To build a beneficial ecosystem for a cashless economy, it is clear that it is impossible to recover something that was not created in the first place. Lack of system-level audit trails generated at the time of transactions can scuttle a cyber-forensic investigation. Cyber forensic efforts are enhanced only if the organisation has suitable audit trails and logging mechanisms established in its business environment. The evolving face of cybersecurity attacks such as web application attacks, ransomware, reconnaissance, and distributed denial-of-service (DDoS) make cyber-risks a new reality.  DDoS hacktivists have disabled the State Tax Inspectorate, the airport, the Supreme Court, and Rail and Bus transport in Lithuania.

Increasing penetration of smart devices, ubiquitous connectivity, authentication using biometrics, adoption of cloud technologies, the Internet of Things (IoT) and artificial intelligence (AI) are fashioning the future face of electronic transactions and cyber security. To establish a sound framework for cyber risk management that protects digital payment infrastructure, stablecoins and e-Wallets, bureaucracies and boards of private companies must set up cyber security mechanisms.

The shifting risk posture of citizens with cybersecurity concerns has led to the implementation of guidelines that strengthen confidence in digital transactions. Cyber self-defence is a principal challenge facing stakeholders of the digital payments ecosystem. With an upsurge in users preferring digital payments, the possibility of exposure to cybersecurity risks that include online fraud, information theft, and malware attacks has escalated. A robust regulatory framework, effective customer redressal frameworks, security measures that build consumer and merchant confidence and trust, incentives for larger participation, and benefits similar to cash transactions like the ease of use, broad acceptability, inexpensive transactions, expediency, and instantaneous settlement are now the linchpins of a robust digital payment ecosystem.

To establish culpability and for law enforcement agents to adequately identify, trace, collect, extract proofs, and preserve chains of evidence in a manner that is presentable and acceptable in a court of law, the digital payment ecosystem must feature and implement data indexing and analytics systems that aid in classifying information, trend analysis, keyword searches and visualizing outlier data elements. All of this requires building data analytic capabilities that can handle increasingly large volumes of data that may be best stored in remote or offshore jurisdictions.

Fraudsters have been evolving alongside international laundering syndicates. But so too have detection methodologies and technologies for preventing, detecting, and responding to cybercrime. These advances allow forensic technology investigators to perform deep collection dives and analytics that scaffold: 1) Collecting evidence using hard disk images, mobile phone images, server/desktop logs, and firewall/security appliance logs in a forensically sound manner; 2) Recovering deleted evidence from systems; 3) Analysing data to identify traces of fraud and its sources; and 3) Presenting the evidence in a manner that conforms to the rules set out in legislation like the Electronic Transactions Act, that deal specifically with electronic documents, electronic records, electronic signatures, and the storage of information in electronic formats.

Tracing is possible through detailed collection, preservation, and analysis of evidence using the crumbs left behind in the data content and logs during intrusions that may have resulted in the loss of data. People are the weakest link in the security architecture. Security, therefore, remains a shared responsibility of organizations, platform providers, as well as the users of all interfaces. Apart from systems logs and user identity details, digital forensic evidence would be constructed using data threads from telecom and internet service providers, and cloud service providers including GPS coordinates, for effective spatial and temporal analysis of nefarious activity by internal and external actors.  It is difficult to test hypotheses without audit trails to substantiate the analysis. Cybersecurity and securing digital payments infrastructure is of grave concern for Neobanks, Challenger Banks, payment platforms, and digital currency providers.

The spiralling growth of breaches, and digital payment fraud are worrisome. Firms accept that an effective cybersecurity strategy includes: 1) Development of a Cyber Fraud Risk Management Policy Framework that includes incident management protocols, enhancement, and assessment; 2) Cyber fraud controls design and review; 3) Continuous monitoring systems; and, 3) Cyber forensic incident response and investigations. In addition, monitoring technologies, verification of transactions, and dual-factor authentication for all transactions should be configured, as well as instant detection of fraudulent transactions and quick deployment of countermeasures and corrective controls.

Digital payment ecosystems are evolving across Latin America and the Caribbean alongside digital and technological advancements. The value chain of the total ecosystem is huge, and enlarging exponentially. This exposes the region to myriad cybersecurity risks. A key variable is multiple data interfaces across a product. Products are required to have multiple interfaces with other applications. The result is that many products have multiple Application Program Interfaces (APIs).

There is therefore a high possibility that these APIs may be exposed to untested/untrusted interfaces, which may lead to compromises of security measures. Another compromise emanates from third-party service providers. Unlimited information exchange occurs with third parties. Security here turns on the strengths of the weakest link in the chain. Finally, the unboundedness of the ecosystem is actual.  Having no perimeter, the ecosystem is large with multiple data interfaces, devices, and systems. This has created an undefined perimeter for the environment.