Category Archives: Fraud & Security

It’s not unusual for EU Directives to arrive with a whole host of acronyms and terminology, and PSD2 is no exception. From AISP to XS2A there are some new terms, some terms that have a new meaning in this context, and some established payment terms it’s always worth having a reminder about. When I couldn’t find a glossary to help me understand the terminology, I decided to create one. Or the 50 PSD2 terms, here are my 3 favorites: ASPSP – Account Servicing Payment Service Provider — a tongue-twister to rival Sister Suzie and her shirt-sewing shenanigans! An ASPSP is a Payment Service Provider (PSP) such as a bank or card issuer that provides authorised access to bank account information. For PSD2 they are allowing API access to bank account data for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). This makes my top three as I can’t... [Read More]

That is the question for cybersecurity risk assessment. FICO has been in the analytics business since our inception back in 1956.  Our founders, Bill Fair and Earl Isaac, had the novel idea that businesses could make better decisions through data. Before anyone thought to call the resulting algorithms “analytics,” they set off to create game-changing approaches to correlating signals with outcomes to help companies manage risk, reduce expense, and maximize opportunities. Bill and Earl began looking for problems they could solve through an empirical analysis of data, and credit underwriting was a use case that was well-suited to the technique. Most credit-granting organizations had credit applications tucked away in filing cabinets (a source of consistent signal data), and most also had a reasonable handle on outcomes – i.e., who was managing credit to terms and who was in arrears or in default. The ability to relate data known at the time of the... [Read More]

PSD2 is on its way but in many respects it feels like it will never happen. So much is still undefined; it’s not yet transposed into national law, the complete Regulatory Technical Standards are not issued and much is still open to interpretation. Given this uncertainty, it is not unreasonable to take a wait and see attitude to preparation – after all it’s likely to be more than a year before you will be expected to apply PSD2 to your payment operations. A laissez faire attitude to preparing your fraud operations for PSD2 may however be a bad move. NOW is the right time to get ready. Read our executive brief Getting Your Fraud Operations Ready for PSD2 so that you can understand the three reasons why you should act now: You will want to secure payments with Transaction Risk Analysis – but that will bring fraud challenges. You will... [Read More]

Several top global banks have made it into the press again — for the wrong reasons, reasons to do with international money laundering schemes. From facilitating trading with companies in sanctioned countries, to moving cash for Russian launderers to channeling Mexican drug money, these banks were caught and assessed steep fines by regulators. Even worse is the reputational damage that comes from not . These banks probably thought they were taking the “risk-based approach” that is at the center of most anti-money laundering (AML) regulations and know your customer (KYC) appraoches. But were they doing enough? Did they truly know the customer, their business and the relationship? Did they understand who stood behind the customer – where the funds were coming from? Over the past years, regulatory pressure on banks has increased and resulted in more sophisticated risk-based approaches that require banks to consider much more information on the customer... [Read More]

Data breaches are in the news on an almost daily basis and telecom companies are not immune to attack – indeed, cyber-attacks have led to the loss of almost 50 million customer records in the past 10 years. For telecom businesses it’s not only the frequency and number of records that are breached that is of concern, it’s also the type of data that can be lost. Telecom companies are guardians of a rich set of customer data, including financial information. They also hold a valuable set of behavioural data about their customers based on how they use their services. This rich data set is a honey pot for cybercriminals – particularly those using data to fuel identity theft. We included telecommunications providers in the cybersecurity survey carried out on our behalf by independent research company Ovum. What did we find? A full assessment of our findings for the Telco industry... [Read More]

When it comes to cybersecurity, crooks need a way into our businesses and often someone gives it to them – mostly unintentionally. An understanding of who the unwitting accomplices are will help IT security to protect the organization. In a recent survey conducted for us by research company Ovum, we asked senior security executives which employees or third parties posed the highest cybersecurity risk to their firm. Although 77% of respondents said that their employees have sufficient information on how they can contribute to prevent breaches, internal staff were still perceived to present the biggest threat to cybersecurity. Interestingly, most respondents saw the highest risk as coming from their internal IT function – they highlighted their own departments as the weak link. While most do think they have educated employees well, we had many comments regarding the need for further education programmes. The need to secure employees devices, particularly in... [Read More]

A company that solved an “unsolvable” wind farm optimization problem. An automaker that uses analytics to keep more delinquent customers in their cars. An airline that uses optimization throughout its business to improve customer service and efficiency. These are just some of the past winners of the FICO Decisions Awards – and now it’s time to find the next set of innovators. We’re looking for companies that are achieving outstanding success using FICO analytics and decision management solutions. Awards will be presented in six categories: Artificial Intelligence and Machine Learning Customer Onboarding and Management Debt Management Decision Management Innovation Fraud Control Regulatory Compliance. Winners will receive recognition at FICO World, which will be held April 16-19, 2018, in Miami. Winning implementations will be featured in conference activities, and two representatives of each winning company will receive complimentary conference passes. Nominations are due September 1, and winners will be announced in... [Read More]

We are addicted to our phones from the time we wake up until we go to bed — and apparently, even after that. According to recent reports: One in three UK adults – and half of 18-24 year olds – said they checked their phones in the middle of the night, with instant messaging and social media the most popular activities One in 10 smartphone owners admitted reaching for their phone as soon as they woke up – with a third grabbing the device within five minutes of waking. Given this, the best way to contact a customer is clearly by phone, particularly the smartphone as it has a range of channels available on a single device. This would also be the ideal way to quickly alert a customer to a potential fraudulent transaction. But this raises a critical question: How secure are the channels of communication with each customer?... [Read More]

FICO has just released an interactive infographic on European card fraud trends since 2006, showing that card fraud in the 19 countries studied has hit a new high of €1.8 billion. In the UK, card fraud also a hit a new high in 2016, £618 million, though the rise was less than the rise from 2014 to 2015. To understand what these numbers mean — and what issuers need to do now — it’s important to know how got here. That’s why our map tracks the data back to 2006. Why is 2006 so important? That was the year of ‘love my PIN day on Valentine’s day’ in the UK, as the liability shift between magnetic stripe and chip & PIN technology had been put in place during 2005. So chip & PIN was officially rolled out across Europe and executives expected to see the benefits of that investment in... [Read More]

Rather like Brexit, the Second Payment Services Directive (PSD2) is coming and whether you like it or not, it will bring important and sustained changes. In the case of PSD2 those changes will disrupt the way that payments work all around Europe. So, what will the changes be? While much is uncertain, we can highlight some impacts which are almost guaranteed. In particular, those at the rock face of PSD2 agree on Strong Customer Authentication (SCA): Do whatever you can to avoid it. There are good reasons for PSD2 uncertainty. Key parts of the directive aren’t fully documented. More importantly, because the programme has been designed to be open to interpretation, to be flexible, even when it is written down, there is a lot of space for interpretation. And there are plenty of people who want to fill the gaps in to suit their own ambitions. Who will emerge as... [Read More]