MODERN APPROACHES TO PROVIDING INFORMATION SECURITY OF PAYMENT SYSTEMS AND THEIR CYBER PROTECTION

Abstract

The article analyzes the domestic and international approaches of scientists and financial institutions regarding the interpretation of the concept of payment systems and proposes the author’s interpretation of this category as “an organizationally formed set of system participants and the relations between them regarding the transfer of funds based on recognized legal norms at the level of sovereign countries or at the international level. The peculiarities of the payment systems’ functioning and the possibility of taking into account the international standards for the exchange of financial messages ISO 20022 in the payment infrastructure of Ukraine were analyzed, which will allow to harmonize the Ukrainian payment area with the world, to expand the details of payments with additional information, to increase the level of service and efficiency of payments, to enrich the functional content of payment instruments for the benefit of banks and their customers, increase the level of automation of payments. It was determined that the area of the payment systems’ functioning belongs to the risky spheres of activity. The typification of the payment systems’ risks of banking and non-banking institutions, determined by the regulations of the National Bank of Ukraine, defines such types of risks as legal, payment, operational, systemic and financial risks. It is substantiated that the basis of the effective functioning of banking institutions in conditions of uncertainty is the identification and management of risks inherent in banking activity. At the same time, the emphasis is on the fact that a component of operational risk is such a type of risk as cyber risk, which is considered as the risk of realizing cyber threats to information resources and/or information infrastructure, as well as the consequences of such events. Because modern payment systems are intermediaries in the movement of funds, and therefore are at risk of negative influences, challenges, threats and dangers, which can lead to damage to the national interests of states, it is proposed to consider cyber risk as a separate type of risks of the payment systems’ functioning. In order to prevent, detect, respond, absorb cyber risk, and ensure adaptability and the ability to restore the payment system, the central bank of the state should increase the level of information security and cyber protection in the field of funds transfer. The information security policy of banks must be constantly supplemented and changed in accordance with the specified set of criteria for assuring information security.