Challenges and advantages brought by PDS2: interview with EVRY

How is PSD2 changing the fraud landscape and what risks and opportunities does it present?

It’s hard to talk about the payments industry without mentioning PSD2, and this certainly extends to the topic of fraud. PSD2 presents a lot of opportunities here, however, we need to ask ourselves, does it come with a cost? New third-party providers are entering the payments ecosystem in the form of AISPs (account information service providers) and PISPs (payment initiation service providers), which could potentially open the door to additional attack vectors. Strong Customer Authentication (SCA) promises a reduction in fraud levels and will be a key factor in mitigating risks, such as account takeover. However, while the benefit is clear, SCA will also cause additional friction in the end-customers payment experience. The challenge will not be around just securing transactions, optimal implementation will focus on creating a balance between enhanced security and the ultimate user experience. As such, many issuers are looking to holistic risk-based security features to deliver both secure and frictionless customer experiences.

How are Transaction Risk Analysis and Risk-Based Authentication being used to ease the burden on banks and their customers?

Risk-Based Authentication (RBA) is not a new concept, and many 3-D Secure solutions are well-known examples of this. In addition, PSD2 introduces Transaction Risk Analysis (TRA) exemptions as an extension of current RBA solutions. The TRA exemptions allow certain transactions to be exempted from SCA, provided that robust risk analysis is performed and the institution meets specific fraud thresholds. A robust risk-based authentication solution should include not only TRA, but it should also offer the necessary risk analysis for remote electronic cardholder initiation transactions (CIT). Working with our clients, exemption management has been identified as one of the most crucial areas, reducing their compliance burden and ultimately providing a better experience to their customers. A good RBA + TRA solution will also become a tool for customer retention and a competitive advantage in an industry with many service providers.

As fraud prevention and AML are closely related, is there a way of addressing these with a single solution?

At EVRY, we see a lot of positive synergies when looking at fraud prevention and AML together. Integrating these two abilities into a single crime prevention platform provides a more unified view of risk across an institution. It’s worth recognising that PSD2 and AML regulation aim to solve two different things (PSD2 protects an individual from fraud, while AML protects society from criminal activity by combating the financing of terrorism) and as such, there can be challenges to solving these in the same system. At the same time, there are many similarities between AML and fraud prevention operational activities.

By viewing financial crime holistically, we have developed a data driven transaction monitoring system that combines AI with rule-based systems to enable financial institutions to comply with both AML/CFT directives and PSD2 at the same time, enabling real-time transaction review and action. This helps banks to monitor risks, as they evolve, and control scenarios and thresholds that are often missed by traditional AML solutions operating in silos. At the same time, transaction intensive services, such as wallets, increase the risk that service providers are exploited for criminal activity. As a result, this might lead to a greater need for granular transaction monitoring than the traditional AML systems provide.

Finally, fraud prevention & financial crime prevention were long addressed in-house, why are banks now looking to third parties?

In-house vs. outsourced has been a long-debated topic in the industry and, of course, there are pros and cons with both approaches. A key benefit of in-house platforms is around control.

It allows you to monitor and control your own rule sets. On the other hand, in a managed service environment, rules are often set by the service provider based on knowledge built from looking at a wider set of transactions across several clients. New fraud patterns or trends can be quickly recognised in a managed service, with all connected clients benefiting from updated transaction monitoring rules. Another aspect is cost. Managed services can prove to be far more cost-effective. Monitoring fraud 24/7, 365 days a year requires highly trained staff with the agility to react to ever-changing fraud patterns. Looking forward, there are many other benefits to a managed solution. AI and machine learning are being developed and implemented at an increasing pace and leveraging the R&D performed in these areas by specialised companies can also be invaluable to institutions.

This interview was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Jonas Kullgren

Jonas Kullgren leads business and product development within EVRY Financial Crime Prevention. He has over 20+ years’ experience in the finance industry and holds an EMBA from Henley. Jonas has been principal in the transformation into PSD2 compliance for EVRY clients and is leading the expansion into AML Dual Control focusing on transaction intensive products.

About EVRY

EVRY Financial Services employs 1,300 specialists with a deep insight into the challenges that characterise the banking and finance markets. EVRY is a driving force for innovation and modernisation in a highly digitalised landscape. EVRY’s portfolio covers all areas of financial services and banking services including core banking, payments, lending, financial crime prevention, card and ATM-services.