Financial tech innovations such as peer-to-peer (P2P) payment apps and digital wallets have introduced convenient new ways to execute financial transactions, but they have also opened up new doors for cybercriminals to take advantage.
With that in mind, a newly announced three-year research partnership between the Federal Reserve Bank of Atlanta and Georgia State University’s Evidence-Based Cybersecurity Research Group (EBCS) will examine the tactics and techniques that fraudsters are leveraging to abuse online payments.
"I don't think it would influence Federal Reserve policy, but what it might do is influence the industry to take additional action through our existing venues and our ability to share the data,” said Trish Supples, advanced subject matter expert in the Retail Payments Office at the Federal Reserve Bank of Atlanta. That's the goal: to make this useful, to amplify the findings, to be able to influence and inform.
Supples spoke to SC Media in an interview alongside EBCS Director David Maimon, who said his research team would study the modus operandi of cybercriminals operating on the dark net and other encrypted channels, as well as the different types of fraud exist across various platforms – and how they evolve. “[We will] try to monitor as many encrypted platforms that we already have presence in, and increase presence on other platforms to identify trends using tools we have and approaches we developed,” he explained.
While first and foremost known the central banking system of the U.S. and a payments network operator, the Federal Reserve is also tasked with supervising technology service providers, and researching the design and inherent risk of payment systems.
“In Atlanta specifically, we have a strategic priority focused on promoting safer payments innovation,” said Supples. “We are very interested in emerging technologies and the impact that they might have in many areas across the payment spectrum – because one of the Federal Reserve's missions in relation to payments is to promote a safer, more resilient, efficient payment system, that's accessible.”
The EBCS, meanwhile, is composed of an interdisciplinary group of scholars, criminologists, sociologists, psychologists, computer scientists and IT tech specialists who examine the efficacy of cybersecurity solutions and policies against digital threats, as well as how human behavior factors into cybercrime, both from a victim and perpetrator perspective.
“We integrate our understanding of how the tools work along with understanding how the human within the ecosystem operates,” said Maimon. “We [focus on] all those important junctions, understand what works and what doesn't, [and] integrate knowledge about both technology as well as the humans who interact with technology – with the goal of really guiding policies and facilitating a more secure cyberspace.”
The research will cover such innovations of interest as P2P payments, mobile payments, digital wallets and central bank digital currencies – nationally sponsored cryptocurrencies that, unlike Bitcoin or Monero, would serve as a legitimate substitute for a country’s official currency. Moreover, it will look at cybercriminal activities related to circumventing identity and authentication mechanisms for these innovations, including the development of synthetic identities, identity theft and account takeovers.
Perhaps the researchers may even uncover schemes that were previously unknown or underreported. “The value of what we bring at the end of the day is identifying trends as they emerge… but we believe that we'll be able to identify new types of fraud when they emerge,” to then be able to alert the industry as a whole,” explained Maimon.
Such discoveries would no doubt prove useful to the financial services community at large.
“Given the rapidly changing payments solutions and technologies around the world, we commend the effort by the Atlanta Federal Reserve and the Georgia State University to better understand the emerging cyber risks associated with the new payments realities,” Steve Silberstein, CEO of FS-ISAC, remarked to SC Media.
The partnership between GSU and the Atlanta Federal Reserve formed after Supples had watched Maimon give a presentation on the dark web at an employee event.
“It started me thinking: if this is happening on the dark net and there's an immediate availability of EBCS to… survey this activity, could we as a Federal Reserve System get a pipeline into what's going on in terms of visibility into the trends, and use that to inform some of our own work and research, and also try to help share that with the industry?”
This resulted in a short pilot program between the two organizations – one designed to examine the effects of COVID-19 on the criminal marketplace around U.S. Treasury check fraud and SBA loan fraud. The pilot was successful enough to justify greenlighting the more long-term cybercriminal study.
Past research from the EBCS includes an examination of public Wi-Fi dangers and deceptions, and the progression of online fraudulent events, including the use of social engineering tactics.
“This partnership with Georgia State University will help the Federal Reserve System and the entire payments industry understand fraud from a different perspective and lead to better solutions and operational practices around payments innovation,” said Cheryl Venable, chief of payments operations for Federal Reserve Financial Services, in an online statement. “The effort will capitalize on, as well as advance, the Atlanta Fed’s expertise as a payment network operator, supervisor and researcher.”