Global Payment Firms Hold First Cyber War Game 

(Bloomberg) -- Global payment companies held their first joint cybersecurity war games to test their systems’ readiness for simultaneous attacks, uncovering differences in their defenses including even how to define a crisis.

JPMorgan Chase & Co., Mastercard Inc., WorldPay Inc. and Fidelity National Information Services Inc. were among the 18 payment processors from the U.S. and the U.K. that took part in the exercises, which were held Friday at IBM’s test center in Cambridge, Massachusetts. Some of the findings, which will be disclosed at a conference in Atlanta Wednesday, were shared with Bloomberg News in advance.

Financial firms have led spending on cybersecurity as high-profile attacks exposing customer data and theft of funds raised pressure on the industry. Executives and regulators are concerned that a systemic attack on the plumbing of the financial system could disrupt the global economy, and cooperation between the industry and government agencies is increasing.

“We put competitors in the same room together, which initially they were hesitant to do,” said Rob Johnston, head of operations at FIS and one of the organizers. “But they realized pretty fast how valuable such a gathering is. When there are multiple breaches in an organized attack, it’s better to coordinate the response.”

The participants discovered that they had varying definitions of a crisis related to breaches as well as differing approaches in how they reach out to law enforcement. Agreeing on a common definition and streamlining cooperation with government agencies will be goals for the payments industry, Johnston said. The sector will also seek a more formal way of sharing information on threats, he said.

Some of the payments firms are members of the Financial Services Information Sharing and Analysis Center, known as FS-ISAC, a forum for banks, broker-dealers and insurance companies to share data on threats. Banks and brokerage firms have been holding cyber war games regularly since 2011, testing the U.S. capital markets’ readiness for attacks.

©2018 Bloomberg L.P.