Cybersecurity Insights

Richard Jones

Space Tourism: What Can The Payment Industry learn?

15/12/14 22:10

Space Tourism and Payments

The loss of the Virgin Galactic Space Capsule will go down in history as one of many tragic accidents that have resulted from man’s desire to push the boundaries of flight. If any industry possesses ‘bounce-back-ability’ then it’s aerospace. Indeed there is a lot that the Payments industry can learn from aviation when it comes avoiding the same mistakes being made twice.

Since the advent of PCI DSS, almost ten years ago, brand protection and user confidence have been fundamental pillars of its overall value proposition. Anything that serves to undermine confidence in card payments is clearly going to damage to the industry and the many millions of merchants who rely upon it. 


That said, the perception of the average consumer is that they have virtually no liability when it comes to card fraud and as such have little to fear financially in the event that their card is used fraudulently. So when the story of a large scale breach hits the headlines, it is questionable what impact it as on the industry at large. Clearly it is bad for the victim, both in terms of reputation, adverse publicity and all the associated costs of clearing up the mess, however to the industry as a whole I would suggest it remains very much business as usual.

Mistakes Are Meant For Learning, Not Repeating

Dare I say, it is pretty much the same in the world of commercial aviation. Whilst it remains statistically much safer to fly today than it ever has been and that air travel remains far safer than many other modes of transportation upon which we have come to rely, if something does go awry the level of coverage has and always will be immense. The fundamental difference is that the aerospace industry has rightly become obsessive about avoiding similar mistakes being made twice. The world of aviation accident investigation is renowned for its thoroughness and ability to collaborate in order to get to the root cause of an incident and learn lessons that can be effected across the industry. Be it pilot error or catastrophic component failure, the intelligence gleaned from an investigation will be communicated to all those who could be affected in the future. This can be via improved pilot training, changes to operational procedures, revised maintenance schedules, replacement of components or even grounding of particular type of aircraft until further investigation has been undertaken. In some instances such as the now infamous Icelandic Volcano of 2010, there is no accident, just a major vulnerability that needs to be prepared for, should it materialise again in the future. It’s more a case of what might have been, rather than what actually happened. The net effect is that every incident is analysed and assessed in order to underpin ongoing safety and confidence within an industry upon which the world has come to rely. And since our skies are also host to many light aircraft flown by private pilots, this side of the industry is similarly regulated and subject to professional and thorough investigations in the event of an ‘incident’ occurring.

Whilst anyone who flies is entrusting their life to integrity of the aerospace industry and all those who support and regulate it, the same is clearly not true of card payments. That said it doesn’t mean that payments can’t learn a thing or two when it comes to avoiding the same mistakes being made twice or as often appears to be the case, over and over again. It terms of industry evolution, the internet is a mere youngster compared to the aerospace industry, with Virgin Galactic building on 110 years of experience when it comes to powered flight. And for those of you who have for whatever reason read up on the subject of teenagers will appreciate, their brains are still developing when it comes to foreseeing risk, forward planning and assessing consequences. Interestingly enough that cerebral maturity often takes until the mid-twenties before it is complete. Ironic then that Tim Bernes-Lee is widely considered to have created the foundations of what is now the world wide web 25 years ago this month. So with this in mind it is fair to assume that where the aerospace industry has matured and now possesses a huge back catalogue of experience, payments exploiting the value of the internet are only just reaching maturity.

Utilising Intelligence For Proactive Defence

Having been at the forefront of Forensics within the world of payments, Foregenix has recently launched Serengeti, a tool that has evolved to provide a means by which acquiring banks can get a handle on the cyber risk within their merchant portfolio. Centrally deployed, the service can be used both reactively and proactively. To date, the onus has been of re-active deployment as part of an ongoing forensic investigation, serving to identify strains of malware that have been used to exfiltrate card data, extinguish them and identify and neutralise similarly affected hosts elsewhere within a merchant’s environment. More extensive, proactive deployment, will serve to defend other merchants from similar / emerging threats being effected within an acquirers merchant portfolio. Serengeti is in effect disseminating the lessons learnt from one incident and employing them proactively across the merchant community to help avoid repeat attacks occurring elsewhere. The consistent, universal deployment of what is in effect a sensor fine-tuned to payments environments sets it apart from the plethora of mainstream security solutions it serves to compliment.

Whilst I remain confident that Virgin Galactic will be a success, indeed others will almost certainly join them in building a profitable and sustainable industry around space tourism, it will not be achieved by pushing on blindly in the hope that ‘we’ll figure it out’. Success will be as a result of information sharing and collaboration relating to risk and the lessons learnt today and over many years of pushing the boundaries of flight!