PayPal CEO offers sobering view of cybersecurity threats
GRAND RAPIDS, Mich.—Credit unions and other financial institutions have long been concerned about fintechs cutting FIs out of the banking equation, but the CEO of PayPal assured credit unions that his company views them more as partners than competitors.
Speaking during the Michigan Credit Union League’s Annual Convention & Exposition here, PayPal President and CEO Dan Schulman told the crowd that his company has made the choice to be “a customer champion,” in part by allowing PayPal users to select how they route transactions through the payments provider.
“We’re not trying to steer anyone, we’re just trying to be a great payments ecosystem,” Schulman said, adding that when the company introduced that kind of choice its stocks went down 9 percent the following day (though have since risen by more than 50 percent). And while a great many credit unions have implemented Apple Pay, Schulman worked in a dig at that competitor, noting that Apple takes 15 basis points from every transaction, while PayPal is focused on “being a neutral third-party platform.”
In spite of Schulman’s reassurances, however, his presentation gave CU observers plenty to keep them awake at night.
“There are two types of organizations in the world – those who have been hacked and those who don’t know they’ve been hacked,” Schulman told the crowd. “The average American business is attacked millions of times per year from a cyber[security] or malicious malware basis. The average financial services institution is attacked over 1 billion times a year. The U.S. Postal Service was attacked 4 billion times last year. They don’t even have interesting information, by the way, but what they do have is a back door to the rest of the government.”
More than 81 trillion emails were sent last year, he offered, and one out of every 131 emails contained malicious malware. More than 430 variants of malicious malware were introduced into the world last year. While just about 80 percent of attacks come from hacktivists, 18 percent are from cybercriminals looking for personal information like financial and health records that can be sold on the dark web.
“There are huge amounts of money to be made from doing this and they are very organized and very good,” said Schulman. “They are 18 percent of the attack vector and they’re 15 percent successful, but they don’t stop – and they’re probably better than most consumers. And if you don’t have professional IT people in your organization, they may be better than you.”
The final 2 percent of the attack vector is state-sponsored, with actors such as China, Russia, Iran and North Korea attempting to gain intellectual property.
“State-sponsored attacks are 98 percent successful – it’s very hard to defend against that,” he said. Schulman is the chairman of Symantec, one of the cybersecurity firms to reveal North Korea as the alleged perpetrator of WannaCry.
'A moral obligation'
While those statistics may be frightening to some, Schulman said “it is essential that we understand what the bad guys are doing, what attack vectors they’re using, and how it impacts” consumers and businesses.
“History is not on our side,” he added. “because of what’s happening in technology, 40 percent of businesses will go out of business within the next five years.” That’s particularly sobering for credit unions, where the number of institutions nationally has shrunk by 32 percent in the last decade (and shrunk by 35 percent in Michigan during that period), according to statistics offered by Michigan CU League CEO Dave Adams.
In order to survive, said Schulman, institutions – particularly financial institutions – must be willing to change their business models and adapt to how consumers do business.
“There is going to be more change in financial services in the next five to seven years than occurred in the last 30 or 50 years,” he predicted, noting that basic financial transactions can be done via mobile device for as much as 80 percent cheaper than using existing branch infrastructure.
“I call it the democratization of financial services, where managing and moving money should be a right for every citizen – not a privilege for the affluent,” he said. “If you can think about reimagining financial services in a world of mobile and software, that is what we need to think about in terms of serving underserved populations together.”
MCUL’s Adams noted that the Michigan League and CU Solutions Group are working together with PayPal on a P2P payments product for credit unions.
Schulman praised the movement for its efforts at increasing financial services access for underbanked consumers.
“Fifty percent of Americans basically run out of money before the month ends – that’s a huge issue,” he said. “This is not about solving issues for the fringes or low-income or the poor; this is not just about them, it’s about the middle of America. Only 40 percent of the population can afford to put away any savings; 60 percent cannot. This needs to be a moral obligation for the private and public sector to come together to serve.”