Where is fraud heading after PSD2's Strong Customer Authentication?

The payments industry will witness emerging threats and new patterns in fraudsters’ behaviour. Nick Maynard, Lead analyst  at Juniper Research, reveals for us the future of online payment fraud under PSD2

Fraud in the online space has been growing rapidly over time, for a multitude of reasons. Fraudsters are particularly attracted by the accessibility of the Internet, the possibility to commit fraud remotely and the high value of the ecommerce market. As this has typically been a high threat environment, the PSD2 regulation brought in the SCA (Strong Consumer Authentication) to combat online payment fraud.

By bringing multifactor authentication to the online payments area, SCA promises a more secure ecommerce environment. However, implementation of SCA has been highly inconsistent, with the EBA (European Banking Authority) allowing national central banks to authorise delays to implementation.

This delay is heavily linked to a lack of merchant preparedness, as regulators have realised that SCA is complicated to integrate and retailers have not yet amended their processes and systems. Financial institutions have faced a difficult task in trying to prepare merchants, a task that simply requires more time.

While the UK has been the highest-profile country to implement a delay, it is important to note that it is not alone in its decision. The Central Bank of Ireland has made a similar decision, as has Malta. The EBA’s decision to allow flexibility in the first place is an admission that the rollout has been badly communicated and executed to date. In the UK particularly, there has been very low consumer awareness of the changes, which is not helpful when consumer processes are changing. Regulators should consider using the delay period to communicate changes effectively to consumers and avoid a cliff-edge situation.

Therefore, with further emerging threats and evolving fraudster behaviour, annual online payment fraud losses from ecommerce, airline ticketing, money transfer, and banking services, will reach USD 48 billion by 2023; up from the USD 22 billion in losses projected for 2018.

Figure 1: Online Payment Fraud Losses ($mln), Split by Segment 2023

Source: Juniper Research

An increasingly critical driver behind these losses will be the continued high level of data breaches experienced by businesses, resulting in the theft of sensitive personal information. The information that fraudsters gain from these breaches enables them to use fragments of real data to create new, synthetic identities. Without changes, these synthetic identities will have a major impact on the financial system.

The global rise in instant payment schemes and a focus on transactional, rather than behavioural risk, means, in particular, that money transfer is vulnerable, with fraud losses set to increase by over 20% per annum to USD 10 billion in 2023.

Stakeholders in the space must, therefore, take a holistic approach to fraud prevention. The procurement of omnichannel fraud prevention services and a strategy to assess and mitigate risk from a cybersecurity perspective will be critical for effective fraud prevention in the near-to medium-term. Pure SCA compliance will, however, not be enough to guarantee effective fraud prevention in many cases, meaning that cybersecurity vendors and payment networks should focus on creating solutions above and beyond the basic regulatory requirements.

A crucial future element for the prevention of fraud in the online space will be the effective use of digital identities. At present, there are multiple points of failure in conventional identification and verification processes, particularly for online payment details, but also in a variety of other sectors. Passwords and centralised repositories have both been highlighted as the core issues with the growing problem of identity fraud, and a variety of methods have arisen to combat this.

About Nick Maynard

Nick Maynard is a Lead Analyst at Juniper Research. His key area of focusis the fintech area, including Digital Money Transfer, AI in Fintech, Digital Banking and Point-of-SaleTerminals, among others. Nick has a BA (Hons) in History from the University of Reading.

About Juniper Research

Juniper Research specialises in providing best-in-class market research across mobile, onlineand disruptive technologies. We offer in-depth reports, forecasts, annual subscriptions and consultancy. Our global clientsinclude Tier One operators and vendors. To find out how we can help you, contact info@juniperresearch.com or visit www.juniperresearch.com.