Fraud Awareness Month Canada – Return of the Lost and Stolen (and Authenticating Wearables in Canada)
A couple years ago, I penned a blog post to commend the Canadians on what made their culture so resilient to fraud that it developed the lowest fraud rates in the Northern Hemisphere. It got a bit of circulation and created significant positive feedback. This time, I would like to bring awareness back to Canada about a potential threat as it relates to the increasingly popular Tap payment channel.
As smartphones and wearable devices continue their exponential growth in Canada and globally – it’s expected to be worth $34 billion by 2020 - Canadians will need to be wary of this convenient card-based (or alternative NFC wearable device) service.
Tap payment allows Canadians to casually pay for smaller transactions using their devices without attempting a more involved and, yes, ultimately more secure Chip and PIN transaction. However, a fraud type we had almost exhausted in recent years, known as Lost and Stolen, could become a threat. Lost and Stolen had been considered so marginalized as a fraud type by a menacing brother fraud type: Counterfeit. The fraud on counterfeited cards, which is exposed at merchants through skimming events, became the most significant threat experienced by most consumers and was the prevailing problem that Canada had largely pushed beyond the border. As wearable payment devices and friction free (sans PIN) authentication options continue to proliferate, Lost and Stolen will be an increasing typology affecting issuers.
Perhaps it’s Canada’s own success at bringing debit card fraud to such a low rate that has resulted in consumers’ over-weighted sense of security, convenience and a habituation with their primary consumer payment device, the humble EMV Chip and its PIN companion. However, the initial path that brought Canada here was the dedication to deploying EMV’s cryptographic technology with significant enforcement, which mandated a PIN with the transaction. Relaxing the effective authentication controls for the Tap product means that below a threshold amount, typically less than $200, does not require a PIN, and the card or wearable NFC device itself is enough to authorize a transaction at a merchant’s point of sale. The residual here is that it’s not the amount, it’s the frequency, and residual Counterfeit cases are now a mere fraction of the counts of Lost and Stolen.
Cards and wearable payment technologies are frequently and casually left accessible to those who seek to abuse them. Payment devices must be guarded just as much as a wallet that contains debit and credit cards. When consumers leave payment devices in unlocked parked cars, or on open desks at work, without sufficient physical security, it creates an opening for opportunistic fraudsters, where simple car prowlers in the neighborhood can become an entry level fraudster.
Again, there is a ceiling on the amounts that reduce risk, but the inconvenience of having one’s card lost, filing a fraud case, or replacing the card, can be a stressful event and reduce confidence in electronic payments. Further, in the larger picture, the behavior we are seeking to reduce and bring awareness to is easy to remedy: focus consumer behavior to continue to treat plastic cards and NFC devices like the payment products they are. Create programs to bring awareness to secure them, or increase authentication requirements to two factors in every transaction, perhaps significantly lowering the amount threshold for PIN requirements that aligns with the PSD2 thresholds across the pond (50 Euro/transaction).
Part of Canada’s notable achievement in reducing card fraud and creating a culture of awareness was an altruistic commitment to protecting its citizens and financial ecosystem, which is truly admirable. This year, for fraud awareness month, I want to implore all stakeholders in Canadian payments to take steps to continue to eradicate all fraud types in the great white north.
I’ll be presenting on this topic and many more like it at the 2018 ACI Exchange Conference in Denver…hope to see you in May!
Related Blog Posts
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
To Regulate Or Not To Regulate – Is That Thy Question?
Debates are healthy, and as someone who spent a little time during my college years dabbling around the edges of the speech and debate team, I can tell you it’s something that I personally relish. A chance to really talk through the pros and cons of an argument and lay out the bare facts… and then be judged based not only on those facts, but on the presentation and power of persuasion—sign me up!
Request for Pay – What Does It Mean For Financial Institutions?
What do banks – one with $60B+ in assets, one a mid-size regional bank, and one, a small innovative credit union – have in common with payment networks and the ‘Big 4’ consulting firms? They were all part of the first ACI #PaymentsForBreakfast event in North America! The theme was real-time payments, but the focus was more specifically on Request for Pay.
Why Open Banking Might Need to Rely on a Magic Illusion of 24x7 Availability
The adage “the more things change, the more they stay the same” appears to ring true when applied to the early phases of the evolution of open banking (or open payments). Especially when you contrast it with the early days of ATM withdrawals; particularly those made in the dead of night so you could pay cash for your after-party greasy feast.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
Winners and Losers in the Regulation Vs Competition Debate? How About New Business Models?
As Summer has abruptly turned to Fall, I have found myself daydreaming of a European vacation (and yes, I realize it’s Fall there too… or rather, Autumn). Maybe it’s the Instagram feed full of friends on a summer sojourn to Italy, France, or Germany, or the constant barrage of Premier League kickoff commercials on the NBC Networks (Let’s Go Gunners!), but yesterday it was something else entirely that had me drifting off into a memory-induced Nutella-crepe state of euphoria.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
The Mexican Fintech Revolution – ¿Qué onda in Open Banking?
Mexico has joined an elite group of nations, being amongst the first to pass open banking regulations. Specifically designed to open up its financial services and technology sector, the so-called ‘Fintech Law’ appears to have taken notes from PSD2, UK Open Banking, Singapore’s ‘organic’ approach, and others – and balances these against Mexico’s unique context and aims.
ACI’s Lu Zurawski, one of the industry's foremost open payments experts, and Sonia Gomez, a Latin America payments authority, discuss this balancing act; including the drivers, the regulation and the potential benefits.
Working Up An Appetite for APIs in Australia
This week ACI hosted the latest installment of our #paymentsforbreakfast forums in Australia, with the early birds catching the open banking worm in both Sydney and Melbourne.
Given the similarities between the Australian and UK open banking movements, we enticed ACI’s UK-based Lu Zurawski (Solutions Practice Lead - Retail Banking) to Australia to share his learnings from being heavily involved in the UK Open Banking working group.
APIs and Cash Management (Harnessing the Hammer, Part 2)
In my last blog post, we talked about the hammer and the nail; the hammer in this case being open APIs, and the nail being the market need to adapt to changes in customer behavior and expectations from our commercial market. We laid out why the US is in a different position when it comes to open APIs—it has to do entirely with the regulatory environment, which is allowing us to start with the largest revenue opportunity first. Finally, we challenged you, the reader, on how you can begin on your journey. And that is where we are going to pick things up. What steps can you take today, and what use cases can you explore as we start getting our hands dirty?