Secure payments

15 March 2017

Worldpay is a behemoth in the world's payment industry. Every day, the group processes more than 30 million online payment transactions via point-of-sale terminals, smartphones and computers. The Växjö-based subsidiary Worldpay Sweden primarily focuses on card payments for poker sites an online casinos.

 

Security is absolutely business-critical, and the transactions are monitored minute-by-minute, 365 days of the year. "When companies like ours handle money, they have to be prepared for all forms of cyber threats," says Tobias Axelsson, CSO of Worldpay Sweden. Yet, he is not alone when it comes to assaying these threats. He and around 20 colleagues work at the office in Växjö with the development of payment systems in order to prevent potential security breaches.

 

Cooperation with Europol, MI5 and the CIA

All security managers at Worldpay attend regular meetings to keep abreast of the security situation, share experiences and update each other regarding that taking place in the area. And, if required, there are even more powerful resources at their disposal.

 

The group cooperates closely with the British intelligence service MI5, Europol and America's CIA. Among other things, they assist in criminal profiling. This work is invaluable to us in extortion cases, where they assist us in determining the likelihood of a threat being carried out.

Tobias Axelsson, CSO of Worldpay Sweden.

 

 

When Worldpay receives international threats, it is imperative to determine which of these should receive additional attention. In addition to criminal profiling, the organisation's security technicians have learnt to distinguish between empty threats and those that may pose greater risk.

 

 

One of the things we try to figure out is whether the perpetrator has specifically researched us as an organisation. If so, it is fundamentally more serious, since they have dedicated more resources than those who send out a flood of emails. For extortion cases, we have also developed a method of appraising the demanded sum in relation to the threat. This provides insight into how professional and experienced the perpetrator may be.

Tobias Axelsson, CSO of Worldpay Sweden.

 

Customer perspective

On the whole, Worldpay devotes a great deal of time to rooting out weaknesses in the software programs. Sometimes, a patch or rewrite to eliminate the weakness is not good enough, and the entire program must be replaced. This is not always simple or straightforward, since Worldpay, as a payment processor, is stringently governed by security standards and certifications. 

 

 

Furthermore, we must see things from our customers' perspectives. We may not be able to replace a program if an end-customer, such as a poker player, uses an older, incompatible device. Our customers, quite simply, will not accept this, because they know that the poker player will switch to a different provider. No one in the industry wants to lose customers.

Tobias Axelsson, CSO of Worldpay Sweden.

 

 

Notwithstanding, security is one of Worldpay Sweden's strongest competitive advantages.

 

 

We devote massive resources to security, certainly ten times more than the average company, and customers have faith in us owing to our exemplary track record. But this also means that we cannot become complacent. All it takes is a single intrusion to destroy customer faith in our company, and this may take years to repair.

Tobias Axelsson, CSO of Worldpay Sweden.

 


In light of this, transactions need to be monitored day and night. Fraud or intrusion attempts must be detected early. And Worldpay Sweden has opted to outsource this to their Växjö neighbour: Combitech's Security Operations Centre (SOC).

 

Time for the most critical security issues

An advantage of outsourcing round-the-clock monitoring is that it leaves time for the company to focus on organisational matters, which everyone, including Tobias, values greatly.

 

It means that I can spend more time on the best parts of my job, like HR. Many companies forget that this is one of the most important security issues.

 

Stressed-out workers can make mistakes. This may involve neglecting procedures, disseminating information over the phone, inserting an unfamiliar USB drive or, in the worst case, consciously doing something that can damage the company.

Tobias Axelsson, CSO of Worldpay Sweden.

Hans Danielsson

Business Area Manager

hans.danielsson@combitech.com

+46 (0)13 18 00 17

Other news

29 October 2020

How do you know if your system is secure, if it has never been tested?

Combitech contributes to a safer and more secure society. An important part of this work is performed by our penetration testers. Their work is to simulate hacker attacks in order to find vulnerabilities and weaknesses in networks and systems. Three of Combitech’s sharpest pentesters, Christoffer Olsen at Combitech Denmark, Michael Johansson at Combitech Sweden and Olav Sortland Thoresen from Watchcom in Norway explain what they do, how they do it and why their work is vital to many companies.

3 April 2019

A Holistic Approach to Cybersecurity

The capabilities and motivations of attackers to go after operational systems in infrastructures critical to society’s resilience are omnipresent. But these sectors are traditionally not prepared to deal with such security threats. It is time to wake up!

21 November 2018

Your organization is “GDPR compliant”, but do you perform penetration tests?

Today’s organizations are facing an ever-expanding set of legal and regulatory compliance requirements regarding how they must handle sensitive information, how they must ensure the resilience of their digital processes, and how they must protect the privacy of individuals. Organizations must not only operate within legal and contractual boundaries but do so in a way that creates the business value that their stakeholders expect of them.

Want to know more?