The times, as Bob Dylan once crooned in that raspy nasal whine, are a-changing—and no more so than in the ways bank customers make payments. And while he never got around to recording “The Times They Are a-Payments,” you have to wonder if his famous challenge to senators and congressmen would turn into a cybersecurity call to arms: “The hackers and thieves are beyond your command…”
For as the calendar lurches toward 2020, there’s nothing slow about the way cybercriminals are trying to crack open, defeat and otherwise obliterate the payments system in financial services. Here’s a look at the prospects, pitfalls and solutions as the industry works to stanch payment fraud.
‘Massive generational change is in motion’
Juniper Research estimates losses from online payment fraud will top $22 billion this year—and could go as high as $48 billion by 2023, according to InfoSecurity magazine. And that figure might represent the tip of the iceberg.
“The global cost of payments fraud is expected to reach $130 billion annually by 2023 for card not present transactions alone,” says Rohit Arora, CEO of the SMB lending and financing platform, Biz2Credit.
The challenge here lies in how we pay. It’s morphing. Fast.
According to the 2019 Debit Issuer Study, commissioned by PULSE and conducted by Oliver Wyman, 13 percent of debit cards are projected to be contactless by the end of 2019. Furthermore, 10 percent of surveyed issuers already offer the contactless cards while another 70 percent plan to do so by 2021.
For national and regional banks, that rate is even faster; 95 percent say they have plans to go contactless by the end of 2020, according to the study.
But changing over to contactless cards only marks the beginning.
“Massive generational change is in motion—both from a people and a technology perspective,” saysSultan Meghji, CEO and co-founder of Neocova, which built the first AI-based, API–driven platform designed specifically to support community banks and credit unions.
“From Apple Pay, to Tap to Pay, to retailer specific apps such as from Starbucks, old-fashioned card processing is facing serious pressure,” Meghji notes. “It’s likely that physical endpoint devices are going to fade out at an accelerating rate.”
He even goes so far as to predict that “everything from ATMs with fake cameras, to gas stations, to older card readers—all these endpoints will be pushed towards obsolescence at a fast rate, mostly because the cost of evolution is too high. We’ve seen this happen with core banking. Banks have struggled with legacy technology and limiting core infrastructure, while also facing mass consolidation and increased competition.”
Yet there’s movement to empower banks with technology that allows them to be flexible “while providing the safety their customers need,” says Meghji.
In simple terms, fraudsters will prey on payment modernization even as consumers start to benefit from it.
“We often talk about the fraud related to faster payments, but speed is only one part of the equation,” she says. “Payment modernization means more data travels with the message, payments become more automated, and they’re originated from more devices. All of these aspects of payments introduce new vulnerabilities that must be solved for.”
And as financial institutions diversify their payment methods, fraudsters are keeping up, Little says.
“Until a few months, we thought there was one ubiquitous real-time bank-to-bank service launching: The Clearing House RTP,” she says. Except that…
“We’ve since learned that the Fed will launch another one,” Little says. “Banks are trying to determine which to connect to—or both—and how to cover both from a fraud perspective. Fraud rings will watch this closely and attack where and when possible.”
On both, that is.
Meanwhile, she says, banks “are adopting a multitude of real-time person-to-person services and new cross-border schemes. While banks seek to work out the vulnerabilities, fraudsters will lie in the wait.”
Wallet hacking goes mobile
Arora, of Biz2Credit, believes card-not-present fraud is increasing for several reasons.
“Data phishing tactics have grown to include fake voicemails, app notification and voice over internet protocol [VoIP] tactics,” he says. “Increased use of mobile wallets has led to the rise of mobile wallet hacking, which has already become a significant risk for the Indian market.”
Banks should be wary of the threat that new fraud tactics pose, adds Arora, who offers three ways to prevent it:
• Pay close attention to high risk transaction types, including remote purchase of physical goods, digital goods, airline tickets and digital money transfer.
• Define omnichannel fraud prevention needs.
• Conduct a cyber security risk mitigation assessment.
The times may be a-changing. But if banks pay attention, they don’t have to leave the security of payments—and their customers—blowin’ in the wind.
Howard Altmanoversees coverage of issues affecting troops and their families as managing editor of Military Times. He has won more than 50 journalism awards and his work has appeared in the New York Times, Daily Beast, Philadelphia magazine, the Philadelphia Inquirer, New York Observer, Newsday and the Tampa Bay Times.
Compliance training and professional development courses that are efficient, effective and on-point. Give your people the latest industry-approved tools they need to improve performance, reduce operational risk and better serve your customers.