The Seasons Are Changing (And So Are Fraud and Regulations)
Monday, November 13, 2017
If you smell the air, you can sense the seasons changing; a little crispy cold moving in suddenly, the leaves are reddening and the winds of Faster Payments and PSD2 are kicking up. Smooth transition, right? So, yeah, seasons change, and so do regulatory regimes. In the US, we’ve been largely left to our own discretions about how to run our fraud shops, with some regulatory oversight regarding disputes handling. Historically, financial institution processes around authentication and fraud monitoring (including analytics and strategy) could be anything or nothing, depending on an institution’s risk appetite. Like the seasons, this might be in transition.
Winds of change blowing from Europe
The approach is at least surfacing in Europe, where the Payment Services Directive 2 (PSD2) is mandating some minimum requirements for high-risk transaction monitoring if a payments player wants to get between banks and merchants. This innovative mandate will place minimum requirements to ensure that there are minimum requirements for fraud strategy; that strong (two-factor) authentication will underpin transactions, and it specifies the thresholds to which controls will be applied. It does not mandate machine learning, or biometric authentication, but rest assured, these elements are going to be heavily favored. The regulations that are there, however, will have teeth, and monitoring is mandated.
PSD2 has the potential to be hugely disruptive to the legacy banking business models, and it sets a very serious precedent on floor standards for future technologies, regardless of the channel. In the US, we have our own Secure Payments Task Force (convened by the Federal Reserve), with one of the tasks including the evaluation of future recommendations in payments to ensure that payments security is up to the standard of the western world. Yes, recommendations are not regulations, but if we are going to move to Faster Payments, and both understand and mitigate the risks associated with mobile wallets, we need to be sure that we do it right and not compromise the security of all stakeholders when recommendations are published.
So, while regulations may not be immediately forthcoming, best practice recommendations for the industry might be the first step in that direction, acting as a stopgap for a very compliance-sensitive industry. That means that if a regulator sets foot onsite, sees a significant control deficiency and identifies it as a safety and soundness risk, it could be a finding.
Combine that with the influence that PSD2 will bring to our shores in the US, and you can see the setup. Control standards will not be so isolated in the future, payments risk containment standards will jump geographies via multinational organizations, there will be cross-pollination of best practices, and vendor competition will ensure that everyone has a machine learning strategy and biometric/two-factor authentication out of the box. The seasons do change, so we should welcome it. Embrace this change and see the upside in the prism of colors that the leaves bring. Put a fire on and warm yourself, winter is coming!
Related Blog Posts
SCA: How PSPs Can Help Merchants Stay One Step Ahead
The main objective of PSD2’s Strong Customer Authentication (SCA) is to protect customers and reduce fraud by introducing new measures that ensure that customer-initiated transactions are being made by the genuine cardholder.
The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
Global Fraud Landscape Evolving Quicker Than Ever – What Banks Need to Know
In the fraud prevention and cybercrime world, we often talk about fraudsters as the ultimate opportunists – looking for any weakness in a system that can be exploited. In recent years, as technological systems have advanced, fraudsters have increasingly turned to ”social engineering” to achieve their goals. Basically, hacking the person rather than hacking the system, as humans become the weakest link in the chain.
Predicciones de fraude para el 2020: Qué esperar con la rápida evolución del panorama de pagos en América Latina
La industria de pagos en América Latina está experimentando diversos cambios en varios segmentos a medida que la población de la región está cada vez más bancarizada y comienza a usar pagos electrónicos. Aunque el efectivo sigue siendo la forma de pago dominante, los gobiernos han impulsado los pagos electrónicos a través de la regulación. Esto ha asegurado que la aceptación y el crecimiento del pago con tarjeta hayan aumentado constantemente, han aparecido bancos digitales en diferentes países y el comercio electrónico ha aumentado significativamente.
Previsões para fraudes em 2020: O que esperar com o cenário de pagamentos em rápida evolução na América Latina
As violações de dados que envolvem dados de pagamento dobraram no ano passado por várias razões - falta de inovação em segurança, prioridades corporativas equivocadas e fraquezas nos portais de desenvolvedores, para citar alguns.
9 Holiday Preparedness Tips to Stay Protected from Fraud in 2019
The hustle and bustle of the holiday season often makes it difficult to prioritize consumer safety, especially when it comes to eCommerce and mobile devices. But with the growing threat of identity theft and other security concerns, it’s more important than ever to stay on top of consumer protection. After all, brand reputation and trust can take years to build, but all can be lost in a matter of minutes.
How to Survive Black Friday and Cyber Monday… and Provide a Great Consumer Experience
As Black Friday and Cyber Monday approach, shoppers and merchants alike await amazing deals and a welcome boost in sales, respectively. I took a moment to speak with two of ACI’s merchant payments and fraud experts, Andrew Marshman (merchant payments lead, Europe) and Erika Dietrich (VP, Global Fraud Prevention Risk Services) about what merchants need to know as they head forth into one of the biggest shopping seasons of the year.
Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.
2020 Fraud Predictions: What to Expect Across the Globe as Cybercrime Evolves
Our payment experts take stock of the trends that shaped 2019 and make their predictions for where they see the industry heading in 2020.
I sat down with our own fraud experts, Marc Trepanier, principal fraud consultant for North America, and Giselle Lindley, principal fraud consultant for APAC, to get their thoughts on what we can expect in the year ahead around payments fraud.