Fraud Awareness Month Canada – Return of the Lost and Stolen (and Authenticating Wearables in Canada)
A couple years ago, I penned a blog post to commend the Canadians on what made their culture so resilient to fraud that it developed the lowest fraud rates in the Northern Hemisphere. It got a bit of circulation and created significant positive feedback. This time, I would like to bring awareness back to Canada about a potential threat as it relates to the increasingly popular Tap payment channel.
As smartphones and wearable devices continue their exponential growth in Canada and globally – it’s expected to be worth $34 billion by 2020 - Canadians will need to be wary of this convenient card-based (or alternative NFC wearable device) service.
Tap payment allows Canadians to casually pay for smaller transactions using their devices without attempting a more involved and, yes, ultimately more secure Chip and PIN transaction. However, a fraud type we had almost exhausted in recent years, known as Lost and Stolen, could become a threat. Lost and Stolen had been considered so marginalized as a fraud type by a menacing brother fraud type: Counterfeit. The fraud on counterfeited cards, which is exposed at merchants through skimming events, became the most significant threat experienced by most consumers and was the prevailing problem that Canada had largely pushed beyond the border. As wearable payment devices and friction free (sans PIN) authentication options continue to proliferate, Lost and Stolen will be an increasing typology affecting issuers.
Perhaps it’s Canada’s own success at bringing debit card fraud to such a low rate that has resulted in consumers’ over-weighted sense of security, convenience and a habituation with their primary consumer payment device, the humble EMV Chip and its PIN companion. However, the initial path that brought Canada here was the dedication to deploying EMV’s cryptographic technology with significant enforcement, which mandated a PIN with the transaction. Relaxing the effective authentication controls for the Tap product means that below a threshold amount, typically less than $200, does not require a PIN, and the card or wearable NFC device itself is enough to authorize a transaction at a merchant’s point of sale. The residual here is that it’s not the amount, it’s the frequency, and residual Counterfeit cases are now a mere fraction of the counts of Lost and Stolen.
Cards and wearable payment technologies are frequently and casually left accessible to those who seek to abuse them. Payment devices must be guarded just as much as a wallet that contains debit and credit cards. When consumers leave payment devices in unlocked parked cars, or on open desks at work, without sufficient physical security, it creates an opening for opportunistic fraudsters, where simple car prowlers in the neighborhood can become an entry level fraudster.
Again, there is a ceiling on the amounts that reduce risk, but the inconvenience of having one’s card lost, filing a fraud case, or replacing the card, can be a stressful event and reduce confidence in electronic payments. Further, in the larger picture, the behavior we are seeking to reduce and bring awareness to is easy to remedy: focus consumer behavior to continue to treat plastic cards and NFC devices like the payment products they are. Create programs to bring awareness to secure them, or increase authentication requirements to two factors in every transaction, perhaps significantly lowering the amount threshold for PIN requirements that aligns with the PSD2 thresholds across the pond (50 Euro/transaction).
Part of Canada’s notable achievement in reducing card fraud and creating a culture of awareness was an altruistic commitment to protecting its citizens and financial ecosystem, which is truly admirable. This year, for fraud awareness month, I want to implore all stakeholders in Canadian payments to take steps to continue to eradicate all fraud types in the great white north.
I’ll be presenting on this topic and many more like it at the 2018 ACI Exchange Conference in Denver…hope to see you in May!
Related Blog Posts
Why its Never Too Late for Women to Join STEM Professions
With ACI’s fourth Coding for Girls Camp coming up on April 21st, ACI’s Sampy Gajre, senior recruiter and an eternal advocate for women in tech professions, talked to us about the challenges and opportunities for women in STEM (science, technology, engineering, mathematics) professions. She shared with us what organizations and communities can do to help encourage more women to join the field, and why it’s never too late to follow your passion.
The Next Stage of Real-Time Payments Evolution is Here
Fragmentation resulting from multiple Pan-European Immediate Payments schemes is a challenge, but solutions exist
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.
The Climate, Weather and Payments – What the Winds Tell Us?
I am sitting in my home watching snow fall, it’s April and I just spent the weekend prepping my yard for the upcoming summer season. To say the weather patterns are odd is an understatement. The global climate is warming as we know. And though you don’t see it on a day to day basis, it seems to hit more regularly than in the past, with freakish events, colds snaps, warm spells and snow storms in April. And on this occasion, it had me thinking about our current environment in payments. We are seeing a fundamental change to our ecosystem with technology advancements like Open APIs, big data, AI and foundational changes like Immediate Payment initiatives and regulatory pushes.
Ursinus College: The Future of Campus Commerce is in the Cloud
Sixty-eight percent of schools are moving eCommerce to the cloudi. As Ellucian Live begins to descend upon San Diego this week, ACI’s Gene Scriven took a moment to chat with Ellen Curcio, Director of Student Accounts at Ursinus College, about the future of campus commerce.
Be sure to catch Ellen and Gene, as well as ACI partner and host Ellucian at the event on Wednesday, April 11, for a panel discussion on “The Future of eCommerce in the Cloud.”
Driving IoT Progress at Mobile World Congress
I felt fortunate to be among the 107,000 delegates from 205 countries attending this year’s Mobile World Congress, held earlier this month in surprisingly chilly Barcelona.
Showcasing everything from connected cars, to virtual reality, 3D printing to amazing app ideas—the exhibition and conference content at MWC gave visitors a chance to discuss the future of mobile and explore the world’s most cutting-edge, mobile-enabled products and services.
4 Reasons Why You Must Future Proof Your Technology
What does future proofing your technology mean? In my view, it means preparing your bank to deliver the best customer experience possible--today and tomorrow. Research from Greenwich Associates indicates that the customer experience and ease of doing business are key drivers of loyalty. Extracting value from your technology investments so you can provide a superior customer experience is not only important because of the impact on service, but also on loyalty.
I want to focus on 4 reasons why future proofing your technology is important. These insights are a sneak preview into some of the findings from our upcoming whitepaper produced with Ovum, the annual Global Payment Insight Series.
Increasing Collections & Satisfaction: Real-Time Payments for Loan Servicing
The old adage that “cash is king” is precisely that: old. In today’s world, convenience is king and real-time payments deliver it in spades. Consider that convenient ways to pay can reduce late payments by up to 76%, while reducing call center volumes by up to 83%, and it’s no wonder lenders are expanding their offerings over time to include checks, ACH, debit cards and now real-time payments.
GDPR: Modern Wealth Is In Your Digital DNA
Hands up if you don’t really know what GDPR is… don’t worry, you’re not alone in fact, 6 in 10 people have never heard of it.
And why should the average consumer know about the General Data Protection Regulation (GDPR)? The regulation itself, which will become enforceable in May 2018, is designed to stop businesses using our data without our knowledge or consent. And that consent means complete transparency on how our data is being used. This sounds like a very reasonable expectation for consumers to have, which of course begs the question; why hasn’t this been the standard up until now?
Fintech Frenzy and Fun
I’m in vibrant Singapore for day one of the inaugural Money20/20 Asia... or is this day two? I’ve lost all concept of time this week (and didn’t realize how close Singapore is to the equator… it’s like wicked hawt outside!) And I’m joined once again by my ever-intrepid Rantings colleague to rant about what’s happening in this fun-filled world of payments.