European card fraud losses in a post-mature chip and PIN environment reached a new high last year. With this sobering fact as backdrop, several of the EMEA banking industry's top fraud and risk management leaders converged in London last week at the EMEA Fraud Forum, hosted by FICO.
Following presentations by Andrew Churchill, advisor on cyber security issues to both UK and EU government, and Andras Cser, principal analyst at Forrester, the discussions focused on remote channel payment and associated on-line security, plus emerging best practices for keeping customers safe while improving customer engagement and service.
One interesting observation: Fraud is, paradoxically, helping banks regain consumers’ trust. Many customers see their banks as being more proactive in the acquisition, use and interpretation of their credentials, and characteristics. They believe, and expect, that banks are at the forefront of protecting and preserving their personal and payment data.
But there were some cautionary tales as well. One example is the interoperability, or the lack of it, of credential use between sectors. Relying upon "someone else's security" (such as the authenticity of the customer name and address on a utility bill at on-boarding stage) is a practice that places identity assurance at a far lower level. Our forum’s participants were also concerned about the changing regulatory landscape and the heightened risk of scrutiny and sanction.
As the discussions at the EMEA Fraud Forum proved, the biggest risk facing banks charged with protecting consumers’ financial transactions and even their data is the consumer technology explosion. The multitude of devices and the ease of accessibility of consumer-volunteered data (now including biometric data) through online interactions and social profiles presents increased vulnerabilities. Couple this with changing payment form factors, such as contactless and Near Field Communication, and there are risks that technology enablement becomes a consumer security Achilles’ heel.
Layered defenses have long been the order of the day, and that is even truer today. Technology gives a plethora of extra customer profile information (about the device, its location, its content, its use, etc.) which, when used intelligently and in concert with traditional fraud prevention and detection, can better define the customer and their characteristics in a way that was never before possible. And that makes the would-be criminal's job in trying to replicate a consumer's profile doubly difficult.
In my early days in this industry, I worked for one of the original Joint Credit Card Company banks that issued the Access card brand. Access was advertised as "your flexible friend" for payment. Technology is now the consumer’s friend for payment — and possibly for identity protection as well.