Hello Soda talks to Jason Ross, NCC Principal Technical Consultant blog

Online payment security is of huge importance, especially now with new PSD2 regulations in place. We recently spoke with Jason Ross, principal security consultant at global cyber security expert, NCC Group, to ask for his view on payments security and ID verification. 

Here’s what Jason had to say…

Q. What are the biggest issues in the payment space?

“Dealing with fraud is certainly one of the most pressing issues when it comes to online payment systems, so it’s vital that organisations are properly securing customer data. It’s becoming increasingly difficult for organisations to store information in a way that streamlines the consumer journey while remaining secure.

Q. How do you prevent these issues?

“The best way to prevent these issues is to rigorously test online payment platforms to identify avenues that potential attackers could use. It’s then up to the website developers to patch any vulnerabilities where necessary in order to ensure that customer information remains secure.”

Q. How do you see this area evolving?

“Security within the online payments space will evolve as more organisations begin to develop products that have security built in. The next generation of developers needs to be aware of the importance of secure coding practices to ensure that products are built with security in mind from the outset. This will prevent organisations being able to rush out minimally viable and poorly secured products.”

Q. What are the biggest issues in biometric identity verification systems used for payments technology?

“As super high definition cameras become increasingly common, it’s far easier for attackers to access photos that can be used to unlock phones. For example, an attacker could take a well-positioned photograph of a target’s hand, and use that to create a 3D-printed model that could unlock their phone, or other devices.

“Testing these new types of identity verification systems in the future is going to require access to specialised hardware or software such as 3D printers or voice-synthesis devices. It may also require advanced knowledge such as how retinal vein patterns are used when interacting with a retinal scanner.”

The Hello Soda View

We fully agree with the need to streamline customer journey while simultaneously ensuring security within it. And agree with the need to test systems as frequently as possible.

Our KYC flagship solution ProfileiD, is a way for companies to streamline the customer journey, by offering ID verification through social authentication, meaning a simple friction-free step in the customer journey that takes seconds, and removes the risks of traditional IDV.

Biometric security is really important to us (as well as fascinating!). Our BioMatch facial recognition software encrypts all data, and nothing is stored on devices or the cloud, in order to protect PII. It also offers liveness test to mitigate against spoofing and fraudulent attempts, if this level of security is needed.

If you’d like to know about our Identity Verification solutions you can get in touch and book a free and hassle-free demo here.  

We believe in testing systems continuously, and look forward to having NCC test our systems again soon.

Thanks for those insights Jason!

About The Experts

NCC Group exists to make the world safer and more secure. As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.

With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.

To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.

With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore. You can visit their site here

The views expressed in the above comments do not represent or imply endorsement by NCC Group or its employees.


Look out for our future instalments of ‘Hello Soda talks to’, for quick and highly qualified insights from industry leaders…

Subscribe to our monthly newsletter
Be the first to get latest updates, news, tips & guides
straight to your email inbox.