All posts by Sarah Rutherford

Fraud & Security PSD2 – Why Customer Communications Are Key

PSD2 with question mark
Sep192017

As I discussed in a previous blog, consumers have not been extensively educated on the impact that PSD2 will have on them. Many of the outcomes of PSD2 will be positive – the Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) will give people access to a range of new services that will help them to manage their money better and give them more flexibility in the payment providers they use. However, the fraud prevention measures that form an integral part of PSD2 will have a knock-on effect for consumers. In some instances, security checks will make initiating a payment more difficult and irritating. Sometimes the checks may even stop it. Poor Customer Management will Impact the Bottom Line We already know that introducing friction into customer transactions is viewed negatively. Many organisations consider losses to abandoned transactions as important or more important as losses to fraud. PSD2... [Read More]

Leave a comment

Fraud & Security PSD2 – Why is Transaction Risk Analysis Important for PSPs?

PSD2 with question mark
Sep042017

Worried about increasing levels of fraud, particularly in remote payments, the regulators have made fraud prevention a cornerstone of PSD2. The regulated use of Strong Customer Authentication (SCA) by payment service providers (PSPs) to secure payments is laid out in the Regulatory Technical Standards for PSD2. However, the use of SCA to secure every payment over €30 could cause problems for PSPs. It could impact the level of customer service they can offer by forcing them to add friction to the consumers’ payment process, forcing consumers to re-authenticate themselves using multiple factors at the point of payment. There is a difficult balancing act between fraud reduction and customer experience. PSPs will be allowed to manage this balance by securing payments using transaction risk analysis (TRA) – as long as they can keep their fraud rates low enough (see the transaction value table from the regulatory technical standard, below). TRA is... [Read More]

Leave a comment

Fraud & Security PSD2 Glossary – the 50 Terms You Need to Understand

PSD2 logo
Aug072017

It’s not unusual for EU Directives to arrive with a whole host of acronyms and terminology, and PSD2 is no exception. From AISP to XS2A there are some new terms, some terms that have a new meaning in this context, and some established payment terms it’s always worth having a reminder about. When I couldn’t find a glossary to help me understand the terminology, I decided to create one. Or the 50 PSD2 terms, here are my 3 favorites: ASPSP – Account Servicing Payment Service Provider — a tongue-twister to rival Sister Suzie and her shirt-sewing shenanigans! An ASPSP is a Payment Service Provider (PSP) such as a bank or card issuer that provides authorised access to bank account information. For PSD2 they are allowing API access to bank account data for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). This makes my top three as I can’t... [Read More]

Leave a comment

Fraud & Security 3 Reasons to Prepare Your Fraud Operations for PSD2 – NOW

Cover to fraud brief
Jul272017

PSD2 is on its way but in many respects it feels like it will never happen. So much is still undefined; it’s not yet transposed into national law, the complete Regulatory Technical Standards are not issued and much is still open to interpretation. Given this uncertainty, it is not unreasonable to take a wait and see attitude to preparation – after all it’s likely to be more than a year before you will be expected to apply PSD2 to your payment operations. A laissez faire attitude to preparing your fraud operations for PSD2 may however be a bad move. NOW is the right time to get ready. Read our executive brief Getting Your Fraud Operations Ready for PSD2 so that you can understand the three reasons why you should act now: You will want to secure payments with Transaction Risk Analysis – but that will bring fraud challenges. You will... [Read More]

Leave a comment

Fraud & Security How Are Telecom Providers Managing Cybersecurity Risk?

Man with laptop
Jul182017

Data breaches are in the news on an almost daily basis and telecom companies are not immune to attack – indeed, cyber-attacks have led to the loss of almost 50 million customer records in the past 10 years. For telecom businesses it’s not only the frequency and number of records that are breached that is of concern, it’s also the type of data that can be lost. Telecom companies are guardians of a rich set of customer data, including financial information. They also hold a valuable set of behavioural data about their customers based on how they use their services. This rich data set is a honey pot for cybercriminals – particularly those using data to fuel identity theft. We included telecommunications providers in the cybersecurity survey carried out on our behalf by independent research company Ovum. What did we find? A full assessment of our findings for the Telco industry... [Read More]

Leave a comment

Fraud & Security Cybersecurity – Who Is The Biggest Internal Risk?

Man with laptop
Jul062017

When it comes to cybersecurity, crooks need a way into our businesses and often someone gives it to them – mostly unintentionally. An understanding of who the unwitting accomplices are will help IT security to protect the organization. In a recent survey conducted for us by research company Ovum, we asked senior security executives which employees or third parties posed the highest cybersecurity risk to their firm. Although 77% of respondents said that their employees have sufficient information on how they can contribute to prevent breaches, internal staff were still perceived to present the biggest threat to cybersecurity. Interestingly, most respondents saw the highest risk as coming from their internal IT function – they highlighted their own departments as the weak link. While most do think they have educated employees well, we had many comments regarding the need for further education programmes. The need to secure employees devices, particularly in... [Read More]

Leave a comment