When we think about the evolution of the financial industry in less than two short decades, it is quite astonishing. I worked in a bank during my college years, back when customers would come into the branch to ask why the account balance reported from the ATM machine did not match the balance I had provided to them on their deposit receipt. The Call Center was just starting to enable transfers via inter-bank accounts. The Internet existed during this time, but it was still not mainstream. We were a few years away from the revolution of online banking.
The growth of online banking happened fast, and then the growth of mobile banking even faster. In 2012, RSA saw just over 10% of all transactions originate in the mobile channel, and today, that number is over 50%. Despite some consumers still citing security concerns, the mobile channel has become as much a preferred channel to transact as the Web, especially among millennials.
As with anything, the introduction of new channels not only introduces more risk of fraud, but also greater challenges in obtaining omnichannel visibility across all points of customer interaction.
As an example, mobile fraud outpaces web fraud today. According to RSA’s data science research, more than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.
It's a natural shift for cybercriminals given that many banks and retailers continue to extend the range of services their mobile apps support. RSA data shows that fraudulent transactions from the mobile channel are more than double the value of genuine transactions; the average value of a genuine transaction is $133 vs. $292 for a fraudulent one.
Open API Economy
The API economy is another trend contributing to the need for omnichannel fraud management. Under pressure to remain competitive in a strong FinTech market, financial institutions are leveraging the open API economy and opening up their systems. In some cases, it's an obligation. For example, the EU’s Payment Services Directive II (PSD2) requires banks that do business in Europe to open access for data aggregators and payment services. There are similar initiatives and regulations in the United States and Asia as well.
This is a significant shift from the past, when banking information was held in closed systems. This shift is expected to drive innovation by giving consumers easier access to their money and more flexibility in moving it around while helping to expand the market for digital wallets and other electronic payment systems. However, it also opens up new potential for fraud exposure if proper security is lacking.
As an individual's bank account becomes their one-stop shop for a range of services, it can be used in the same way by a cybercriminal who gains access to it. The risk is borne by the bank (or other organization) which must up its fraud prevention game to ensure appropriate protection of customers' money and data.
Aside from expanded access introduced by the Open API economy, Faster Payments is adding to the complexity of omnichannel fraud management by advancing the speed with which consumers and businesses can make payments—a trend expected to continue. It is a watershed moment for the payments industry in particular, and the banking system as a whole, as instant, same-day, real-time and person-to-person (P2P) payment services take off.
Australia’s New Payments Platform initiative describes the transformation perfectly, “It’s designed to support an economy that never sleeps, never tires, and never slows.” Welcome to the age of digital transformation.
However, Faster Payments is hardly new. The UK's Faster Payments Service (FPS), rolled out around ten years ago, has seen rapid adoption and is changing the way consumers transact and pay bills. In 2017, FPS processed 1.7 billion payments and over £1.4 trillion in payment transfers, and today accounts for more than one in six non-card- and non-cash-based payments.
The fraud risk with Faster Payments is that there's little or no time to review, recall or stop a payment once initiated. For instant and same-day payments, therefore, proper authentication is critical to prevent fraud. Given that customers use these services precisely because they are quick and seamless, banks and other service providers must determine risk correctly and strike the right balance between effective security and a frictionless customer experience.
As banks, payment providers and retailers extend services to mobile and other digital channels, they face new challenges and vulnerabilities that could open their customers and their business up to increased fraud and new types of attacks. Organizations need to evaluate their omnichannel strategies to provide effective protection and fraud detection across multiple channels, without losing sight of customer expectations for speed and convenience.
Organizations should be prepared to ask their fraud prevention providers hard questions about how well suited their solutions are for multi-channel environments and, in particular, how they address mobile users' needs. Technology partners should also be able to demonstrate a clear understanding of how new and emerging regulations and standards impact an organization's business strategy.
# # #
Learn how digital transformation, payment trends and regulations pose new opportunities and threats to service providers and the role of ominichannel fraud management in overcoming the challenge in our new “2018 Current State of Cybercrime” white paper.
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post, Securing the Digital World
Keywords: Fraud, Fraud Prevention, Financial Fraud, Mobile Fraud, Omnichannel, PSD2