Dr. Ismini Vasileiou, an associate professor at De Montfort University and director of the East Midlands Cybersecurity Cluster, discusses cybersecurity challenges related to the future of digital payments and online trading.
Digital payments are at the heart of today’s economy, but their rapid growth has made them a major goal for cybercriminals. Protecting payment systems is essential to maintaining consumer trust, protecting businesses and enabling ongoing innovation.
Digital payments are no longer convenient. They are the foundation of modern commercial. Mobile banking, digital wallets, contactless cards, and instant transfers have become part of everyday life. However, the speed and scale of this transformation also created vulnerabilities that criminals could quickly exploit. Cybersecurity is no longer inseparable from payments. Without strong defenses, there will be no erosion of trust, no escalation of fraud, or stalling of innovation.
This article explores the major cybersecurity challenges facing the payment sector, organizations prepare for evolving threats, the key role of industry-academia collaboration, and why solving cyberskill shortages is essential to ensuring the future of digital trading.
Increased cybersecurity challenges in payments
The rapid growth of digital payments has expanded its offensive surface in ways that even ten years ago could not have been imagined. Digital transactions provide speed and efficiency, but also create new opportunities for fraudsters to exploit.
Phishing is one of the most effective methods used by criminals. By guiding customers to reveal login details and one-time passcodes, attackers can easily bypass security controls and access their accounts. Account takeover scams are also a major concern. With billions of leaked credentials circulating on the dark web, criminals can use automated tools to test usernames and passwords on multiple systems until they find a match.
Beyond consumer fraud, payment providers face systemic risks. Many organizations rely on third-party vendors of services such as payment gateways, cloud infrastructure, and fraud detection tools. The weaknesses of any of these links can damage the entire chain. Supply chains are often less protected than major financial institutions, making them an advantageous entry point for attackers.
Recently, artificial intelligence has become double-edged swords. On the other hand, AI can help organizations detect fraud more effectively. Meanwhile, criminals are beginning to use AI to mimic real user behavior, making it difficult for the system to distinguish between actual and fraudulent activities. The very tools designed to protect us are reused to take charge of defense.
In short, threats are escalating on refinement and scale. Payments are attractive to cybercriminals because, by their very nature, they can be directly monetized to cybercriminals. The question is not whether attempts are made to violate the system, but how resilient they are in preventing and responding to them.
How organizations can prepare for cyber threats
The starting point for resilience is to recognize that compliance is not comparable to security. Regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and the EU’s Second Payment Services Directive (PSD2) set important baselines, but in itself it is not sufficient. Organizations need to embed cybersecurity in every layer of their payment system.
Strong authentication remains important. Using biometrics or physical tokens, Multifactor Authentication (MFA) adds a layer of defense that cannot be provided by passwords alone. Tokenization, which replaces sensitive card details with unique identifiers, ensures that data cannot be reused even if it is intercepted. End-to-end encryption further reduces the risk of compromise.
Equally important is real-time monitoring. Criminals move quickly and their ability to detect abnormal behavior in seconds rather than days can make the difference between stopping fraud and suffering huge losses. Machine learning models help flag anomalies, but these systems must be continuously updated, tested and remain effective.
Preparation is not just technical. Organizations also need robust governance and a clear incident response plan. Often, it is during live attacks when an organization first discovers weaknesses in its process. Regular testing, tabletop exercises, and red teams can uncover gaps and strengthen resilience before being exploited.
Finally, you cannot overlook consumer education. If an individual is tricked into leaking their credentials, even the securest payment system can compromise. Clear communication, timely alerts, and simple guidance will ensure that consumers act as additional line of defense rather than as weaknesses in the chain.
The power of industry and academia collaboration
These challenges cannot be addressed alone. Payment cybersecurity is a collective effort, and collaboration is important. Industry and academia each bring distinct strengths to this effort and when combined, can accelerate innovation and resilience.
Academic researchers can provide theoretical models, frameworks, and experimental approaches needed to tackle complex problems. For example, universities are developing new algorithms to detect anomalies in payment data and to study the human factors that lead individuals to fall into phishing scams. In contrast, the industry has access to real datasets, operational constraints, and the scale required to actually test the solution.
Joint projects can benefit both parties. Payment providers can try new fraud detection methods in a controlled environment, but researchers can gain invaluable insights from real-world feedback. This partnership will also be extended to policy. Academia can provide evidence-based analysis to shape national strategies, but the industry ensures that regulations are practical and align with operational realities.
The importance of such collaborations has been highlighted in recent UK initiatives. The initiative brings together clusters of businesses, universities and local governments to address local cyber resilience. These efforts show that collective information is stronger than isolated responses. Given the centrality of economic activity, payments should be at the forefront of such initiatives.
Addressing a lack of cyberskills
Even the most advanced technology and collaborative frameworks cannot succeed without the skilled professional designing, implementing and maintaining them. The cybersecurity industry faces a global talent shortage, and the payment sector is no exception.
This shortage manifests in two ways. First, there are not only qualified professionals to meet the demand. Second, the diversity of skills required is expanding. Technical expertise alone is no longer sufficient. Additionally, experts need to understand the regulatory environment, consumer behavior, and business risks.
Training the next generation of cyber experts is urgent. Universities, employers and governments all play a role in developing pathways to the sector. This is a theme that was also highlighted in my recent white paper, Cyber Workforce of the Future, which sets out a case of a unified classification of cyberskills and a new approach to education and training. Apprenticeship, job-based learning, and short specialist courses complement traditional degree programs and can provide multiple entry routes to cybersecurity careers.
Diversity is another important factor. The industry cannot afford to draw talent from a small demographic pool. Encouraging underrepresented groups to cybersecurity through mentoring, scholarships, or comprehensive recruitment practices will expand the pipeline and enrich the sector from a variety of perspectives.
Without a sustained investment in skills, the payments industry will struggle to cope with criminal innovation. Skills are just as important to resilience as the technology itself.
The future of secure digital payments
The digital payments revolution shows no signs of slowing down. As more transactions move online, risk grows in conjunction with opportunities. Phishing, account acquisitions, supply chain vulnerabilities, and AI-driven fraud all pose realistic and imminent threats.
To ensure payment, organizations need to go beyond compliance and embed robust cybersecurity measurements, including strong authentication, continuous monitoring, and tested response plans. Academia and industry collaboration offers powerful ways to innovate, test and scale solutions. However, this is not sustainable without addressing the lack of cyberskills that threaten the sector’s ability to protect itself.
Ultimately, protecting your payments means protecting your trust. Without trust, consumers are hesitant to adopt new payment methods, innovation slows down, and the digital economy is waning. Cybersecurity is not a technical aftermarket, but a foundation that requires you to build a future for payments.
Source link
