During this Scams Awareness Week, we’re sharing our top tips to combat scams. Following on from Safeguarding older and vulnerable individuals from scams today we bring you the next tip in our series.
Tip 2: Protect your data like you protect your wallet!
Financial institutions spare no effort in combating fraud and protecting their customers from scammers, and there are thousands of people working around the clock to protect you and your money.
However, in recent years scammers have realised they are competing with advanced multimillion-dollar fraud detection controls and systems, and therefore the path of least resistance is to trick customers into helping them bypass the fraud controls that are put in place for customer protection.
The truths we must acknowledge:
There’s an alarming amount of compromised data out there, and scammers are becoming increasingly skilled at exploiting it. The numerous Australian data breaches publicised widely are just the tip of the iceberg.
You can check how many data breaches have involved your details at this website: https://haveibeenpwned.com/
Scammers, armed with your stolen data, can piece together a comprehensive profile of their targets. That seemingly innocent chat on WhatsApp or a transaction on Facebook Marketplace can be a data-mining expedition. This, in turn, can be exploited to build trust and manipulate people into compliance.
The following are some steps you can take to shield yourself from scams:
Your data is your digital identity, and safeguarding it is vital. Scammers can use your data to gain trust, manipulate, and exploit vulnerabilities.
By taking steps to protect your data and sharing this knowledge with others, we can collectively defend against data-driven scams and build a safer digital world.
Australians have lost $430 million to scams already in 2023, and as Christmas approaches, we can expect another spike in scam activities.
During this Scams Awareness Week, we’re sharing our top tips to combat scams.
Equipping ourselves and our loved ones with the knowledge needed to fend off scams is crucial.
In this digital age, scams can affect anyone, regardless of age or technological know-how. However, older, and more vulnerable individuals tend to fall prey to scams more often.
In 2023, Australians over 65 have lost more than $108 million to scams and represented one in four of all scam reports.
To combat scams effectively, it’s important to educate those at higher risk of becoming a victim. Sharing our knowledge, experiences, and staying vigilant empowers them to recognise and respond to potential threats.
Here are a few suggestions on how we can play a vital role in protecting our loved ones:
Be a trusted, non-judgmental resource available at any hour of the day. Engage in open discussions with older family members, friends, and acquaintances about the potential dangers lurking online. Encourage them to ask questions and share their concerns.
Educate older individuals about common scam warning signs such as unsolicited calls, suspicious emails, requests for personal information, or high-pressure sales tactics. Equipping them with this knowledge improves their confidence in navigating scam scenarios.
Encourage healthy scepticism and a “trust but verify” approach when encountering unknown or unfamiliar entities. Remind them to independently verify the legitimacy of offers, requests, or investments before committing to any action.
Phone scams result in more monetary loss than any other method. If someone on the phone is making them uncomfortable or is moving too fast, they can always hang up! Scammers feed on people’s politeness. It’s better to risk offending someone than to risk a scammer taking all of your hard-earned money.
We encourage you to share with your vulnerable loved ones so that we can all be protected.
Let’s work together to ensure we’re all protected from the harms of scams. By extending our helping hands, we can make a significant impact in their lives and collectively build a stronger and safer community.
For additional information on supporting scam victims, visit the Scamwatch website: https://www.scamwatch.gov.au/protect-yourself/help-someone-whos-being-scammed
Stay tuned for more scam-busting tips during this year’s National Scams Awareness Week:
Two decades ago, a journey began that would change the landscape of financial security. Today, we are celebrating 20 Stellar Years of Orion Financial Crimes—a journey marked by relentless dedication, innovation, and unwavering commitment.
The Origin: A Small Beginning with a Vision
Our story starts with ‘Credit Link,’ a small organisation consisting of just 30 staff members. Within its portfolio were 12 Visa Debit Card clients. However, a significant challenge arose when Visa decided to decommission its daily report of unusual transactions—an essential tool for fraud detection. This left a void that needed to be filled, and Credit Link was ready to step up to the challenge. Credit Link, now proudly known as Indue, embarked on a transformative journey by opting into First Data’s hosted PRM offering. This move was revolutionary in the world of fraud software, marking the beginning of a new era in financial security.
A Critical Decision: Developing a Service Offering
To meet the evolving needs of our clients and enhance their financial security, Indue made a critical decision. We decided to develop a service offering that would not only address the existing challenges but also set new standards in the industry.
Within the first year, our team expanded from 1 Full-Time Equivalent (FTE) to 3 FTE, allowing us to extend our service hours significantly. We went from operating on weekdays from 8 am to 4 pm to a more expansive schedule, covering hours from 7 am to 6 pm, including Saturday mornings.
The Financial Landscape: Then and Now
Looking back, it’s astonishing to see how the financial landscape has evolved over the past two decades. When we began, there were no overnight services, no real-time decline mechanisms, and no investigation case management tools. Transactions were predominantly conducted using magnetic stripe cards with signatures, and concepts like ‘chip and pin’ and ‘Visa Secure’ were yet to emerge. The primary focus of fraud prevention was on card-present scenarios, primarily
countering counterfeit activities. Today, e-commerce fraud, which now dominates the fraud landscape, was not even officially categorised.
Our Unchanging Purpose: Effective Mitigation and Exceptional Service
Throughout the challenges and transformations, our purpose remained constant—to achieve effective and efficient fraud mitigation while delivering exceptional customer service. We navigated uncharted waters, developing processes, procedures, reports, and client engagement strategies on the fly. All of these were driven by our sole aim: to enhance financial security while ensuring our clients’ competitiveness.
A Journey of Transformation and Innovation
As we celebrate 20 stellar years, we take pride in our journey of transformation, innovation, and unwavering commitment to financial security. From a small team managing a handful of clients to becoming a leading force in fraud detection and prevention, our story is one of dedication and excellence. We extend our heartfelt gratitude to our dedicated team, both long-serving members and newcomers, for their continuous efforts in driving positive change. To our clients, who have placed their trust in us for two decades, we say thank you.
Your support has been instrumental in our journey.
As we look ahead, we remain committed to advancing financial security, embracing emerging technologies, and strengthening our partnerships. Orion Financial Crimes, powered by Indue, stands as your reliable financial guardian, safeguarding your assets from harm.
Here’s to celebrating 20 Stellar Years of excellence, and to many more years of securing your financial transactions. Thank you for being part of our remarkable journey.
Find out more about our Orion Financial Crime solution.
According to the 2023 Australian Payment Fraud Report, in 2022, fraud on payment card transactions increased by 16.5% on the previous year to $577 million, in line with the increase in total spending on cards, which was up by 16% to $1 trillion over the same period. The rate of fraud on Australian card payments was 57.5 cents per $1,000 spent, up slightly from 57.3 cents in 2021.
The data indicates that the fraud rate has stabilised since the introduction of the industry’s card-not-present (CNP) Fraud Mitigation Framework (CNP Framework) in 2019, with the 2022 fraud rate remaining well below the fraud rate of 75.0 cents per $1,000 spent in 2017.
The CNP Framework requires merchants who consistently exceed agreed fraud threshold targets to strengthen customer authentication and apply other measures. The framework also encourages secure technologies such as real-time monitoring, machine learning and tokenisation.
AusPayNet sponsors the Economic Crime Forum (ECF), which brings together industry, law enforcement and government stakeholders to coordinate joint responses to economic crime, including scams, fraud, financial crime, and banking-related cyber incidents.
For more information on the data and payment fraud trends, read the 2023 Australian Payment Fraud Report below and the accompanying media release.
As adoption of banking apps grows, so does pressure to increase the range of capabilities the apps support, which has security ramifications.
Mobile app-based banking continues to find favour with Australians: more than two-thirds now use a mobile banking app or smartphone to do their banking, and it offers the highest customer satisfaction rating of any banking channel, averaging an 89.4% rating by customers of the ‘Big Four’.
As digital and self-service have been embraced by consumers, particularly in the form of increased use of apps, there’s inevitably pressure to build on that foundation.
A review of the apps of the five major Australian banks mid last year found customers wanted to see more capabilities and functionality added to the apps, particularly around money movement and management to improve financial wellbeing.
Some of these capabilities are being added in via third-party developed plugins created by fintechs, while other banks and credit unions are seeking to code these capabilities and features directly into the apps themselves.
Whichever app expansion strategy is pursued, a key concern will be that the additional functionality brings with it additional security risks. The larger the range of functions that the app can perform, the greater the amount of data it is likely to be handling.
All of these functions combine to create a broad potential attack surface for threat actors, who may view an ever-expanding banking app as a target that continues to increase in value.
In a recent Deloitte survey, building digital trust was rated as the most important business strategy for success by financial institutions in the Asia-Pacific.
One of the top five benefits that cybersecurity investments had in this area was providing “confidence to try new things”, the survey found.
This means that at least in some banks, there’s a direct link between security and app capability growth; if a bank or credit union lacks confidence in their setup, they are less likely to try new things that could increase their security risk or exposure.
Banks and credit unions alike are acutely aware of their critical infrastructure role in Australia, and of the impact that a breach could have on customer confidence and goodwill. The critical nature of banking apps is often on display if they suffer downtime or degraded performance. Customer sentiment can turn quickly if they suddenly cannot perform critical tasks such as contactless payments at a supermarket register. And to be clear: these incidents aren’t often security-related. A security-related impact could prove catastrophic, particularly from an erosion of digital trust perspective, let alone what exposures individual customers could have.
Fortunately, credit unions and banking institutions tend to take a very proactive, best-practice approach to cybersecurity, and this extends to the oversight of their apps.
Many, for example, have focused on upskilling the defensive capabilities of their development teams. Without this education and verification, a lack of expertise may lead to teams taking shortcuts and/or lapsing into human errors, which could trigger configuration issues and code-level vulnerabilities.
Importantly for banks, these vulnerabilities could raise risk thresholds to a point that’s incompatible with, or in breach of, their regulatory requirements. Stringent regulations – including the Payment Card Industry Data Security Standard (PCI-DSS), the EU’s General Data Protection Regulation (GDPR) and additional global and national initiatives exist to address issues such as insecure data storage, insufficient authentication/authorisation, poor code quality and code tampering.
These standards create and drive vigilance among risk teams. In their pursuit of app expansion and increased customer satisfaction scores, it is important that developers or customer experience teams do not do anything that would undermine this vigilance and risk position.
To lay the foundations to proceed with banking app expansion with confidence, a holistic, people-driven security program is beneficial for creating the right mindset and foundational skills base.
A program that takes a dynamic approach based upon real-life threat management scenarios – as opposed to a static learning approach – will gain the most traction quickly. This can include the leveraging of motivational tools, such as rewards for successful “wins” and skills acquired.
Security learning pathways should also be available to everyone with a stake in the bank’s customer success. Developers are just one part of the ecosystem. Other parts of the organisation such as application security (AppSec) professionals and senior management also have key stakes in securing digital experiences and building digital trust. Executives, in particular, need to understand that security is not a “set it and forget it” discipline. A combination of tools and training is the most effective way to maintain the currency of security knowledge and best practices.
A positive security program focused on role-based education and awareness can lead to increased security engagement across the entire organisation, establishing the bank as “security-first.” From that position, unconstrained innovation can safely follow.
Written by Pieter Danhieux, CEO and Co-founder, Secure Code Warrior. Source: australianfintech.com.au
The new National Anti-Scam Centre has launched its first so-called “fusion cell”, pulling together experts from regulators and industry to work on identifying ways of disrupting investment scams.
The Australian Competition and Consumer Commission, which operates the centre, announced yesterday that representatives from the ACCC, ASIC, banks, telcos and digital platforms will work on the project.
Fusion cells are “time-limited taskforces designed to bring together expertise from government and the private sector to address specific, urgent problems”.
The investment scam fusion cell will operate for six months and will target a number of goals: removing scam websites from the internet, stopping scammers reaching potential victims, sharing information about investment scams to assist the private sector to take disruptive activity; providing information to the public; and gathering intelligence to refer to law enforcement.
The ACCC said it will coordinate a series of these groups, with different participants, to target different types of scams.
The government announced in the May budget that it would provide A$58 million of funding for the centre over three years. Banks are expected to play a significant role in the centre’s work.
ACCC deputy chair Catriona Lowe said: “We’ll be using this funding to build the technology needed to support high-frequency data sharing with a range of agencies, law enforcement and the private sector.”
The funding was part of a package of measures announced in the budget, aimed at combatting scams and cyber crime. ASIC was allocated funding to allow it to identify and take down phishing websites and other sites that promote investment scams.
The Australian Communications and Media Authority was allocated funding to establish and enforce an SMS sender ID registry, aimed at impeding scammers seeking to spoof industry and government names in message headers.
Lowe said the Anti-Scam Centre will work with ASIC as it develops its scam website takedown service and support ACMA as it sets up the SMS sender ID registry.
Source: Banking Day, July 4, 2023.
In our digital world, behaviour tells all.
The BioCatch Behavioural Insights Report presents an overview of fraud attack trends and insights collected by our Threat Analytics team based on their experiences working on the front lines with global customers. In these short stories, we highlight how BioCatch is delivering actionable behavioural insights to create trust and ease across the entire digital identity lifecycle.
Read the BioCatch Behavior Insights Report – June 2023 today
Tasmania’s Bank of us and its customers are reaping the significant fraud protection benefits of Indue’s Orion Financial Crimes Service, delivered as part of our exclusive full-service payments partnership.
As an agile solution that enables safer payments, ‘Orion’ offers real time, non-stop fraud detection, monitoring, and management through integrated AI machine learning.
Bank of us CEO, Paul Ranson said outsourcing payment services to Indue, including financial crime solutions and the provision of aggregated insights, predictability, and forewarning, has been of major benefit to the customer-owned bank.
“With Orion, more fraud cases are being detected and deterred before they hit accounts, drastically reducing our volume of disputes while simultaneously increasing our customer satisfaction and security,” Mr Ranson said.
“On the rare occasion fraud has transpired in the last 3 months since transitioning to a full-service partnership, Indue’s service has been incredible at enabling chargebacks to occur promptly, putting money back in our customers wallets faster.
Indue CEO Derek Weatherley said the Orion service demonstrates industry-leading performance in financial crimes prevention, effectively reducing the burden on the non-major banks that we protect and serve, such as Bank of us.
“With more than 2.4 million accounts under management, Orion has access to a large pool of transactional data to detect trends, with rules tailored to meet the needs of individual organisations like Bank of us,” Mr Weatherley said.
“Our Australian-based team of fraud analysts do the heavy lifting, freeing up Bank of us to do the things they’re good at, like great banking products and services to Tasmanians, with enhanced peace of mind, knowing we’ve got them covered.
“For both Indue and Bank of us, who prioritise and care for customers, the reliable payments protection Orion provides is all that much more important.”
Beyond Orion, Indue’s range of services include the New Payments Platform, prepaid and gift card programs, mobile payments, the Nucleus Card Platform, and Payment and Bureau Services.
Bank of us, a Tasmanian customer-owned institution, has signed Indue to upgrade its fraud monitoring, as it works through a broader payment migration project set for completion this August.
Bank of us has a retail presence in Tasmania and 33,000 customers.
The bank stated earlier this year it had invested in an upgrade to its fraud monitoring service, aimed at building greater protection for customer funds.
CEO Paul Ranson told iTnews the bank appointed Indue “as our exclusive full-service payments partner, which has included the adoption of Indue’s Orion financial crimes service.”
“The Orion financial crimes service monitors all card transactions in real-time, allowing for most fraudulent transactions to be detected and blocked before they hit our customer accounts,” Ranson said.
“The service will continue to be expanded to cover all other payment types from May,” he said, adding the financial crimes service is powered IBM’s safer payments platform.
He said since the upgrades, the bank has noted “a significant reduction in the number of fraudulent transactions affecting our customer accounts.”
Implementation of the financial crimes feature is part of a bigger project, kicked off last October, to migrate payment and settlement services over to Indue.
The project is expected to be completed by August 2023 and give customers access to more sophisticated end-to-end payment solutions.
Source: IT News, Apr 14, 2023:
21st March, 2023
Following the successful launch of a New Payments Platform (NPP) for Auswide Bank in 2022, Indue and Auswide have been busy behind the scenes to successfully implement Direct Entry, BPAY, Cards as well as Anti-Money Laundering (AML) and High Value payment capabilities.
Throughout the past year, Indue has enabled digital transformation, state-of-the-art customer experiences, and improved business outcomes for Auswide Bank, enabling them to best help achieve their goals of helping Australians achieve home ownership, create wealth, and access banking and financial services.
Auswide Bank Managing Director and CEO Martin Barrett said that Indue’s similar commitment to prioritising customers has assisted in delivering outstanding services to Auswide Bank communities and customers across the country.
“Indue’s full suite of end-to-end payment solutions are a key component of transforming our business with technology and providing digital payment choices for our customers, improving their experience and delivering stronger business outcomes,” Mr Barrett said.
“Efficiencies that have flowed through our operations as a direct result of Indue’s integrated service stack have exceeded all expectations – it is fantastic to have a partner with modern technology that does the heavy lifting for us”.
Indue CEO Derek Weatherley said “I am very pleased that this transition has closed so quickly and cleanly and my team remains energised to support Auswide Bank in bringing these services to their customers.”
“Since Indue’s appointment as Auswide Bank’s exclusive full-service payments partner earlier, we have expedited the implementation of NPP, Direct Entry, BPAY, Cards, AML and High Value payments” Mr Weatherley said.
“As a founding member of the NPP, our partnership with Auswide Bank enables the organisation and their customers to securely send and receive payments with other financial institutions in near real-time.
“Complementary to this, Direct Entry and BPAY provide cost-effective, convenient ways for customers to transfer funds between bank accounts and pay bills. The Indue and Auswide Bank relationship has been further enhanced by simple and adaptable payment card and mobile payment services, including switching and settlement, which provide maximum flexibility for Auswide Bank and their customers.
“The efficient and seamless implementation of these offerings demonstrates Indue’s industry-leading knowledge and ability to deliver cutting-edge integrated solutions to our customers.
“We are proud of the significant operational efficiencies that Indue’s integrated payment systems provide to Auswide Bank freeing staff up to focus on serving their customers and community. We very much look forward to continuing our successful partnership.”
Qudos Bank is one of Australia’s largest customer-owned banks with branches in Sydney, Melbourne and Brisbane and more than $5 billion in assets, offering a full range of financial products and services, including home loans, personal loans, transaction, and savings accounts, super and investing, and insurance.
Over recent years Qudos Bank has been on a digital transformation journey and provides a host of exceptional digital banking platforms and payments services. Qudos Bank CEO Michael Anastasi said the relationship renewal reaffirmed the strength and value of the long-term partnership with Indue to provide end-to-end payment services.
“We have a long term partnership with Indue and renewing the relationship supports continuing development in our innovation around digital banking offering and providing a state-of-the-art payment services experience for our customers, underpinned by market leading security in payments for our customers” Mr Anastasi said.
“Importantly, Indue’s customer-focussed culture is outstanding across the organisation and directly aligns to our central focus as a customer-owned bank on delivering banking services in the interests of our customers, providing synergies that will help Qudos remain at the forefront of excellent in customer service standards for our customers across Australia.”
Indue CEO Derek Weatherley said the renewal of the partnership will enable Qudos Bank to provide to their customers a comprehensive suite of end-to-end payment services coupled with market leading payment security. Qudos has been remarkably successful through a laser focus on customer advocacy and being easy to do business with – the partnership with Indue ensures that excellence in customer outcomes remains at the forefront of their business operations.
“Indue remains heavily invested in advancements in our product technology capability, reinvesting our profits into research and development via our Innovation Hub and the various working groups it supports and continuing to support the digital transition of our clients,” Mr Weatherley said.
“We couldn’t be more pleased Qudos Bank has chosen to extend our long-term partnership and we are looking forward to working together to build out future innovation pathways for real time, data rich, frictionless payment choices for customers. Qudos has been a great supporter of their community and we look forward to working closely with Qudos this year on supporting and driving community focused outcomes important to their organisation.
With the evolving world of payments and transactions providing a new frontier for digital criminals, financial crime has been a central theme of Money20/20.
The focus has been on opportunities and challenges posed by emerging technology in providing increased security and protection and the on-going convergence of cyber and financial crime.
Blockchain and crypto were resurgent topics and there were lively debates about the security implications of Web3 and questions posed on whether Blockchain makes fighting crime easier or harder – the jury is still out.
With much financial crime involving identity theft, and as we continue to watch what is unfolding back in Australia, online identity verification has been a hot topic. We’ve learned there are many ways companies can better structure their fraud control frameworks to protect themselves and their customers, including by deploying biometrics technology, identifying risks in customer onboarding, and increasing friction in authentication processes for higher risk transactions.
What is clear is the tactics used by digital criminals are vast and dynamic, from account takeovers to synthetic ID fraud, SIM swap, phishing attacks, address spoofing, online money laundering and global data breaches.
As we close out the first leg of our incredible innovation tour with our clients, we are reminded that to combat financial crimes consumer education and intelligence sharing and collaboration are critical.
Fraud detection technology fighting back against financial cybercrime.
A new partnership with leading digital security analytics provider BioCatch will integrate behavioural biometrics into Indue’s end-to-end payment solutions, providing customers with increased protection against financial cybercrime.
Behavioural biometrics technology empowers users of online banking to make secure transactions against the rising threats of cybercrime, which cost Australians more than $300 million in 2021.
Indue Chief Risk Officer Jane Hinton said the new partnership with BioCatch will enable Indue to tap into the value of world-leading fraud protection analytics technologies to enhance the safety, security and trust of customer’s online transactions and digital banking.
“In today’s digital world, detecting and preventing fraud & mitigating the impact of social engineering scams is important as ever, so we are very pleased to be partnering with BioCatch to integrate advanced biometric technology into our payment solutions,” Ms Hinton said.
“We want to minimise the risk and maximise the security of online banking and embedding BioCatch’s best-in-class behavioural biometrics technology into our end-to-end payment solutions will create a seamless and safe digital experience for users.
“Most importantly it will provide additional peace of mind that online transactions through Indue’s payment platforms are secure and safe from the ever-growing threats of online financial crimes.”
The technology works by continuously monitoring digital movements and looking for signs of fraudulent activity, which is pinged immediately once identified. The AI systems observe behaviour such as mouse movements, typing cadence and interactions with the screen to calculate a risk score and distinguish between genuine and criminal activity.
BioCatch specialises in behavioural biometric technology and provides banks with account takeover protection, mule account detection, social engineering scam detection and account opening protection, providing institutions with comprehensive insights to fight back against cybercrime.
Find out how our Financial Crime solutions can help your business.
Payment providers have long had to balance the trade-off between meeting mandated security requirements and providing convenience and the latest technology for consumers.
Over the past five to 10 years, this pressure has become more intense, as the demand for a wider variety of fast and convenient payment options. This, however, sometimes comes at the expense of security with criminals taking advantage of the situation.
Australians lost a record $323 million to scams in 2021. Money lost to scams almost doubled in one year, with more than 286,000 Aussies reporting they were scammed last year.
These figures represent a ‘significant’ increase of 84% compared to 2020, when Aussies lost $175.6 million through the year.
Investment scams did the most damage according to the latest figures from the Australian Competition and Consumer Commission’s (ACCC) Scamwatch.
Investment scams accounted for $177 million, followed by dating and romance scams which saw people losing $52 million.
December saw the most money lost ($43.2 million) and August 2021 saw the highest number of scams reported (40,874).
New South Wales residents were collectively duped of $110 million – the highest, followed by Victoria where residents reported $74 million lost.
Crispin Kerr, Australia-New Zealand vice president at cybersecurity company Proofpoint, said the data paints an unfortunate picture of just how effective scammers were at taking advantage of Australians in the past year.
“The 84% increase in losses to scams in 2021 is significant and is just the tip of the iceberg when it comes to understanding the true impact on Australians,” Mr Kerr said.
“Based on the numbers for December, during the holiday season, people can become desensitised to receiving numerous advertising links for shopping deals and the like and may not think twice about opening a dangerous file or clicking a suspicious link.
“The data shows scammers were extremely active in 2021 and we anticipate this will only increase as scammers continue to evolve and update their tactics.”
While investment and romance scams were the most damaging, there were a number of other scams that saw Aussies losing millions.
Investment scams accounted for more than half of all the money lost to scams last year, and increased in prevalence by 32% compared to 2020.
“Investment scams can seem very attractive, and scammers can come across as legitimate in their promise of financial gain through the purchase of shares, funds, cryptocurrency or other high returns,” Mr Kerr said.
“However, the reality is that these get-rich-quick schemes enable scammers to steal personal and financial information to siphon funds for their own gain.”
Social media sites were the main hub for money loss via romance and dating scams, with 40% of scams reported resulting in money lost.
“Scammers also utilised social engineering particularly during lockdowns when people were at their most vulnerable to steal millions from Australians in dating and romance scams,” Mr Kerr said.
Phishing scams – where scammers aim to gain personal information – had the highest number of reports in 2021, making up one quarter of all scams reported. This is an increase of 61% on the year prior.
Scams relating to threats to life or arrest disproportionately affected younger Australians aged 18 to 24 years old, and accounted for the highest losses at $3.3 million.
Employment and job scams also more than doubled in 2021 to $2.6 million, and identity theft scams increased threefold to $10 million.
Older Australians suffered the greatest loss according to the ACCC’s figures, with people over 65 years old losing a total of $81.9 million throughout the year.
This demographic also reported the highest number of scams (46,282), followed by Australians aged 35 to 4 years old with 43,526 scams reported.
Men lost more to scams than women, with men reporting $190 million lost compared to $131 million reported by women.
No age group was exempt from losing money to scams, but the amount lost to scams did increase with age in 2021.
When it comes to card fraud, however, card not present (CNP) transactions continue to dominate, making up 87% of total transactions. In 2019, AusPayNet launched the CNP Fraud Mitigation Framework to address and control this type of fraud.
Usually CNP fraud involves breaches by third parties, through hacking of IT systems of a retailer or other company. Stolen card details can then be stored by criminals and used well after the breach. Card on file transactions – where a customer keeps their card on file with a merchant they use regularly – are also becoming a preferred target of cybercriminals.
Global fraud losses for card issuers, merchants and acquirers of card transactions from merchants and ATMs are large, totalling almost US$28 billion in 2018 – a huge increase from the US$7.6 billion lost back in 2010.
Having said this though, in the past couple of years, the number of cases of payment fraud globally has been declining. This success has come through coordinated action within the payments industry, through measures including:
Globally, the COVID-19 pandemic has seen a spike in scams seeking to exploit fears about the virus, which include targeting government payments and superannuation withdrawals. In Australia, just before the pandemic broke out in early 2020, there was also a spike in scam activity related to bushfire donations.
In response, governments and financial institutions are taking responsibility to educate themselves, consumers and businesses about the types of scams out there to help others avoid being exploited. They’re also doing more to identify and track account takeovers, shutting down “fake named” and “mule” accounts that scammers use to receive payments.
Predictions on fraud and scams are almost impossible to make, as criminals are always changing their methods and targets, partly to circumvent government efforts to address fraudulent activity. However, by having an action plan of “education, awareness and tracking”, governments, banks, consumers and businesses can take control to prevent themselves from being another scam statistic.
As the world of payments continues to make strides forward, Australian consumers are likely to be at the forefront of the next evolution. At Indue, we help businesses adapt and meet the changing expectations of consumers, by delivering innovative, compliant and secure payment systems.
To learn more about the trends shaping the payments landscape and what it means for your business, contact us today
With total spending on cards rising 5.4% to $847.3 billion during the same period, the fraud rate in FY21 was 57.8 cents per $1,000 spent, up from 55.8 cents per $1,000 in FY20, but well below the rate of 73.8 cents in FY18.
Card-not-present (CNP) fraud – mainly affecting online transactions – rose 12.3% to $442.0 million in FY21 as e-commerce surged during successive periods of COVID-19 lockdowns in various parts of the country. In FY21, CNP fraud accounted for 90% of all fraud on Australian cards.
Lost-and-stolen card fraud dropped 9.2% to $28.0 million, and counterfeit/skimming fraud fell 37.3% to $8.9 million, an acceleration of a long-term downward trend for this type of fraud.
AusPayNet CEO Andy White said rising e-commerce volumes underscored the need for industry coordination to target the activities of fraudsters.
“Online transactions continue to grow strongly and inevitably this attracts the attention of organised fraud groups,” Mr White said.
“Industry-wide efforts to mitigate CNP fraud will remain critical, but we all need to remain vigilant when transacting online,” he said.
CNP fraud involves valid card details being stolen and used to make purchases or other payments without the card being present at the point of sale, usually online. Consumers are not liable for fraud losses on payment cards and will be refunded, as long as they take due care with their confidential data.
The end of FY21 coincided with the conclusion of the second full year of operation of the industry’s CNP Fraud Mitigation Framework. Under the Framework, merchants who consistently exceed agreed fraud threshold targets are required to introduce strong customer authentication. The Framework also encourages secure technologies such as real-time monitoring, machine learning and tokenisation.
“We expect to see the full benefit of the CNP framework as we emerge from the pandemic,” Mr White said.
Release of the latest payments fraud data comes soon after the inaugural meetings of AusPayNet’s Economic Crime Forum (ECF). As the successor to the Fraud in Banking Forum, the ECF brings together industry stakeholders to coordinate joint responses to economic crime including scams, fraud, financial crime, and banking-related cyber incidents.
“Alongside our focus on CNP fraud, last month we launched our scams strategy. Over the coming year we look forward to working with industry to reduce the impact of scams on vulnerable businesses and individuals,” Mr White added.
Consumers and merchants are reminded how they can be vigilant online in the lead up to the Christmas holiday season.
Steps consumers can take include:
Guidance for merchants:
The growing sophistication of financial crime remains an ever-present threat, particularly as we move to a predominantly cashless society, and engage with more ways to pay. Left exposed or unprotected, fraudsters can swiftly take their toll on financial institutions’ bottom line and reputations.
To stay on top of innovative financial crime perpetrators, financial institutions must have the best people, processes and technology in place to efficiently detect and monitor fraudulent behaviour. This valuable mix can sometimes take years to develop without the support of specialist providers.
Financial institutions are often faced with having to run multiple, costly technology solutions that tackle independent payment channels. This can lead to siloed people and processes supporting these multiple solutions. Managing multiple solutions also runs the risk of delaying the detection of fraud and potentially missing a fraud event entirely, exposing vulnerabilities for fraudsters to exploit.
These were just some of the challenges Indue’s client — a well-known Australian bank — faced while attempting to protect its 400,000-plus customer base prior to engaging Indue’s financial crimes experts.
Results we achieved for a leading Australian bank
50% cut in fraud losses in the first month
60% reduction in false-positive fraud results
400,000-plus customers better protected
As a leading Australian bank, reliable fraud monitoring was essential to keep up with the fast, real-time transaction speeds of today’s payments networks. The bank was fighting fraudsters without the ability to decline in-flight transactions in real time, the outcome was fraudsters had the opportunity to achieve far greater attacks utilizing velocity and speed to their advantage.
The bank’s incumbent technology was also returning significant false-positive fraud results, thereby clouding analyst assessments and creating cost inefficiencies for operations. This enabled real fraud to hide behind genuine behaviour, which was often missed during assessments.
Critically, fraud was being monitored only during office hours by the client’s operations team. This often resulted in a backlog of events for next day review, while providing an opportunity for perpetrators to schedule attacks during out of hours and unmonitored periods.
Shared vision: Indue’s financial crimes experts were able to see the bigger picture and work in partnership with the bank on their longer-term business planning goals and objectives, to provide a solution that could grow and adapt over time.
Partnership: The client was seeking a supplier who would take a true partnership approach. A partner who could work with them to co-create an integrated solution that could simplify the management of multiple payment channels and return better results than its existing provider.
Collaboration: A key success factor was the focus on collaboration between the client and Indue. The teams worked closely to ensure each other’s strengths were being leveraged, that the client was listened to and understood, that there was clarity on the problems that needed solving, and that there was alignment on identifying technical challenges and key performance outcomes.
Understanding: Built on years of experience, the Indue team understands that the closer you can work with a client’s team, the better the outcome. It was through establishing a close working relationship Indue was able to provide direction & guidance to help them decide how they wanted and needed to interact with the service. As the client was reshaping their own fraud management approach, Indue was able to provide guidance and counsel.
Feature Rich Service: The bank required a 24×7 alert triage service thereby providing round the clock monitoring and protection for their 400k+ customer base. Powered by award-winning IBM Safer Payments, the Indue solution was able to reduce the risks associated with the client’s multiple payment channels. Further, Indue’s investigation Case Management tool made an outsourced service much easier to manage back in the clients own shop. Finally, the Indue aggregation model was able to deliver insights from across a broad range of industry financial crime learnings, providing the client with greater visibility of the financial crime landscape.
“Financial crime is a unique, fast-paced and often highly complicated problem to solve. It requires people, process and technology working together harmoniously to achieve results.”
Dean Wyatt, Head of Financial Crimes, Indue
Following the implementation of Orion Financial Crimes Solution, the bank saw immediate results with card fraud losses cut by 50% in the first month alone. More fraud was detected through less alerts and false-positives reduced by 60%.
Better outcomes overall were achieved in prevention and detection by addressing both fraud and scams, and significantly reducing chargebacks to customers.
The bank is now looking to add further payment channels to Indue’s solution, taking full advantage of the single-view capability of Orion Financial Crimes and IBM Safer Payments.
Critically, the bank can now focus its attention on higher value programs to drive its customer-first value proposition while working with Indue to protect its customers.
Orion Financial Crime’s ability to inherently integrate people, processes and technology provides a cutting-edge solution with real-time capability, integrating artificial intelligence and machine learning to deliver a 24/7 fraud monitoring solution.
Launched in 2003, Orion Financial Crimes went live with IBM Safer Payments in 2018, providing real-time fraud & scam detection and management, anti-money laundering and counter-terrorism financing monitoring, sanctions checking across Australia and New Zealand.
To find out how you can tap in to Indue’s team of experts & specialists in fraud management contact us today.
The global pandemic and subsequent economic downturn has presented a new set of challenges for financial institutions as they work to keep pace with financial crimes across the sector. With advancements in technology, changes in human behaviour and an increase in vulnerability as a result of COVID-19, it has never been more important for organisations to remain ahead of the financial crime curve and put up a solid defence in a post-pandemic world.
As the nation continues to navigate the ‘new normal’, we took a look at the top three financial crime trends of 2020 with Indue’s Financial Crimes team as a friendly reminder to stay vigilant and safeguard against professional perpetrators.
There’s no doubt the way we choose to pay has materially changed since the onset of COVID-19. With lockdown restrictions across the country, we’ve seen traditional brick and mortar stores exchanged for convenient and contactless ecommerce channels.
As a result, ATM withdrawals and cash-out transactions have dropped considerably, with the RBA reporting a 52% and 30% decrease respectively for the quarter ending June 2020.
Meanwhile, a recent report by Australia Post revealed ecommerce has grown by a mammoth 80% year on year in the eight weeks since COVID-19 was declared by the World Health Organisation, with an average of 2.5 million households buying something online each week in April 2020, compared to 1.6 million in 2019.
This significant shift to online transactions has seen a corresponding increase in online fraud. Indue’s Head of Financial Crimes, Dean Wyatt, said the company’s internal fraud metrics in relation to ecommerce had reported a 28% rise to 98% since the global pandemic hit.
“With an increase in online traffic comes an increase in fraud associated with ecommerce merchants, putting customers’ personal details at risk,” he said.
“On the other hand, we’ve seen instances of petty theft and stolen cards decline as a result of restrictions such as curfews and people generally travelling less, including people shifting to working from home arrangements.
“The good news is we’ve been able to hone in on this change using our multi-channel Orion Financial Crimes service, and align our analytics to identify and track suspicious behaviour in real time, to ensure our customers remain protected.
“Customers need to be aware that if they’re using new types of payments, they need to be following the same rigor as you would when paying instore.”
Social engineering by definition seeks to exploit human psychology to access and obtain personal information, and it’s this type of scam that continues to outsmart targets.
From phishing attacks (fraudulent emails or texts that appear to come from a reputable source) to baiting (a false promise to pique a victim’s greed or curiosity), the goal of the ‘social engineer’ is to trick individuals into giving up sensitive information or visiting malicious URLs to compromise their systems.
“We have seen a strong shift to perpetrators compromising people directly and involving them in the scam, rather than solely relying on targeting accounts or cards,” Dean said.
“Compromising identity details across driver licences, passports, and email or social media accounts is hot property at the moment because financial services are inherently integrated with those types of documents, information and platforms.
“People are fooled by sophisticated attacks that purport to ‘know you’, calling with pieces of information already collected, with the intention of gathering further details from the victim. When scammers are able to access detailed personal information, they can easily create new accounts or lines of credit under individuals’ names.
“At Indue, we have seen a considerable rise in social engineering over the last four years, to the point where it is now a larger problem than fraud. In 2016, financial crimes represented 80% fraud compared to only 20% social engineering scams, but as of 2020, we’re now seeing 45% fraud compared to 55% scams.”
According to the Australian Payments Network, the most common contact method for scam activity in Australia is by email, but scams via phone result in the most financial loss.
A key focus for institutions and regulators has been the growing trend of traditional financial crimes, like money laundering and terrorism financing, with both AUSTRAC and the Financial Action Task Force (FATF) reviewing controls and payment systems to identify potential weaknesses that could be exploited by criminals across the sector.
Money laundering seeks to disguise the proceeds of crime as legal income, while terrorism financing, as the name suggests, funds terrorist activities, both of which have the potential to trigger global repercussions.
Tough financial penalties have been handed down in recent times — the Commonwealth Bank of Australia and Westpac have both been hit with fines totalling $2 billion relating to serious breaches of anti-money laundering and counter-terrorism financing laws.
“With the shift of payments to a digitized world, more criminals are taking advantage of the opportunity to leverage these methods and innovative ways of sending financial transactions to each other,” Dean said.
“The rise of financial crime and the importance of protecting payment ecosystems has never been more important. With AUSTRAC’s presence increasingly felt in Australia over the last few years, I see it remaining a consistent focus beyond 2020.
“Genuine customer behaviour is certainly playing into it as well — with a strong shift to online payments, criminals are increasingly moving from hard cash to online transfer methods and attempting to hide between the genuine customer activity.
“As part of our Orion Financial Crimes solution, our anti-money laundering and counter terrorist financing service monitors customer account behaviour and transactions for unusual patterns, to detect activity that may be reportable under the Australian Anti-Money Laundering and Counter Terrorist Financing Act.”
Learn more about Indue’s Orion Financial Crimes service, a multi-channel detection system that harnesses transactional data, customer behaviour and biometrics to expose anomalies and identify fraudulent activity. Delivered by an expert team, the service is forward-thinking with a machine learning/artificial intelligence component and places customers ahead of the curve, providing a safety net when it comes to material risks and losses.
2020 Fraud Statistics released December 2, 2020 by the industry self-regulatory body Australian Payments Network (AusPayNet) show fraud on payment card transactions declined 15.4% in the 12 months to 30 June 2020 (FY20).
The following article has been sourced from AusPayNet’s website.
The fraud figures for the 12 months to 30 June 2020 (FY20) show fraud on payment card transactions dropped by 15.4% to $447.2 million continuing the trend recorded in the 2019 calendar year.
Within this total:
The decline, which came as spend on cards totalled $803.4 billion (up 0.5%), translates to a rate of 56 cents per $1,0000 – down from 66 cents per $1,000 in FY19.
The FY20 data includes the first full year in operation of the industry CNP Fraud Mitigation Framework, which came into effect on 1 July 2019.
For more information on the data and payment fraud trends, including a “Spotlight on Scams”, read Auspaynet’s 2020 Payment Fraud Report here.
Article & Image Source: Australian Payments Network (Auspaynet)
Emerging Payments Association’s InFocus takes a look at Cyber Security, a theme that is more important than ever, following the wide-scale shift to remote working, and the increase in usage of e-commerce and digital identity.
In this first interview for InFocus, Lance Blockley is talking to Mani Amini CEO at Secure Forte and Dave Hemingway CCO at Indue.
The ISO certification features requirements on how to implement, monitor, maintain and continually improve an Information Security Management System (ISMS) in accordance with the standard, including preserving the confidentiality, integrity and availability of information to ensure risks are adequately managed.
Indue Chief Executive Officer Derek Weatherley said the accreditation reinforces the organisation’s proven security processes and credentials against the global standard.
“This is a significant achievement for Indue, which specialises in helping customers gain competitive advantage through innovative payment solutions,” Mr Weatherley said.
“The certification strengthens our approach to information security, and demonstrates to our customers and partners that we maintain the highest levels of data security.
“We are trusted by our customers to store and process their most valuable data, so this certification provides assurance that we have all the necessary controls in place to ensure this important information is protected.
“Particularly in the context of COVID-19 where we’ve seen an increase in the risk of data security breaches alongside a surge in online transactions, we’ve continued to demonstrate our commitment to secure payment products, supported by rigorous compliance, program oversight and our transaction monitoring and protection system, Orion Financial Crimes.”
Data security has never been more important, with COVID-19 restrictions forcing many businesses to move to remote data almost overnight, significantly increasing the risk of data breaches.
By implementing and following the necessary steps to comply with the ISO 27001:2013 standard, organisations can identify, control and eliminate security risks, ultimately certifying the security practices adopted within the organisation.
ISO is an independent, non-governmental, international organisation that develops standards to ensure the quality, safety and efficiency of products, services and systems.
IBM Safer Payments, the next generation platform powering Indue’s Orion Financial Crimes fraud monitoring solution, has been recognised at the Asia Risk Technology Awards 2020 as Fraud Detection and Prevention Product of the Year.
The Awards, recently held in Singapore, are the longest-running and most prestigious in the region, recognising vendors that deliver innovative and forward-thinking technologies to meet the financial services industry’s complex challenges.
IBM Safer Payments won the award specifically for bringing agility to combatting fraud and for its differentiated capabilities — a solution that is particularly well positioned to serve Australian clients as disruptions associated with faster payments and the emergence of challenger banks gathers momentum.
Indue’s Chief Commercial Officer, Dave Hemingway, said this important industry acknowledgement for partner IBM demonstrates Indue’s commitment to bringing next generation risk and compliance solutions to serve Australian customers, and to meeting their specific industry and business needs.
“We began leveraging IBM Safer Payments in 2018 as part of our Orion Financial Crimes service, to reduce the risks associated with the introduction of the New Payments Platform — with real-time payments comes a greater risk of fraud and cyber crime,” Mr Hemingway said.
“Indue is now using IBM Safer Payments to its full capacity and we’re seeing incredible benefits as a result.
“The pace of change within the industry, particularly due to COVID-19 where we’ve seen a significant move to online transactions, has meant we’ve been able to harness the capability of IBM Safer Payments, and adjust and adapt to meet these changes in behaviour, fast.
“It’s reassuring to know that what we’re doing and the tools we’re using in the financial crimes space is backed by world-leading, award-winning technology and we’re proud to be leading the way.”
Indue’s Orion Financial Crimes solution integrates artificial intelligence and machine learning algorithms to deliver a 24/7, Australian-based fraud monitoring solution, powered by IBM Safer Payments.
With the integration of IBM Safer Payments, the Orion Financial Crimes team has experienced a 20% reduction in false-positive rates, and have been able to make rule changes up to 90% faster when compared to traditional platforms, while managing all payments channels in the one system.
Indue consistently outperforms the industry average in financial crimes prevention, offering credible, major bank grade anti-fraud capabilities for small to mid-tier banks.
Find out more about Indue’s Orion Financial Crimes Service.
The digitisation of payments, changes in ecommerce and acceleration of mobile wallet adoption are global payments trends in 2020 challenging the industry to keep pace. These trends are not only forcing businesses to change the way they operate, but are also putting data security at the forefront of business strategy.
With the future of payments quickly coming into focus — thanks in no small part to the impact of COVID-19 — Indue CEO Derek Weatherley shares his insights on the top five payment trends influencing 2020.
Even prior to the COVID-19 pandemic, ecommerce was expected to continue to grow rapidly in 2020. But restrictions and public space shutdowns have significantly changed consumer behaviour, with a 29 per cent increase in ecommerce spending locally month-on-month since lockdowns began in March1. On the other hand, physical transactions have decreased and people are using less cash — a longer-term trend accelerated by the global pandemic as some businesses discourage the use of cash.
Helping drive this trend is a population seeking more flexible and convenient ways to pay. Combine this with confidence in stronger digital security and a willingness within the retail sector to embrace technological change, Australia is starting to see mobile payments take off. In 2019, The Reserve Bank of Australia reported 83 per cent of point-of-sale card transactions were contactless payments, signifying a rise of almost 20 per cent in three years2. COVID-19 is only adding to this rise with the payments industry temporarily increasing the contactless card PIN limit from $100 to $200 to minimise physical contact with the payment terminal and help reduce the risk of COVID-19 transmission.
One trend to keep a close eye on is the digital wallet. Roy Morgan’s latest Digital Payments Report revealed that digital wallets such as Apple Pay, Google Pay and Samsung Pay are being used by roughly one in 10 Australians (9.8 per cent) — up from 6.8 per cent a year ago3. This upward trend will continue, but the mobile wallet race hasn’t fully played out just yet as the industry looks to cater for all the different use cases.
One thing is clear — the payment industry will continue to evolve to meet the needs of merchants as consumers demand improvements to the overall ecommerce and contactless experience.
It’s a busy time for payment systems operators, with heightened conversation taking place across payment schemes in the industry. We’ve also seen in recent times a significant transformation of the base-level clearing and settlement capabilities, causing disruption for many in this space and providing future innovative payment solutions.
The high level and pace of change is causing congestion and headaches for financial institutions and payment providers. As older forms of payment are migrated, schemes are coming into competition with each other, creating congestion and ultimately higher costs for consumers.
This will likely settle in the next three to five years as the industry settles on its future scale approaches to utility payment processing, but the medium-term landscape remains challenging and costly.
Understanding what’s next in payment industry platforms comes down to understanding the value proposition in the eyes of consumers and merchants and their respective appetite to pay. We expect to see competition between providers of closed and open payment platforms increase, as they contest for a larger slice of their customer dollars and loyalty4.
Data security in the world of payments has never been more crucial and with innovation comes security issues as payment products and services evolve. The speed of transactions have increased through advancements like New Payments Platform (NPP) real-time payments, and we are exposed to significantly larger and more valuable data footprints online, which all contribute to a heightened risk of fraud. By investing in sophisticated machine learning payment technology, Indue now has the capacity to draw from a much larger pool of data and undertake significantly more sophisticated real time analysis to detect trends that benefit — and protect — each individual client.
Indue’s Orion Financial Crimes solution integrates human and artificial intelligence (AI) with machine learning algorithms to deliver a 24/7 fraud monitoring solution. This solution provides a broad gambit of services, including real-time fraud and anti-money laundering monitoring across all payment channels. This is a significant shift in how financial institutions trade on trust, and therefore need to put reputation and security at the forefront of their business priorities. Without robust data security measures, businesses run the risk of damaging their brand and making consumers feel uncertain about the safety and security of their accounts.
We have transformed our financial crimes services and continue to invest in leading-edge payment technology to better monitor trends and ultimately protect our customers from fraud. Assurance of identity in a virtual world is another key area of focus in an increasingly digitised world and an area where we are assisting our customers to adapt to with ongoing innovation in this area.
Product commoditisation will not only challenge business models, but shift the economic climate, especially in the banking and fintech sector. Digitisation and ease of payments have changed the way customers think, decreasing the value of traditional competitive differentiators in the process — payments are now instantaneous, simple and 24/7.
As consumers become more and more accustomed to these seamless transactions, it presents a challenge to providers who need to balance the cost of creating a frictionless experience and meeting consumer expectations. Expect to see structural shifts among the players operating in this environment as they look to drive revenue through new or enhanced customer experiences, and make use of data analytics to anticipate customers’ changing needs and expectations4.
COVID-19 has made embracing and adapting to the work-from-home environment a must for businesses. The shift has provided opportunities for businesses to expand their workforce and recruit talent from anywhere, as most payment organisations aren’t restricted by location.
Even before COVID-19, Indue embraced work from home and flexible working hours, revising the way we manage talent to reap the positive benefits of a geographically dispersed workforce and provide an increased work/life balance across the organisation.
The final word — what do these 2020 payments trends mean for our customers?
Our customers rightly focus their investment dollars on driving the top line, and leave the distraction of digitisation and changing payment rails to us to handle on their behalf. However, with continued evolution of the online world, it’s important that our customers sensibly invest in the modernisation of their platforms, particularly those platforms that make their customers lives easy. They don’t need to be on the leading edge, but do need to keep pace.
The Australian Payments Network’s 2020 Payment Fraud Report shows that in 2019, card fraud fell by 19.5% to $464 million – the biggest decline ever – as total card spending rose 3.9% to a record $819 billion.[/vc_column_text][vc_column_text]This translates to a fraud rate of 56.6¢ per $1,000 spent, a significant drop from 73.1¢ per $1,000 in 2018.
The drop in card-not-present (CNP) fraud, mainly affecting online transactions, is the first ever and coincides in part with the introduction in July 2019 of the industry CNP Fraud Mitigation Framework.
The industry is committed to tackling CNP fraud, which accounts for 87% of all card fraud, and remains vigilant as e-commerce volumes increase during the COVID-19 pandemic.
For more information on the data and payment fraud trends, including a “Spotlight on Scams”, read Auspaynet’s 2020 Payment Fraud Report here.
Article & Image Source: Australian Payments Network (Auspaynet)
Tokenisation is a method of protecting sensitive data by replacing it with an algorithmically-generated number referred to as a ‘token’. In the payments world, tokenisation is commonly used to replace debit and credit card numbers in an attempt to prevent card fraud.
Under this form of tokenisation, a cardholder’s Primary Account Number (PAN) is replaced by a random number that is not linked to the card number prior to processing a transaction through the payments network. This process assists in mitigating the risk of exposing sensitive card data to unauthorised individuals or software that could potentially exploit the data by fraudulently duplicating the card details. It also prevents merchants from storing the PAN in databases, which are targets for hackers. Tokens cannot be decrypted or reverse-engineered. The only relationship between the original card number and its associated token number resides within the Token Service Provider.
A Token Service Provider (TSP) is a service provider that issues tokens, manages the lifecycle of tokens and stores the payment credentials associated with the tokens. TSPs can be an independent third party from the payment network or can be the actual card scheme (i.e. Visa, MasterCard, eftpos). TSPs must conform to strict security and privacy specifications defined by the global payment schemes and fall within the PCI-DSS compliance requirements.
Tokenisation takes many forms within the payments industry. One of the most prevalent uses of tokenisation is within the Mobile Payments space. When a cardholder provisions their payment card within an Apple or Google mobile wallet, the request is sent to the appropriate TSP to tokenise the card number. The token is then sent back to the mobile wallet for activation. The cardholder’s actual card number is never stored on the mobile device and as such cannot be extracted for misuse. All subsequent mobile transactions will use the token number as the payment credentials.
Tokenisation for in-app purchases is also on the rise due to its convenience. Some in-app purchases leverage the mobile payment functionality whereby the token stored on the mobile wallet is used to make a purchase within the phone application. An example of this would include purchasing tickets on the Ticketek app and instead of inputting credit card details, the user is able to select the Apple Pay option, which references the credentials stored within the mobile wallet. Not only does this option provide an easy streamlined purchase journey, it also removes any sensitive data from the transaction.
Tokenisation for card-on-file online purchases is also becoming more common given the recent occurrences of global data breaches. Wawa, a popular convenience store chain in the United States, confirmed in late 2019 the discovery of malware on their payment processing servers. The malware captured credit and debit card numbers, cardholder names and expiration dates. Card-on-file tokenisation protects a cardholder’s card credentials stored at online merchants with whom the cardholder frequently make purchases. Netflix holds the card credentials of all its customers for the purpose of charging the monthly subscription fees. The streaming service provider has recently undertaken a significant exercise of tokenising as much of its database as possible as a means to mitigate the risk of data breaches. As more online merchants migrate to tokenisation, the prevalence of card data breaches will hopefully decrease as well. Given that a new unique token is generated for each retailer, a security breach at one retailer will not compromise the security of the token data at another retailer.
Payment Account Reference – Providing a holistic view
Although the use of tokenisation enhances the security of digital payments, it also presents a challenge. If a cardholder’s card credentials are tokenised for use within Google Pay on an android phone, Apple Pay for an iPad and Netflix for monthly subscription payments, it becomes a one to many relationship. One single PAN is now linked to several tokens across different systems and platforms.
As only the TSP has the original data linking the PAN to the multiple tokens, the lack of visibility makes it difficult for other parties such as merchants to have a consolidated view of all transactions performed by the cardholder and subsequently provide value-add and compliance services. An example of this is the provision of fraud and anti-money laundering monitoring services. To provide the most effective service, there is a need to identify transactions on an aggregate card level to better assess customer behaviour and payment trends.
As a means to provide a consolidated view, some card schemes have introduced the use of a Payment Account Reference (PAR). According to a recent white paper published by EMVCo, a global entity facilitating worldwide interoperability of secure payment transactions, a PAR is a ‘non-financial reference assigned to each unique PAN and used to link a Payment Account represented by that PAN to affiliated Payment Tokens’. PAR is passed in the transaction message to the merchant so that they can reference this field when performing customer level analysis.
EMVCo affirms that this is a long term solution that will solve the issue by linking together disparate card-based and token-based transactions without compromising on security. Although this is the recommendation of EMVCo, it is the responsibility of the card payment schemes to adopt this concept and implement it into their respective payment ecosystems. eftpos is introducing support for PAR in the near future.
Leading payment provider Indue, and its Orion Financial Crimes service has this week delivered a major milestone in its market leading approach to financial crime mitigation for the financial services sector.
Indue is extremely pleased to announce that it has extended its current AI solution for NPP payments to include cards payments, in real time. This achieves a major milestone on the journey to the ultimate goal which is all payment types in real time for financial crime, providing a holistic portfolio view.
The milestone achievement is part of Indue’s long-term strategy to increase its capability to support customers in an environment where criminals are adopting rapidly evolving tactics which outpace traditional solutions that are limited in breadth and slow to respond.
Indue CEO Derek Weatherley said the company was now using the power of machine learning across multiple channels, combined with a broad view of data, to inform preventative action to protect its customers — mainly mutual banks, regional banks, credit unions, building societies, mortgage originators and fintechs — from increasingly sophisticated cyber criminals.
“Access to broad data pools and the single customer view approach to managing all financial crimes, including money laundering is imperative to driving both efficiency on the one hand and effectiveness on the other. At the same time the AI capability guarantees minimal impact on customer convenience.”
“The dominant trend in today’s market is to buy specialised services from expert providers with scale, rather than to attempt to build and maintain in-house solutions. The ‘buy, not build’ trend is driven by greater capacity to benefit from shared common investment, access greater skills and in the case of financial crime services, benefit from broader data insights.”
“Our model lends itself very naturally to this trend and we are experiencing a high level of demand in the market. The model we have successfully delivered is leading the way in the financial crimes services market globally and there is a high level of desire internationally to run financial crime bureaus that leverage the benefits of the model we have been able to create.”
“Indue, as a third party processor, has developed a highly integrated solution that not only integrates directly into its payment gateways for both cards and NPP transactions, but also integrates directly into advanced analytics tools and investigation and case management services making the operational servicing highly efficient”.
Indue’s unique solution completes a major milestone in its vision for its next generation Orion Financial Crimes Solution – as a real time, multi-channel fraud and AML solution for its clients.
“This important milestone furthers Indue’s mission to deliver competitive advantage and security to our customers” Mr Weatherley said.
“A diverse segment of the financial services sector in Australia rely on Indue’s Orion Financial Crimes service to protect them and their customers from criminal behaviour, and they entrust us to get it right 24 hours a day 7 days a week, 365 days a year and with today’s milestone we have positioned ourselves in a market leading position to deliver on that expectation into the future.”
Long gone are the days when a cardholder could only make a purchase at point of sale with their physical card. The ongoing advances in payment capability previously paved the way for consumers to make online Card-Not-Present (CNP) transactions, but has now gone even further by enabling these CNP transactions to be initiated from a mobile wallet with fingerprint authentication.
Nevertheless, the fundamental transaction that underpins these digital advances is the CNP transaction, which is gaining momentum as one of the most popular ways Australians like to transact. The CNP transaction growth rate has increased from 14% in 2017 to 27% in 2018*, which may be partially accounted for with the increase of mobile in-app payment opportunities (where a consumer uses a retail app and selects a card stored in their mobile wallet to make the purchase). More avenues for CNP transactions means more opportunities for card compromise and fraud spending.[/vc_column_text][vc_column_text el_class=”ind-textBox”]
Earlier in the year, Indue advised its clients of the significant industry-wide initiative to combat the increasing CNP transaction fraud. Championed and led by the Australian Payments Network (AusPayNet), the CNP Fraud Mitigation Framework aims to target the most prevalent form of fraud in the card payments space.
According to AusPayNet’s ‘Australian Payment Card Fraud 2019’ report, although the rate of CNP fraud growth has decreased since previous years, CNP fraud still accounts for 85% of all card fraud on Australian cards.
The collective industry acknowledged the need to address this fraud concern by establishing this industry-wide framework.
The CNP Mitigation Framework took effect in 1 July 2019 after a long collaboration and consultation process to define the minimum standards that both card Issuers and Merchants need to meet as a means to reduce the rates of CNP fraud. These standards provided industry-agreed fraud thresholds that Issuers and Merchants were to report against. Failing to meet these thresholds would require them to implement additional security measures or be subjected to penalties. “Breaches of these thresholds will trigger obligations for Merchants and Issuers to take action. Repeated breaches over a period of time could ultimately result in financial penalties for Issuers or Merchants’ Acquirers,” AusPayNet said in an industry release.
In July 2019, Indue consolidated the required statistical data on behalf of our financial crimes clients and submitted the relevant reporting to AusPayNet. Indue has since continued to submit monthly reporting to AusPayNet according to the CNP Fraud Mitigation Framework requirements. As this new reporting becomes embedded in the operation and maintenance of the card payments ecosystem, AusPayNet and indeed the entire industry will get a glimpse into whether this new framework is making inroads into the chief objective of curtailing the growth of CNP fraud. Coupled with the 3DS 2.0 mandate issued by both Visa and MasterCard, this reporting and accountability should have an impact on fraud numbers. It will be an interesting space to watch over the next two to four years.
*Source: Reserve Bank of Australia
AusPayNet’s Australian Payment Card Fraud 2019 report
Indue’s March 2019 CNP Fraud Mitigation Framework article
The Australian payment industry has seen a seismic shift in the past few years from traditional retail store purchases to online shopping. This migration coupled with the strong fraud protection provided by EMV chip technology for in-person transactions has unfortunately prompted an adverse mirrored trend – an increase of fraud in card not present channels. Card not present (CNP) fraud now accounts for almost 85% of all card payment fraud in Australia and further to this, CNP fraud seems to be growing 13% year on year at an industry level.
To combat this increased threat, AusPayNet in conjunction with key industry stakeholders have initiated an industry-wide collaboration program entitled the ‘Card Not Present Fraud Mitigation Framework’. This Framework sets out the industry approach to mitigate CNP payments fraud for all members across the payment value chain – merchants, consumers, Issuers, Acquirers, card schemes, payment gateways, payment system providers, and regulators. It is a framework designed to reduce fraud in CNP online channels, while also ensuring that online transactions continue to grow and thrive. The key tenets of this framework have been established by the industry:
1. Consistently apply Strong Customer Authentication (defined below)
2. Leverage global standards and best practice from other jurisdictions where possible
3. Be technology neutral to provide choice and ease of implementation
4. Use dynamic data wherever possible to reduce fraud
5. Act now, plan for the future – deal with the current fraud issues with the ability to review and update the Framework over time.
This framework requires participants across the payment value chain to take a more active role in reducing Card Not Present (CNP) fraud. For Card Issuers in particular, the two main obligations within this new framework are as follows:
• Ensure fraud rate remains below Issuer Fraud Threshold
• Perform Strong Customer Authentication or Risk Based Authentication when requested by the Merchant
This framework has set an industry fraud benchmark for an acceptable level of Issuer and merchant risk. Quarterly reporting to AusPayNet of fraud rates will be mandated as part of this framework. Issuers and merchants with fraud rates under the established threshold will not be required to perform any additional fraud mitigation activities. Issuers and merchants operating over the industry fraud rate will be required to perform Strong Customer Authentication. Should Issuers and merchants continue to breach industry thresholds over consecutive quarters, fines and sanctions can be imposed.
SCA is an authentication method requiring the cardholder’s identity to be verified with at least two independent factors from the following categories:
1. Something only the cardholder knows (knowledge factor) – a password, an answer to a secret question or a PIN
2. Something only the cardholder possesses (possession factor) – a credit card, a hardware token or a smartphone
3. Something the cardholder is (inherence factor) – a biometric feature such as a fingerprint scan, an iris scan, or facial recognition; or a behavioural feature such as type or swipe dynamics.
Although cardholder authentication will actively reduce the occurrence of fraudulent activity, the industry must also consider the user experience when implementing an authentication solution. The framework should provide the consumer with confidence that online transactions are secure without adding a disproportionate degree of friction to the transaction journey.
The industry timeline for the implementation of the framework is outlined below:
Indue has been involved with developing the industry-wide framework via representation and collaboration at forums and consultation submissions. Indue has commenced an internal program of work to build the capability to support the required AusPayNet reporting. We will work closely with all of our card issuers in the next few months to ensure understanding of the initiative requirements and next steps to comply with the new framework.
The banking industry has commenced the execution phase of this framework, which aims to tackle the most prevalent type of card fraud Read our follow up article here.
Artificial Intelligence (AI) and Machine Learning technologies are set to revolutionise an industry based on numbers but also an industry still traditionally dependent on human expertise, analysis and creative intelligence to progress and prosper. Some proponents of these processes believe that it will be a symbiotic relationship between man and machine. Others believe that their introduction will mean the demise of the human worker. So what are these concepts and how will they impact the financial services?
AI vs Machine Learning
Artificial Intelligence is a board term, but was succinctly defined by Andrew Moore, Dean of the School of Computer Science at Carnegie Mellon University as “the science and engineering of making computers behave in ways that, until recently, we thought required human intelligence”. A modern day example of AI would be Apple’s beloved digital personal assistant Siri, who can assist in finding information, creating events and providing directions purely based on voice recognition. Another example would be self-parking cars, whereby the vehicle will park itself using spatial and proximity information without any human intervention.
Machine learning is a branch of AI that relies on analysing data to automatically improve itself through experience. Netflix has fully incorporated machine learning into its platform by using predictive technology to make recommendations based on what the viewer has previously watched or rated. Music streaming providers such as Spotify or Pandora also use machine learning to recommend new artists based on what music users have listened to in the past. Recommendations continue to get refined and improved as the platforms continue to learn and analyse the users’ choices.
Implications to Financial Services
Based on how society has already embraced these powerful and useful technologies in other sectors, it was only a matter of time before they infiltrated the finance industry. A study conducted in the UK identified that 86% of business leaders in the financial services sector said they were already using these technologies. The World Economic Forum published a report earlier this year indicating that AI is fundamentally changing the physics of financial services. The bonds that have traditionally held together the constituent parts of financial institutions have been transformed ushering in a new age where data equals capital. Manual processing is giving way to programmed automation. Generic campaigns are being replaced with targeted marketing. Algorithms are usurping spreadsheets. The fabric of payments is evolving.
Advanced Data Processing & Automation
According to McKinsey estimates, banks do not realise the value of more than 80% of the total data collected by them. Therefore, there is a data mine that is waiting to be tapped. AI will help organisations realise the full potential of its data. AI can effortlessly consume large amounts of data, process the information faster than human efforts and can provide insightful outputs based on inference. The more data that can be processed, the more refined and accurate the data analysis results.
By allowing AI to extrapolate from data, companies will gain insights on their customers, which can lead to more customised products, services, communication and advice. The speed of the computation can be leveraged to enable a faster feedback loop, which will continually learn and provide updated insights thus allowing adaptability of product development and marketing strategies. Organisations will also see increases in productivity as a result of automation and machine learning. Time-consuming work such as compliance reporting, customer on-boarding communications and administrative documentation can be made more efficient and accurate with AI-powered automation.[
Personalised Customer Experience
These technologies will give rise to a more personalised customer experience. One example is the use of chatbots. Chatbots are automated chat systems that are designed to simulate human interaction. Chatbots identify emotion and context within text and will respond in the most appropriate manner based on previous interactions. Bank of America recently implemented its own chatbot or resident digital financial assistant named ‘Erica’, which has been widely recognised as a successful initiative. In a press release earlier this year, Bank of America confirmed that Erica assisted with 8 million client requests. Personalised communications will allow organisations to ‘humanise’ what can be quite structured and cold processes and give the consumer the façade of having a human on the other end.
Although AI can lend itself well to customisation, it can potentially lead to other unwanted behaviour at times. Predatory lending or marketing, where individuals are targeted based on information gathered through machine learning, are only some examples of how organisations or individuals can exploit these technologies. As such, industry policies and standards relating to privacy and prudential behaviour must be continually reviewed and updated as the industry continues to adopt AI and machine learning in various degrees. Financial ethics will play a big part in how AI or machine learning will continue to be accepted in the financial services industry.
The introduction of artificial intelligence or machine learning does not equate to a bleak future for the human professionals. Computers can be tasked with doing the repetitive and tedious jobs such as data processing. Instead of having to manually troll through a copious amount of historical data, a financial advisor can provide customised advice with a click of button. Employees will subsequently have more capacity to undertake higher level responsibilities and expand their skillsets. AI will alleviate some of the monotony of certain jobs and create new focus areas for professional development. Certain types of individuals will embrace this change while others may not. Organisations will need to look at investing time and money into transforming their talent alongside their technology to accommodate this fundamental change in an employee’s role.
Better Fraud Detection
Machine learning has been fundamental in enhancing fraud detection in the financial services industry. Indue’s Financial Crimes service is a prime example of how talent and technology co-exist to provide a whole that is more efficient than the sum of its parts. The service has embraced the benefits of machine learning with its foundation in the Safer Payments platform, which leverages machine learning algorithms to continually enhance its fraud detection capabilities. The platform is a neural engine that analyses a large transactional data pool to detect certain patterns and flag any anomalous behaviours. Indue’s financial crimes specialists leverage the cognitive computing provided by the platform, but strengthens the process by performing the executive decisioning and customer engagement that is critical to fraud management. The platform assists with pattern detection, data modelling and predictive capabilities whilst the specialists provide the emotional intelligence that only humans can offer. This reciprocity approach has been fundamental to the success of Indue’s Financial Crimes service.
To find out more, visit Orion Financial Crimes
The New Payments Platform (NPP) opened up an opportunity for Indue to reinvent our financial crimes service in the mutual sector due to the potential increased risk with NPP over traditional channels.
Dave Hemingway, our Chief Product Officer, discussed how Indue’s relationship with IBMs safer payment solution has resulted in the following benefits:
The announcement coincides with the release of the latest card fraud data for 2017 showing card-not-present (CNP) fraud accounted for 85% of all fraud on Australian cards. This is in line with global trends and reflects the rapid growth of e-commerce and online payments.
AusPayNet CEO, Dr Leila Fourie said that the success of chip technology in preventing in-person card fraud meant that criminal activity was migrating to online payment channels.
“This is the trend internationally, and the Australian industry has mobilised to ramp up the uptake of prevention measures,” Dr Fourie said.
“With fraud values in other areas of card payments either flat or falling, attention is now focussed squarely on online fraud,” she said.
“The framework released for consultation today is the result of collaboration among the entire range of stakeholders in online payments. Card issuers, retailers, card schemes, payment gateways, payment service providers, regulators and industry bodies have joined forces to ramp up the fight.”
Key elements of the CNP Fraud Mitigation Framework include:
Recent Reserve Bank of Australia figures show that consumers spent more than ever on their cards in 2017, with the overall value of card transactions up 5% to $748.1 billion.
AusPayNet figures released today show that card fraud of all types was also up 5% to $561 million, and accounted for 0.075% of the overall value of card transactions. At 7.5 cents in every $100 transacted, the rate of card fraud remained largely the same as in 2016.
Strengthened protection offered by EMV/chip technology resulted in a 48% fall in counterfeit/skimming (in-person) fraud to $31 million, the lowest value since 2006. Lost and stolen card fraud accounted for 7% of all card fraud, unchanged from 2016 and down from 10% in 2012. While in-person fraud fell in 2017, CNP fraud was up 14% to $476 million.
“Through the framework, we are taking a leading-edge approach to tackling the global problem of increasing online card fraud. With a united front, we can have the same impact that the roll-out of chip technology has had in combatting face-to-face fraud,” said Dr Fourie.
CNP fraud occurs when valid card details are stolen and used to make purchases or other payments without the card, typically online or by phone.
“There are some simple things people can do to help the fight against online fraud,” Dr Fourie said.
“Only provide your card details on secure and trusted websites – look for the locked padlock icon. Be wary of offers that look too good to be true. Malware and phishing attacks are becoming increasingly sophisticated, so be suspicious of unsolicited emails and text messages from people you don’t know. Don’t click on the link provided and don’t be tricked into divulging confidential data such as your password,” she said.
Other steps people can take include:
Australians are not liable for any fraudulent transactions on their payment cards and will be reimbursed as long as they have taken due care.
The McKinsey Global Institute looked at five broad categories of AI: computer vision, natural language, virtual assistants, robotic process automation, and advanced machine learning. Companies will likely use these tools to varying degrees. Some will take an opportunistic approach, testing only one technology and piloting it in a specific function (an approach our modeling calls adoption). Others might be bolder, adopting all five and then absorbing them across the entire organization (an approach we call full absorption). In between these two poles, there will be many companies at different stages of adoption; the model also captures this partial impact.
Source: McKinsey GlobalInstitute September, 2018