kind of evolved to essentially kind of be an enterprise business and they almost run their operations as though a business would be in terms of like, “okay, here’s the risk, here’s the reward”, like “what am I actually going to gain from this?” other than just kind of “oh, I’m doing this for the sake of being disruptive.” In it, there seems to be more of a business purpose to a lot of these hacks that you’re seeing here. So now, as we’re taking a look at these new hackers here, what are their motivations? You know, are their motivations the same or have they changed over the years?
Tia Ilori
Yes, the motivations are the same and their goal is to steal money, but their approach and their methods are very different. They’re leveraging technology to scale and they communicate just like legitimate organizations, and they’re aware of advanced technologies, such as AI, to optimize these attacks. Most importantly, again,
They’re using a combination of high-tech and low-tech to facilitate their crimes. For example, ATM cash-out: these attacks are against financial institutions and the goal here is manipulating the financial network’s business logic errors. For example, a man in the middle attack that can insert malware to gain control of an ATM network to take over the roles that would have alerted the financial institution of nefarious activity on their network. They use a low tack, in terms of money mules, to physically withdraw money from ATMs all over the world.
PaymentsJournal
So now obviously, with you working at VISA, you have a ton of insight into this because VISA obviously sees a ton of data. So, from your standpoint, what should FIs do about this hacker problem?
Tia Ilori
So, traditional compromise detection works from the bottom up by analyzing fraud trends, businesses need to be more proactive and take up a top down approach to prevent compromises before the attack begins. Banks and financial institutions should remember that prevention is better than a cure.
PaymentsJournal
All right, now in our previous question here, you had talked about a certain type of attack here: ATM cash out attacks. So what does VISA do to help prevent those type of attacks?
Tia Ilori
So we have a suite of security capabilities that are built into our payment network that all VISA and clients enjoy as a benefit of being a participant or client. One in particular, as we said vital signs, actively monitor for transactions that are potentially fraudulent activity at the ATM that may be indicative of a cash-out. And to limit losses of financial institutions, VISA can coordinate with clients to step in and suspend them and malicious activity.
PaymentsJournal
No, interesting. I certainly think, you know, when you kind of really start to dive deep into the different methods and ways that hackers are using to steal money, data and information, you can kind of get sucked into this wormhole of it being like a really scary environment out there. So for our last couple of questions here, one, what do you want financial institutions to know about hackers in general and the relationship between financial institutions? Second, what are some final thoughts that you could give our audience around this subject?
Tia Ilori
So my parting thoughts are VISA has your back. As criminals innovate, so do we. We employ a multi-layered approach to fraud prevention by empowering consumers with tools to help prevent fraud. We also invest in intelligence and technologies, and we help by setting high standards of governance for payments. We also have a 24/7 risk operation center that is designed to support our clients’ existing capabilities and monitor for anomalous activity.
PaymentsJournal
Excellent. Well to thank you so much for joining me on today’s episode to talk about hackers and financial institutions and I hope to have you back on the podcast real soon.
Tia Ilori
Thanks, Ryan.
