These days we are living in a global economy where we can order practically everything on the Internet with a simple click and have it delivered to our homes. Digital payment solutions have reshaped our whole society – in many ways for the better. At the same time, though, this has opened up the path for criminal activity, such as card fraud and identity theft.
This is one of our most important issues – not only in terms of the data we process, but also the way in which we process it, what expectations our customers have and how we work to exceed them. This is also how we retain our customers, by delivering added value. If we can demonstrate to customers that they are safe with us, it will make their everyday lives easier and also give us a head start on our competitors. We will focus on being at the forefront of information security in the years to come and we have therefore made building up strong internal expertise in this area a priority.
Johan Ericsson, in his role as Head of the Information Security department at Entercard, has a clear expectation: that the data of the company’s customers is processed securely. Here he provides the answers to the most frequently asked questions about information security and how Entercard works with it.
Why is information security so important for Entercard?
“Entercard has been around for 17 years and security is in our DNA. The second that a customer loses confidence in security, there is a major impact on the entire financial sector. The customer’s view of the financial sector, whether a financial market company like Entercard or a bank, is that the assets they have must be managed securely, just as their data and chosen payment methods must be secure. There is no competition on this score – everyone has a genuine interest in working together for a secure financial industry.”
How does Entercard work with information security?
“We provide annual information security training to ensure that the company’s employees are aware of the various threats that exist and of customers’ expectations. We are also handed new requirements by the legislators, which our employees need to bear in mind. Our employees are our greatest asset for protecting our customers’ information.”
“Entercard tracks developments within information security and ensures that we have a focus on security when developing applications and web-based solutions, such as our online banking. We perform security tests that simulate attacks against our applications. These attacks correspond to what a hacker can do but they are carried out by people whose job it is to do this in consultation with us here at Entercard.”
“As well as testing our applications and websites, we also carry out phishing email tests, which are designed to ascertain in a controlled manner whether Entercard’s personnel have a good awareness of the threats and risks from phishing or social engineering attacks. Social engineering attacks are a type of fraud where a person pretends to be someone else in order to manipulate another person into disclosing details that can be used in further fraud attempts or to obtain money. Our training courses teach Entercard’s staff more about the guises that these fraud attempts may take so that they are able to identify and avoid them, should we be exposed to such actions.”
How can a company work successfully with information security?
“A few years ago, information security issues were expected to be a matter solely for the IT department. Today, our security work begins with the management. Training staff is one thing, but if the management also shows that they take these issues very seriously, this sets the bar for our ongoing information security work.”
What can customers do to protect their assets and personal data?
“Be careful and think twice when using your cards. If something looks odd or if you see strange error messages, get in touch with us. If your gut feeling is telling you that something is not safe or is different from what you are used to, it is better to call us once too often than not to call the one time when it counts. Once you have alerted us, we can then also be ready to monitor your accounts – it makes things easier for you the customer as well as for us.”
How do you see the future of information security?
“Fraud attempts will increase, as criminals have more advanced methods – particularly if the customer has significant funds available. We therefore need to be better at analysing buying patterns and customer behaviour. In other words, we need to be even better at following up transactions and establishing a picture of the customer’s normal purchasing habits.”