Voice of the Industry

Where is fraud heading after PSD2's Strong Customer Authentication?

Tuesday 21 January 2020 08:30 CET | Editor: Anda Kania | Voice of the industry

Fraud Prevention and Online Authentication Report 2019/2020

The payments industry will witness emerging threats and new patterns in fraudsters’ behaviour. Nick Maynard, Lead analyst  at Juniper Research, reveals for us the future of online payment fraud under PSD2

Fraud Prevention and Online Authentication Report 2019/2020

Fraud in the online space has been growing rapidly over time, for a multitude of reasons. Fraudsters are particularly attracted by the accessibility of the Internet, the possibility to commit fraud remotely and the high value of the ecommerce market. As this has typically been a high threat environment, the PSD2 regulation brought in the SCA (Strong Consumer Authentication) to combat online payment fraud.

By bringing multifactor authentication to the online payments area, SCA promises a more secure ecommerce environment. However, implementation of SCA has been highly inconsistent, with the EBA (European Banking Authority) allowing national central banks to authorise delays to implementation.

This delay is heavily linked to a lack of merchant preparedness, as regulators have realised that SCA is complicated to integrate and retailers have not yet amended their processes and systems. Financial institutions have faced a difficult task in trying to prepare merchants, a task that simply requires more time.

While the UK has been the highest-profile country to implement a delay, it is important to note that it is not alone in its decision. The Central Bank of Ireland has made a similar decision, as has Malta. The EBA’s decision to allow flexibility in the first place is an admission that the rollout has been badly communicated and executed to date. In the UK particularly, there has been very low consumer awareness of the changes, which is not helpful when consumer processes are changing. Regulators should consider using the delay period to communicate changes effectively to consumers and avoid a cliff-edge situation.

Therefore, with further emerging threats and evolving fraudster behaviour, annual online payment fraud losses from ecommerce, airline ticketing, money transfer, and banking services, will reach USD 48 billion by 2023; up from the USD 22 billion in losses projected for 2018.

Figure 1: Online Payment Fraud Losses ($mln), Split by Segment 2023

Source: Juniper Research

Fraud Prevention and Online Authentication Report 2019/2020

An increasingly critical driver behind these losses will be the continued high level of data breaches experienced by businesses, resulting in the theft of sensitive personal information. The information that fraudsters gain from these breaches enables them to use fragments of real data to create new, synthetic identities. Without changes, these synthetic identities will have a major impact on the financial system.

Fraud Prevention and Online Authentication Report 2019/2020

The global rise in instant payment schemes and a focus on transactional, rather than behavioural risk, means, in particular, that money transfer is vulnerable, with fraud losses set to increase by over 20% per annum to USD 10 billion in 2023.

It is also highly likely that techniques practiced by groups such as Magecart and Fin7 will become more common, as fraudsters seek to create products from their knowledge. Here, the groups used a combination of malware and cross-channel approaches for criminal gain. As a result, more complex fraud will become more common as, in effect, a ‘fraud-as-a-service’ economy emerges.

Stakeholders in the space must, therefore, take a holistic approach to fraud prevention. The procurement of omnichannel fraud prevention services and a strategy to assess and mitigate risk from a cybersecurity perspective will be critical for effective fraud prevention in the near-to medium-term. Pure SCA compliance will, however, not be enough to guarantee effective fraud prevention in many cases, meaning that cybersecurity vendors and payment networks should focus on creating solutions above and beyond the basic regulatory requirements.

A crucial future element for the prevention of fraud in the online space will be the effective use of digital identities. At present, there are multiple points of failure in conventional identification and verification processes, particularly for online payment details, but also in a variety of other sectors. Passwords and centralised repositories have both been highlighted as the core issues with the growing problem of identity fraud, and a variety of methods have arisen to combat this.

By putting robust digital identity-based onboarding processes in place, financial institutions can restrict fraudulent access to financial systems. How the user enrols in the digital identity scheme is key here; ‘selfie’ authentications using government-issued ID may not be secure enough to fulfil this purpose. More secure biometric methods will be essential in ensuring digital identity schemes are robust enough for this fraud prevention purpose. Payment industry bodies and regulators should immediately focus on creating industry standards to drive the rollout of digital identity solutions that are robust and can effectively combat online payment fraud. To date, government-led schemes have not gained traction in several cases, meaning that private consortiums, including payment networks, merchants and banks, may be better placed to lead initiatives. Successful deployments will significantly alter the online fraud landscape.

About Nick Maynard

Nick Maynard is a Lead Analyst at Juniper Research. His key area of focusis the fintech area, including Digital Money Transfer, AI in Fintech, Digital Banking and Point-of-SaleTerminals, among others. Nick has a BA (Hons) in History from the University of Reading.

About Juniper Research

Juniper Research specialises in providing best-in-class market research across mobile, onlineand disruptive technologies. We offer in-depth reports, forecasts, annual subscriptions and consultancy. Our global clientsinclude Tier One operators and vendors. To find out how we can help you, contact info@juniperresearch.com or visit www.juniperresearch.com.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Juniper Research, PSD2, SCA, fraud prevention, ecommerce, fraud loss
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events