This is an excerpt from Finextra’s report, ‘The Future of Payments 2022: The Cutting Edge of Digital Payments.’
With the rising cost of living, and the squeeze on finances anticipated in the coming months and years, fraudsters are going to double down on their attempts to extract more money out of consumers. Unfortunately, it is the most vulnerable – who typically
don't have a lot of disposable income – who are most at risk.
Matt Cox, head of digital payments, Nationwide, told Finextra it is the industry’s biggest responsibility to do everything it can in the fight against this in the coming years.
A future with SCA
A positive step in the fight against fraud has been the implementation of strong customer authentication (SCA).
“Looking ahead, the benefits of SCA will be the extra protection it provides for consumers and for Nationwide's members,” said Cox. “Now that extra authentication controls are in place, Nationwide’s early data suggests we will see around 2000 fewer victims
of fraud every month – and millions of pounds will be saved. That's 2000 fewer members at Nationwide who won’t have to suffer the impact and the heartache of being a victim of fraud.”
Clearly, the monetary and the human benefits are huge, but these technological developments must be enjoyed by all. If merchants are not ready, or if there is a pocket of consumers who are not ‘mobile active’, the industry will need to provide alternative
solutions.
“If these successes are replicated across the industry, this will be a major step forward in the ongoing fight against fraudsters,” argued Cox. “Yet, we need to focus to ensure that the residual number of consumers that are unable to pay for certain things
online are not forgotten. We cannot walk away yet.”
Drop-out-at-checkout: A knock-on effect
For all its security benefits, some argue that SCA will cause online retailers to lose out on some sales because of the additional friction that it imposes on customers.
“I appreciate this risk,” said Cox. “But with secure journeys that are also slick, I don't think in the long run sales will tumble. Security is a huge priority for consumers – not just checkout speed. They want both. As we introduce these changes, yes, drop-out-at-checkout
will be a thing, but it will be a declining problem. The fact that we are asking consumers to authenticate is good and it will become normal accepted behaviour.”
However short-lived, the impact of drop-off-at-checkout may encourage some businesses to explore alternative online payment methods, such as mobile wallets, argue some commentators.
“While this is a driver,” acknowledged Cox, “let's be clear – right now, App2app authentication is the best experience, the most secure, and the most used. It’s also best for merchants. For the customers that can, I would recommend this is the approach they
take. Nonetheless, we must recognise that not all issuers, banks or building societies have developed this option yet, so we do need to allow for other options.”
“Increasingly, we're going to see use of mobile App2app authentication for higher risk transactions,” Cox continued. “Bear in mind, this isn't all transactions online. It's a small proportion of the transactions that happen online because most sail through
without the additional authentication checks. In my view, they will become ubiquitous in the next one or two years.”
Simon Gilson-Fox, head of product and solutions, UK & I, Visa, said that consumers should be able to choose how they want to pay for goods and services: “If they want to use their card to make an online payment, and benefit from the security protecting their
payment from fraud, we should make sure it’s as easy as possible for them to do so which means delivering SCA in a way that doesn’t force the consumer to abandon their purchase or find alternative routes.
Biometrics: The smoothest and safest path
Arguably, the simplest and most secure way to apply SCA is via biometrics. In the coming years, they will become ubiquitous in the payments space, predicted Cox.
“The world of biometrics, with its potential to combat fraudsters, is hugely buoyant. There are strong incentives for the industry-at-large to adopt these measures.” Gilson-Fox added: “Research has shown that customers increasingly consider biometrics to
be secure and easy to use. By integrating biometric elements into their SCA challenge design, issuers can drive both customer confidence and trust. Visa recommends one of two options for the ‘main’ SCA solution, both involve the use of biometrics. One, a mobile
banking app plus biometrics, known as out-of-band, or two one-time-passcode, plus behavioural biometrics.”
One of the most challenging cyberattacks for providers to overcome is authorised push-payment (APP) fraud, where a customer is tricked into authorising a payment to an account controlled by a criminal. Through behavioural biometric technology, firms can
match, for instance, keystroke patterns to users’ profiles to ascertain who is attempting to conduct a transaction.
This is proving so effective that “regulators have given their view that biometrics are robust enough to be considered one of the key factors providers should aim to be using within their overall toolkit,” stated Cox.
The apex of customer authentication
As technology becomes increasingly invisible, the customer’s experience will improve. While quite niche today, there are a few usage examples in the marketplace already of biometric cards. These combine chip technology with fingerprints to verify a cardholder's
identity with unparalleled speed and accuracy. There are even forms of biometrics emerging that play a role in tracking pulse rates, thus blocking a fraudulent activity before it occurs. Iris recognition, combinations of voice and face, too, are being explored.
“There is a huge flowering of innovation in the payments space,” claimed Cox. “No doubt we will see new and improved solutions coming to market, because the one thing we can be sure of is that fraudsters will always find new ways around the defences we deploy.”
Cox and Gilson-Fox agreed that criminals will constantly adapt to new security measures and will seek out the weakest link in the security systems of financial institutions. Any new digital system should be designed with security top of mind. Educational
campaigns combined with technological measures will both be critical to raise security awareness among users.