Payment providers have long had to balance the trade-off between meeting mandated security requirements and providing convenience and the latest technology for consumers.
Over the past five to 10 years, this pressure has become more intense, as the demand for a wider variety of fast and convenient payment options. This, however, sometimes comes at the expense of security with criminals taking advantage of the situation.
Australians lost a record $323 million to scams in 2021. Money lost to scams almost doubled in one year, with more than 286,000 Aussies reporting they were scammed last year.
These figures represent a ‘significant’ increase of 84% compared to 2020, when Aussies lost $175.6 million through the year.
Investment scams did the most damage according to the latest figures from the Australian Competition and Consumer Commission’s (ACCC) Scamwatch.
Investment scams accounted for $177 million, followed by dating and romance scams which saw people losing $52 million.
December saw the most money lost ($43.2 million) and August 2021 saw the highest number of scams reported (40,874).
New South Wales residents were collectively duped of $110 million – the highest, followed by Victoria where residents reported $74 million lost.
Crispin Kerr, Australia-New Zealand vice president at cybersecurity company Proofpoint, said the data paints an unfortunate picture of just how effective scammers were at taking advantage of Australians in the past year.
“The 84% increase in losses to scams in 2021 is significant and is just the tip of the iceberg when it comes to understanding the true impact on Australians,” Mr Kerr said.
“Based on the numbers for December, during the holiday season, people can become desensitised to receiving numerous advertising links for shopping deals and the like and may not think twice about opening a dangerous file or clicking a suspicious link.
“The data shows scammers were extremely active in 2021 and we anticipate this will only increase as scammers continue to evolve and update their tactics.”
While investment and romance scams were the most damaging, there were a number of other scams that saw Aussies losing millions.
Investment scams accounted for more than half of all the money lost to scams last year, and increased in prevalence by 32% compared to 2020.
“Investment scams can seem very attractive, and scammers can come across as legitimate in their promise of financial gain through the purchase of shares, funds, cryptocurrency or other high returns,” Mr Kerr said.
“However, the reality is that these get-rich-quick schemes enable scammers to steal personal and financial information to siphon funds for their own gain.”
Social media sites were the main hub for money loss via romance and dating scams, with 40% of scams reported resulting in money lost.
“Scammers also utilised social engineering particularly during lockdowns when people were at their most vulnerable to steal millions from Australians in dating and romance scams,” Mr Kerr said.
Phishing scams – where scammers aim to gain personal information – had the highest number of reports in 2021, making up one quarter of all scams reported. This is an increase of 61% on the year prior.
Scams relating to threats to life or arrest disproportionately affected younger Australians aged 18 to 24 years old, and accounted for the highest losses at $3.3 million.
Employment and job scams also more than doubled in 2021 to $2.6 million, and identity theft scams increased threefold to $10 million.
Older Australians suffered the greatest loss according to the ACCC’s figures, with people over 65 years old losing a total of $81.9 million throughout the year.
This demographic also reported the highest number of scams (46,282), followed by Australians aged 35 to 4 years old with 43,526 scams reported.
Men lost more to scams than women, with men reporting $190 million lost compared to $131 million reported by women.
No age group was exempt from losing money to scams, but the amount lost to scams did increase with age in 2021.
When it comes to card fraud, however, card not present (CNP) transactions continue to dominate, making up 87% of total transactions. In 2019, AusPayNet launched the CNP Fraud Mitigation Framework to address and control this type of fraud.
Usually CNP fraud involves breaches by third parties, through hacking of IT systems of a retailer or other company. Stolen card details can then be stored by criminals and used well after the breach. Card on file transactions – where a customer keeps their card on file with a merchant they use regularly – are also becoming a preferred target of cybercriminals.
Global fraud losses for card issuers, merchants and acquirers of card transactions from merchants and ATMs are large, totalling almost US$28 billion in 2018 – a huge increase from the US$7.6 billion lost back in 2010.
Having said this though, in the past couple of years, the number of cases of payment fraud globally has been declining. This success has come through coordinated action within the payments industry, through measures including:
Globally, the COVID-19 pandemic has seen a spike in scams seeking to exploit fears about the virus, which include targeting government payments and superannuation withdrawals. In Australia, just before the pandemic broke out in early 2020, there was also a spike in scam activity related to bushfire donations.
In response, governments and financial institutions are taking responsibility to educate themselves, consumers and businesses about the types of scams out there to help others avoid being exploited. They’re also doing more to identify and track account takeovers, shutting down “fake named” and “mule” accounts that scammers use to receive payments.
Predictions on fraud and scams are almost impossible to make, as criminals are always changing their methods and targets, partly to circumvent government efforts to address fraudulent activity. However, by having an action plan of “education, awareness and tracking”, governments, banks, consumers and businesses can take control to prevent themselves from being another scam statistic.
As the world of payments continues to make strides forward, Australian consumers are likely to be at the forefront of the next evolution. At Indue, we help businesses adapt and meet the changing expectations of consumers, by delivering innovative, compliant and secure payment systems.
To learn more about the trends shaping the payments landscape and what it means for your business, contact us today
With total spending on cards rising 5.4% to $847.3 billion during the same period, the fraud rate in FY21 was 57.8 cents per $1,000 spent, up from 55.8 cents per $1,000 in FY20, but well below the rate of 73.8 cents in FY18.
Card-not-present (CNP) fraud – mainly affecting online transactions – rose 12.3% to $442.0 million in FY21 as e-commerce surged during successive periods of COVID-19 lockdowns in various parts of the country. In FY21, CNP fraud accounted for 90% of all fraud on Australian cards.
Lost-and-stolen card fraud dropped 9.2% to $28.0 million, and counterfeit/skimming fraud fell 37.3% to $8.9 million, an acceleration of a long-term downward trend for this type of fraud.
AusPayNet CEO Andy White said rising e-commerce volumes underscored the need for industry coordination to target the activities of fraudsters.
“Online transactions continue to grow strongly and inevitably this attracts the attention of organised fraud groups,” Mr White said.
“Industry-wide efforts to mitigate CNP fraud will remain critical, but we all need to remain vigilant when transacting online,” he said.
CNP fraud involves valid card details being stolen and used to make purchases or other payments without the card being present at the point of sale, usually online. Consumers are not liable for fraud losses on payment cards and will be refunded, as long as they take due care with their confidential data.
The end of FY21 coincided with the conclusion of the second full year of operation of the industry’s CNP Fraud Mitigation Framework. Under the Framework, merchants who consistently exceed agreed fraud threshold targets are required to introduce strong customer authentication. The Framework also encourages secure technologies such as real-time monitoring, machine learning and tokenisation.
“We expect to see the full benefit of the CNP framework as we emerge from the pandemic,” Mr White said.
Release of the latest payments fraud data comes soon after the inaugural meetings of AusPayNet’s Economic Crime Forum (ECF). As the successor to the Fraud in Banking Forum, the ECF brings together industry stakeholders to coordinate joint responses to economic crime including scams, fraud, financial crime, and banking-related cyber incidents.
“Alongside our focus on CNP fraud, last month we launched our scams strategy. Over the coming year we look forward to working with industry to reduce the impact of scams on vulnerable businesses and individuals,” Mr White added.
Consumers and merchants are reminded how they can be vigilant online in the lead up to the Christmas holiday season.
Steps consumers can take include:
Guidance for merchants:
The growing sophistication of financial crime remains an ever-present threat, particularly as we move to a predominantly cashless society, and engage with more ways to pay. Left exposed or unprotected, fraudsters can swiftly take their toll on financial institutions’ bottom line and reputations.
To stay on top of innovative financial crime perpetrators, financial institutions must have the best people, processes and technology in place to efficiently detect and monitor fraudulent behaviour. This valuable mix can sometimes take years to develop without the support of specialist providers.
Financial institutions are often faced with having to run multiple, costly technology solutions that tackle independent payment channels. This can lead to siloed people and processes supporting these multiple solutions. Managing multiple solutions also runs the risk of delaying the detection of fraud and potentially missing a fraud event entirely, exposing vulnerabilities for fraudsters to exploit.
These were just some of the challenges Indue’s client — a well-known Australian bank — faced while attempting to protect its 400,000-plus customer base prior to engaging Indue’s financial crimes experts.
Results we achieved for a leading Australian bank
50% cut in fraud losses in the first month
60% reduction in false-positive fraud results
400,000-plus customers better protected
As a leading Australian bank, reliable fraud monitoring was essential to keep up with the fast, real-time transaction speeds of today’s payments networks. The bank was fighting fraudsters without the ability to decline in-flight transactions in real time, the outcome was fraudsters had the opportunity to achieve far greater attacks utilizing velocity and speed to their advantage.
The bank’s incumbent technology was also returning significant false-positive fraud results, thereby clouding analyst assessments and creating cost inefficiencies for operations. This enabled real fraud to hide behind genuine behaviour, which was often missed during assessments.
Critically, fraud was being monitored only during office hours by the client’s operations team. This often resulted in a backlog of events for next day review, while providing an opportunity for perpetrators to schedule attacks during out of hours and unmonitored periods.
Shared vision: Indue’s financial crimes experts were able to see the bigger picture and work in partnership with the bank on their longer-term business planning goals and objectives, to provide a solution that could grow and adapt over time.
Partnership: The client was seeking a supplier who would take a true partnership approach. A partner who could work with them to co-create an integrated solution that could simplify the management of multiple payment channels and return better results than its existing provider.
Collaboration: A key success factor was the focus on collaboration between the client and Indue. The teams worked closely to ensure each other’s strengths were being leveraged, that the client was listened to and understood, that there was clarity on the problems that needed solving, and that there was alignment on identifying technical challenges and key performance outcomes.
Understanding: Built on years of experience, the Indue team understands that the closer you can work with a client’s team, the better the outcome. It was through establishing a close working relationship Indue was able to provide direction & guidance to help them decide how they wanted and needed to interact with the service. As the client was reshaping their own fraud management approach, Indue was able to provide guidance and counsel.
Feature Rich Service: The bank required a 24×7 alert triage service thereby providing round the clock monitoring and protection for their 400k+ customer base. Powered by award-winning IBM Safer Payments, the Indue solution was able to reduce the risks associated with the client’s multiple payment channels. Further, Indue’s investigation Case Management tool made an outsourced service much easier to manage back in the clients own shop. Finally, the Indue aggregation model was able to deliver insights from across a broad range of industry financial crime learnings, providing the client with greater visibility of the financial crime landscape.
“Financial crime is a unique, fast-paced and often highly complicated problem to solve. It requires people, process and technology working together harmoniously to achieve results.”
Dean Wyatt, Head of Financial Crimes, Indue
Following the implementation of Orion Financial Crimes Solution, the bank saw immediate results with card fraud losses cut by 50% in the first month alone. More fraud was detected through less alerts and false-positives reduced by 60%.
Better outcomes overall were achieved in prevention and detection by addressing both fraud and scams, and significantly reducing chargebacks to customers.
The bank is now looking to add further payment channels to Indue’s solution, taking full advantage of the single-view capability of Orion Financial Crimes and IBM Safer Payments.
Critically, the bank can now focus its attention on higher value programs to drive its customer-first value proposition while working with Indue to protect its customers.
Orion Financial Crime’s ability to inherently integrate people, processes and technology provides a cutting-edge solution with real-time capability, integrating artificial intelligence and machine learning to deliver a 24/7 fraud monitoring solution.
Launched in 2003, Orion Financial Crimes went live with IBM Safer Payments in 2018, providing real-time fraud & scam detection and management, anti-money laundering and counter-terrorism financing monitoring, sanctions checking across Australia and New Zealand.
To find out how you can tap in to Indue’s team of experts & specialists in fraud management contact us today.
The global pandemic and subsequent economic downturn has presented a new set of challenges for financial institutions as they work to keep pace with financial crimes across the sector. With advancements in technology, changes in human behaviour and an increase in vulnerability as a result of COVID-19, it has never been more important for organisations to remain ahead of the financial crime curve and put up a solid defence in a post-pandemic world.
As the nation continues to navigate the ‘new normal’, we took a look at the top three financial crime trends of 2020 with Indue’s Financial Crimes team as a friendly reminder to stay vigilant and safeguard against professional perpetrators.
There’s no doubt the way we choose to pay has materially changed since the onset of COVID-19. With lockdown restrictions across the country, we’ve seen traditional brick and mortar stores exchanged for convenient and contactless ecommerce channels.
As a result, ATM withdrawals and cash-out transactions have dropped considerably, with the RBA reporting a 52% and 30% decrease respectively for the quarter ending June 2020.
Meanwhile, a recent report by Australia Post revealed ecommerce has grown by a mammoth 80% year on year in the eight weeks since COVID-19 was declared by the World Health Organisation, with an average of 2.5 million households buying something online each week in April 2020, compared to 1.6 million in 2019.
This significant shift to online transactions has seen a corresponding increase in online fraud. Indue’s Head of Financial Crimes, Dean Wyatt, said the company’s internal fraud metrics in relation to ecommerce had reported a 28% rise to 98% since the global pandemic hit.
“With an increase in online traffic comes an increase in fraud associated with ecommerce merchants, putting customers’ personal details at risk,” he said.
“On the other hand, we’ve seen instances of petty theft and stolen cards decline as a result of restrictions such as curfews and people generally travelling less, including people shifting to working from home arrangements.
“The good news is we’ve been able to hone in on this change using our multi-channel Orion Financial Crimes service, and align our analytics to identify and track suspicious behaviour in real time, to ensure our customers remain protected.
“Customers need to be aware that if they’re using new types of payments, they need to be following the same rigor as you would when paying instore.”
Social engineering by definition seeks to exploit human psychology to access and obtain personal information, and it’s this type of scam that continues to outsmart targets.
From phishing attacks (fraudulent emails or texts that appear to come from a reputable source) to baiting (a false promise to pique a victim’s greed or curiosity), the goal of the ‘social engineer’ is to trick individuals into giving up sensitive information or visiting malicious URLs to compromise their systems.
“We have seen a strong shift to perpetrators compromising people directly and involving them in the scam, rather than solely relying on targeting accounts or cards,” Dean said.
“Compromising identity details across driver licences, passports, and email or social media accounts is hot property at the moment because financial services are inherently integrated with those types of documents, information and platforms.
“People are fooled by sophisticated attacks that purport to ‘know you’, calling with pieces of information already collected, with the intention of gathering further details from the victim. When scammers are able to access detailed personal information, they can easily create new accounts or lines of credit under individuals’ names.
“At Indue, we have seen a considerable rise in social engineering over the last four years, to the point where it is now a larger problem than fraud. In 2016, financial crimes represented 80% fraud compared to only 20% social engineering scams, but as of 2020, we’re now seeing 45% fraud compared to 55% scams.”
According to the Australian Payments Network, the most common contact method for scam activity in Australia is by email, but scams via phone result in the most financial loss.
A key focus for institutions and regulators has been the growing trend of traditional financial crimes, like money laundering and terrorism financing, with both AUSTRAC and the Financial Action Task Force (FATF) reviewing controls and payment systems to identify potential weaknesses that could be exploited by criminals across the sector.
Money laundering seeks to disguise the proceeds of crime as legal income, while terrorism financing, as the name suggests, funds terrorist activities, both of which have the potential to trigger global repercussions.
Tough financial penalties have been handed down in recent times — the Commonwealth Bank of Australia and Westpac have both been hit with fines totalling $2 billion relating to serious breaches of anti-money laundering and counter-terrorism financing laws.
“With the shift of payments to a digitized world, more criminals are taking advantage of the opportunity to leverage these methods and innovative ways of sending financial transactions to each other,” Dean said.
“The rise of financial crime and the importance of protecting payment ecosystems has never been more important. With AUSTRAC’s presence increasingly felt in Australia over the last few years, I see it remaining a consistent focus beyond 2020.
“Genuine customer behaviour is certainly playing into it as well — with a strong shift to online payments, criminals are increasingly moving from hard cash to online transfer methods and attempting to hide between the genuine customer activity.
“As part of our Orion Financial Crimes solution, our anti-money laundering and counter terrorist financing service monitors customer account behaviour and transactions for unusual patterns, to detect activity that may be reportable under the Australian Anti-Money Laundering and Counter Terrorist Financing Act.”
Learn more about Indue’s Orion Financial Crimes service, a multi-channel detection system that harnesses transactional data, customer behaviour and biometrics to expose anomalies and identify fraudulent activity. Delivered by an expert team, the service is forward-thinking with a machine learning/artificial intelligence component and places customers ahead of the curve, providing a safety net when it comes to material risks and losses.
2020 Fraud Statistics released December 2, 2020 by the industry self-regulatory body Australian Payments Network (AusPayNet) show fraud on payment card transactions declined 15.4% in the 12 months to 30 June 2020 (FY20).
The following article has been sourced from AusPayNet’s website.
The fraud figures for the 12 months to 30 June 2020 (FY20) show fraud on payment card transactions dropped by 15.4% to $447.2 million continuing the trend recorded in the 2019 calendar year.
Within this total:
The decline, which came as spend on cards totalled $803.4 billion (up 0.5%), translates to a rate of 56 cents per $1,0000 – down from 66 cents per $1,000 in FY19.
The FY20 data includes the first full year in operation of the industry CNP Fraud Mitigation Framework, which came into effect on 1 July 2019.
For more information on the data and payment fraud trends, including a “Spotlight on Scams”, read Auspaynet’s 2020 Payment Fraud Report here.
Article & Image Source: Australian Payments Network (Auspaynet)
Emerging Payments Association’s InFocus takes a look at Cyber Security, a theme that is more important than ever, following the wide-scale shift to remote working, and the increase in usage of e-commerce and digital identity.
In this first interview for InFocus, Lance Blockley is talking to Mani Amini CEO at Secure Forte and Dave Hemingway CCO at Indue.
The ISO certification features requirements on how to implement, monitor, maintain and continually improve an Information Security Management System (ISMS) in accordance with the standard, including preserving the confidentiality, integrity and availability of information to ensure risks are adequately managed.
Indue Chief Executive Officer Derek Weatherley said the accreditation reinforces the organisation’s proven security processes and credentials against the global standard.
“This is a significant achievement for Indue, which specialises in helping customers gain competitive advantage through innovative payment solutions,” Mr Weatherley said.
“The certification strengthens our approach to information security, and demonstrates to our customers and partners that we maintain the highest levels of data security.
“We are trusted by our customers to store and process their most valuable data, so this certification provides assurance that we have all the necessary controls in place to ensure this important information is protected.
“Particularly in the context of COVID-19 where we’ve seen an increase in the risk of data security breaches alongside a surge in online transactions, we’ve continued to demonstrate our commitment to secure payment products, supported by rigorous compliance, program oversight and our transaction monitoring and protection system, Orion Financial Crimes.”
Data security has never been more important, with COVID-19 restrictions forcing many businesses to move to remote data almost overnight, significantly increasing the risk of data breaches.
By implementing and following the necessary steps to comply with the ISO 27001:2013 standard, organisations can identify, control and eliminate security risks, ultimately certifying the security practices adopted within the organisation.
ISO is an independent, non-governmental, international organisation that develops standards to ensure the quality, safety and efficiency of products, services and systems.
IBM Safer Payments, the next generation platform powering Indue’s Orion Financial Crimes fraud monitoring solution, has been recognised at the Asia Risk Technology Awards 2020 as Fraud Detection and Prevention Product of the Year.
The Awards, recently held in Singapore, are the longest-running and most prestigious in the region, recognising vendors that deliver innovative and forward-thinking technologies to meet the financial services industry’s complex challenges.
IBM Safer Payments won the award specifically for bringing agility to combatting fraud and for its differentiated capabilities — a solution that is particularly well positioned to serve Australian clients as disruptions associated with faster payments and the emergence of challenger banks gathers momentum.
Indue’s Chief Commercial Officer, Dave Hemingway, said this important industry acknowledgement for partner IBM demonstrates Indue’s commitment to bringing next generation risk and compliance solutions to serve Australian customers, and to meeting their specific industry and business needs.
“We began leveraging IBM Safer Payments in 2018 as part of our Orion Financial Crimes service, to reduce the risks associated with the introduction of the New Payments Platform — with real-time payments comes a greater risk of fraud and cyber crime,” Mr Hemingway said.
“Indue is now using IBM Safer Payments to its full capacity and we’re seeing incredible benefits as a result.
“The pace of change within the industry, particularly due to COVID-19 where we’ve seen a significant move to online transactions, has meant we’ve been able to harness the capability of IBM Safer Payments, and adjust and adapt to meet these changes in behaviour, fast.
“It’s reassuring to know that what we’re doing and the tools we’re using in the financial crimes space is backed by world-leading, award-winning technology and we’re proud to be leading the way.”
Indue’s Orion Financial Crimes solution integrates artificial intelligence and machine learning algorithms to deliver a 24/7, Australian-based fraud monitoring solution, powered by IBM Safer Payments.
With the integration of IBM Safer Payments, the Orion Financial Crimes team has experienced a 20% reduction in false-positive rates, and have been able to make rule changes up to 90% faster when compared to traditional platforms, while managing all payments channels in the one system.
Indue consistently outperforms the industry average in financial crimes prevention, offering credible, major bank grade anti-fraud capabilities for small to mid-tier banks.
Find out more about Indue’s Orion Financial Crimes Service.
The digitisation of payments, changes in ecommerce and acceleration of mobile wallet adoption are global payments trends in 2020 challenging the industry to keep pace. These trends are not only forcing businesses to change the way they operate, but are also putting data security at the forefront of business strategy.
With the future of payments quickly coming into focus — thanks in no small part to the impact of COVID-19 — Indue CEO Derek Weatherley shares his insights on the top five payment trends influencing 2020.
Even prior to the COVID-19 pandemic, ecommerce was expected to continue to grow rapidly in 2020. But restrictions and public space shutdowns have significantly changed consumer behaviour, with a 29 per cent increase in ecommerce spending locally month-on-month since lockdowns began in March1. On the other hand, physical transactions have decreased and people are using less cash — a longer-term trend accelerated by the global pandemic as some businesses discourage the use of cash.
Helping drive this trend is a population seeking more flexible and convenient ways to pay. Combine this with confidence in stronger digital security and a willingness within the retail sector to embrace technological change, Australia is starting to see mobile payments take off. In 2019, The Reserve Bank of Australia reported 83 per cent of point-of-sale card transactions were contactless payments, signifying a rise of almost 20 per cent in three years2. COVID-19 is only adding to this rise with the payments industry temporarily increasing the contactless card PIN limit from $100 to $200 to minimise physical contact with the payment terminal and help reduce the risk of COVID-19 transmission.
One trend to keep a close eye on is the digital wallet. Roy Morgan’s latest Digital Payments Report revealed that digital wallets such as Apple Pay, Google Pay and Samsung Pay are being used by roughly one in 10 Australians (9.8 per cent) — up from 6.8 per cent a year ago3. This upward trend will continue, but the mobile wallet race hasn’t fully played out just yet as the industry looks to cater for all the different use cases.
One thing is clear — the payment industry will continue to evolve to meet the needs of merchants as consumers demand improvements to the overall ecommerce and contactless experience.
It’s a busy time for payment systems operators, with heightened conversation taking place across payment schemes in the industry. We’ve also seen in recent times a significant transformation of the base-level clearing and settlement capabilities, causing disruption for many in this space and providing future innovative payment solutions.
The high level and pace of change is causing congestion and headaches for financial institutions and payment providers. As older forms of payment are migrated, schemes are coming into competition with each other, creating congestion and ultimately higher costs for consumers.
This will likely settle in the next three to five years as the industry settles on its future scale approaches to utility payment processing, but the medium-term landscape remains challenging and costly.
Understanding what’s next in payment industry platforms comes down to understanding the value proposition in the eyes of consumers and merchants and their respective appetite to pay. We expect to see competition between providers of closed and open payment platforms increase, as they contest for a larger slice of their customer dollars and loyalty4.
Data security in the world of payments has never been more crucial and with innovation comes security issues as payment products and services evolve. The speed of transactions have increased through advancements like New Payments Platform (NPP) real-time payments, and we are exposed to significantly larger and more valuable data footprints online, which all contribute to a heightened risk of fraud. By investing in sophisticated machine learning payment technology, Indue now has the capacity to draw from a much larger pool of data and undertake significantly more sophisticated real time analysis to detect trends that benefit — and protect — each individual client.
Indue’s Orion Financial Crimes solution integrates human and artificial intelligence (AI) with machine learning algorithms to deliver a 24/7 fraud monitoring solution. This solution provides a broad gambit of services, including real-time fraud and anti-money laundering monitoring across all payment channels. This is a significant shift in how financial institutions trade on trust, and therefore need to put reputation and security at the forefront of their business priorities. Without robust data security measures, businesses run the risk of damaging their brand and making consumers feel uncertain about the safety and security of their accounts.
We have transformed our financial crimes services and continue to invest in leading-edge payment technology to better monitor trends and ultimately protect our customers from fraud. Assurance of identity in a virtual world is another key area of focus in an increasingly digitised world and an area where we are assisting our customers to adapt to with ongoing innovation in this area.
Product commoditisation will not only challenge business models, but shift the economic climate, especially in the banking and fintech sector. Digitisation and ease of payments have changed the way customers think, decreasing the value of traditional competitive differentiators in the process — payments are now instantaneous, simple and 24/7.
As consumers become more and more accustomed to these seamless transactions, it presents a challenge to providers who need to balance the cost of creating a frictionless experience and meeting consumer expectations. Expect to see structural shifts among the players operating in this environment as they look to drive revenue through new or enhanced customer experiences, and make use of data analytics to anticipate customers’ changing needs and expectations4.
COVID-19 has made embracing and adapting to the work-from-home environment a must for businesses. The shift has provided opportunities for businesses to expand their workforce and recruit talent from anywhere, as most payment organisations aren’t restricted by location.
Even before COVID-19, Indue embraced work from home and flexible working hours, revising the way we manage talent to reap the positive benefits of a geographically dispersed workforce and provide an increased work/life balance across the organisation.
The final word — what do these 2020 payments trends mean for our customers?
Our customers rightly focus their investment dollars on driving the top line, and leave the distraction of digitisation and changing payment rails to us to handle on their behalf. However, with continued evolution of the online world, it’s important that our customers sensibly invest in the modernisation of their platforms, particularly those platforms that make their customers lives easy. They don’t need to be on the leading edge, but do need to keep pace.
The Australian Payments Network’s 2020 Payment Fraud Report shows that in 2019, card fraud fell by 19.5% to $464 million – the biggest decline ever – as total card spending rose 3.9% to a record $819 billion.[/vc_column_text][vc_column_text]This translates to a fraud rate of 56.6¢ per $1,000 spent, a significant drop from 73.1¢ per $1,000 in 2018.
The drop in card-not-present (CNP) fraud, mainly affecting online transactions, is the first ever and coincides in part with the introduction in July 2019 of the industry CNP Fraud Mitigation Framework.
The industry is committed to tackling CNP fraud, which accounts for 87% of all card fraud, and remains vigilant as e-commerce volumes increase during the COVID-19 pandemic.
For more information on the data and payment fraud trends, including a “Spotlight on Scams”, read Auspaynet’s 2020 Payment Fraud Report here.
Article & Image Source: Australian Payments Network (Auspaynet)
Tokenisation is a method of protecting sensitive data by replacing it with an algorithmically-generated number referred to as a ‘token’. In the payments world, tokenisation is commonly used to replace debit and credit card numbers in an attempt to prevent card fraud.
Under this form of tokenisation, a cardholder’s Primary Account Number (PAN) is replaced by a random number that is not linked to the card number prior to processing a transaction through the payments network. This process assists in mitigating the risk of exposing sensitive card data to unauthorised individuals or software that could potentially exploit the data by fraudulently duplicating the card details. It also prevents merchants from storing the PAN in databases, which are targets for hackers. Tokens cannot be decrypted or reverse-engineered. The only relationship between the original card number and its associated token number resides within the Token Service Provider.
A Token Service Provider (TSP) is a service provider that issues tokens, manages the lifecycle of tokens and stores the payment credentials associated with the tokens. TSPs can be an independent third party from the payment network or can be the actual card scheme (i.e. Visa, MasterCard, eftpos). TSPs must conform to strict security and privacy specifications defined by the global payment schemes and fall within the PCI-DSS compliance requirements.
Tokenisation takes many forms within the payments industry. One of the most prevalent uses of tokenisation is within the Mobile Payments space. When a cardholder provisions their payment card within an Apple or Google mobile wallet, the request is sent to the appropriate TSP to tokenise the card number. The token is then sent back to the mobile wallet for activation. The cardholder’s actual card number is never stored on the mobile device and as such cannot be extracted for misuse. All subsequent mobile transactions will use the token number as the payment credentials.
Tokenisation for in-app purchases is also on the rise due to its convenience. Some in-app purchases leverage the mobile payment functionality whereby the token stored on the mobile wallet is used to make a purchase within the phone application. An example of this would include purchasing tickets on the Ticketek app and instead of inputting credit card details, the user is able to select the Apple Pay option, which references the credentials stored within the mobile wallet. Not only does this option provide an easy streamlined purchase journey, it also removes any sensitive data from the transaction.
Tokenisation for card-on-file online purchases is also becoming more common given the recent occurrences of global data breaches. Wawa, a popular convenience store chain in the United States, confirmed in late 2019 the discovery of malware on their payment processing servers. The malware captured credit and debit card numbers, cardholder names and expiration dates. Card-on-file tokenisation protects a cardholder’s card credentials stored at online merchants with whom the cardholder frequently make purchases. Netflix holds the card credentials of all its customers for the purpose of charging the monthly subscription fees. The streaming service provider has recently undertaken a significant exercise of tokenising as much of its database as possible as a means to mitigate the risk of data breaches. As more online merchants migrate to tokenisation, the prevalence of card data breaches will hopefully decrease as well. Given that a new unique token is generated for each retailer, a security breach at one retailer will not compromise the security of the token data at another retailer.
Payment Account Reference – Providing a holistic view
Although the use of tokenisation enhances the security of digital payments, it also presents a challenge. If a cardholder’s card credentials are tokenised for use within Google Pay on an android phone, Apple Pay for an iPad and Netflix for monthly subscription payments, it becomes a one to many relationship. One single PAN is now linked to several tokens across different systems and platforms.
As only the TSP has the original data linking the PAN to the multiple tokens, the lack of visibility makes it difficult for other parties such as merchants to have a consolidated view of all transactions performed by the cardholder and subsequently provide value-add and compliance services. An example of this is the provision of fraud and anti-money laundering monitoring services. To provide the most effective service, there is a need to identify transactions on an aggregate card level to better assess customer behaviour and payment trends.
As a means to provide a consolidated view, some card schemes have introduced the use of a Payment Account Reference (PAR). According to a recent white paper published by EMVCo, a global entity facilitating worldwide interoperability of secure payment transactions, a PAR is a ‘non-financial reference assigned to each unique PAN and used to link a Payment Account represented by that PAN to affiliated Payment Tokens’. PAR is passed in the transaction message to the merchant so that they can reference this field when performing customer level analysis.
EMVCo affirms that this is a long term solution that will solve the issue by linking together disparate card-based and token-based transactions without compromising on security. Although this is the recommendation of EMVCo, it is the responsibility of the card payment schemes to adopt this concept and implement it into their respective payment ecosystems. eftpos is introducing support for PAR in the near future.
Leading payment provider Indue, and its Orion Financial Crimes service has this week delivered a major milestone in its market leading approach to financial crime mitigation for the financial services sector.
Indue is extremely pleased to announce that it has extended its current AI solution for NPP payments to include cards payments, in real time. This achieves a major milestone on the journey to the ultimate goal which is all payment types in real time for financial crime, providing a holistic portfolio view.
The milestone achievement is part of Indue’s long-term strategy to increase its capability to support customers in an environment where criminals are adopting rapidly evolving tactics which outpace traditional solutions that are limited in breadth and slow to respond.
Indue CEO Derek Weatherley said the company was now using the power of machine learning across multiple channels, combined with a broad view of data, to inform preventative action to protect its customers — mainly mutual banks, regional banks, credit unions, building societies, mortgage originators and fintechs — from increasingly sophisticated cyber criminals.
“Access to broad data pools and the single customer view approach to managing all financial crimes, including money laundering is imperative to driving both efficiency on the one hand and effectiveness on the other. At the same time the AI capability guarantees minimal impact on customer convenience.”
“The dominant trend in today’s market is to buy specialised services from expert providers with scale, rather than to attempt to build and maintain in-house solutions. The ‘buy, not build’ trend is driven by greater capacity to benefit from shared common investment, access greater skills and in the case of financial crime services, benefit from broader data insights.”
“Our model lends itself very naturally to this trend and we are experiencing a high level of demand in the market. The model we have successfully delivered is leading the way in the financial crimes services market globally and there is a high level of desire internationally to run financial crime bureaus that leverage the benefits of the model we have been able to create.”
“Indue, as a third party processor, has developed a highly integrated solution that not only integrates directly into its payment gateways for both cards and NPP transactions, but also integrates directly into advanced analytics tools and investigation and case management services making the operational servicing highly efficient”.
Indue’s unique solution completes a major milestone in its vision for its next generation Orion Financial Crimes Solution – as a real time, multi-channel fraud and AML solution for its clients.
“This important milestone furthers Indue’s mission to deliver competitive advantage and security to our customers” Mr Weatherley said.
“A diverse segment of the financial services sector in Australia rely on Indue’s Orion Financial Crimes service to protect them and their customers from criminal behaviour, and they entrust us to get it right 24 hours a day 7 days a week, 365 days a year and with today’s milestone we have positioned ourselves in a market leading position to deliver on that expectation into the future.”
Long gone are the days when a cardholder could only make a purchase at point of sale with their physical card. The ongoing advances in payment capability previously paved the way for consumers to make online Card-Not-Present (CNP) transactions, but has now gone even further by enabling these CNP transactions to be initiated from a mobile wallet with fingerprint authentication.
Nevertheless, the fundamental transaction that underpins these digital advances is the CNP transaction, which is gaining momentum as one of the most popular ways Australians like to transact. The CNP transaction growth rate has increased from 14% in 2017 to 27% in 2018*, which may be partially accounted for with the increase of mobile in-app payment opportunities (where a consumer uses a retail app and selects a card stored in their mobile wallet to make the purchase). More avenues for CNP transactions means more opportunities for card compromise and fraud spending.[/vc_column_text][vc_column_text el_class=”ind-textBox”]
Earlier in the year, Indue advised its clients of the significant industry-wide initiative to combat the increasing CNP transaction fraud. Championed and led by the Australian Payments Network (AusPayNet), the CNP Fraud Mitigation Framework aims to target the most prevalent form of fraud in the card payments space.
According to AusPayNet’s ‘Australian Payment Card Fraud 2019’ report, although the rate of CNP fraud growth has decreased since previous years, CNP fraud still accounts for 85% of all card fraud on Australian cards.
The collective industry acknowledged the need to address this fraud concern by establishing this industry-wide framework.
The CNP Mitigation Framework took effect in 1 July 2019 after a long collaboration and consultation process to define the minimum standards that both card Issuers and Merchants need to meet as a means to reduce the rates of CNP fraud. These standards provided industry-agreed fraud thresholds that Issuers and Merchants were to report against. Failing to meet these thresholds would require them to implement additional security measures or be subjected to penalties. “Breaches of these thresholds will trigger obligations for Merchants and Issuers to take action. Repeated breaches over a period of time could ultimately result in financial penalties for Issuers or Merchants’ Acquirers,” AusPayNet said in an industry release.
In July 2019, Indue consolidated the required statistical data on behalf of our financial crimes clients and submitted the relevant reporting to AusPayNet. Indue has since continued to submit monthly reporting to AusPayNet according to the CNP Fraud Mitigation Framework requirements. As this new reporting becomes embedded in the operation and maintenance of the card payments ecosystem, AusPayNet and indeed the entire industry will get a glimpse into whether this new framework is making inroads into the chief objective of curtailing the growth of CNP fraud. Coupled with the 3DS 2.0 mandate issued by both Visa and MasterCard, this reporting and accountability should have an impact on fraud numbers. It will be an interesting space to watch over the next two to four years.
*Source: Reserve Bank of Australia
AusPayNet’s Australian Payment Card Fraud 2019 report
Indue’s March 2019 CNP Fraud Mitigation Framework article
The Australian payment industry has seen a seismic shift in the past few years from traditional retail store purchases to online shopping. This migration coupled with the strong fraud protection provided by EMV chip technology for in-person transactions has unfortunately prompted an adverse mirrored trend – an increase of fraud in card not present channels. Card not present (CNP) fraud now accounts for almost 85% of all card payment fraud in Australia and further to this, CNP fraud seems to be growing 13% year on year at an industry level.
To combat this increased threat, AusPayNet in conjunction with key industry stakeholders have initiated an industry-wide collaboration program entitled the ‘Card Not Present Fraud Mitigation Framework’. This Framework sets out the industry approach to mitigate CNP payments fraud for all members across the payment value chain – merchants, consumers, Issuers, Acquirers, card schemes, payment gateways, payment system providers, and regulators. It is a framework designed to reduce fraud in CNP online channels, while also ensuring that online transactions continue to grow and thrive. The key tenets of this framework have been established by the industry:
1. Consistently apply Strong Customer Authentication (defined below)
2. Leverage global standards and best practice from other jurisdictions where possible
3. Be technology neutral to provide choice and ease of implementation
4. Use dynamic data wherever possible to reduce fraud
5. Act now, plan for the future – deal with the current fraud issues with the ability to review and update the Framework over time.
This framework requires participants across the payment value chain to take a more active role in reducing Card Not Present (CNP) fraud. For Card Issuers in particular, the two main obligations within this new framework are as follows:
• Ensure fraud rate remains below Issuer Fraud Threshold
• Perform Strong Customer Authentication or Risk Based Authentication when requested by the Merchant
This framework has set an industry fraud benchmark for an acceptable level of Issuer and merchant risk. Quarterly reporting to AusPayNet of fraud rates will be mandated as part of this framework. Issuers and merchants with fraud rates under the established threshold will not be required to perform any additional fraud mitigation activities. Issuers and merchants operating over the industry fraud rate will be required to perform Strong Customer Authentication. Should Issuers and merchants continue to breach industry thresholds over consecutive quarters, fines and sanctions can be imposed.
SCA is an authentication method requiring the cardholder’s identity to be verified with at least two independent factors from the following categories:
1. Something only the cardholder knows (knowledge factor) – a password, an answer to a secret question or a PIN
2. Something only the cardholder possesses (possession factor) – a credit card, a hardware token or a smartphone
3. Something the cardholder is (inherence factor) – a biometric feature such as a fingerprint scan, an iris scan, or facial recognition; or a behavioural feature such as type or swipe dynamics.
Although cardholder authentication will actively reduce the occurrence of fraudulent activity, the industry must also consider the user experience when implementing an authentication solution. The framework should provide the consumer with confidence that online transactions are secure without adding a disproportionate degree of friction to the transaction journey.
The industry timeline for the implementation of the framework is outlined below:
Indue has been involved with developing the industry-wide framework via representation and collaboration at forums and consultation submissions. Indue has commenced an internal program of work to build the capability to support the required AusPayNet reporting. We will work closely with all of our card issuers in the next few months to ensure understanding of the initiative requirements and next steps to comply with the new framework.
The banking industry has commenced the execution phase of this framework, which aims to tackle the most prevalent type of card fraud Read our follow up article here.
Artificial Intelligence (AI) and Machine Learning technologies are set to revolutionise an industry based on numbers but also an industry still traditionally dependent on human expertise, analysis and creative intelligence to progress and prosper. Some proponents of these processes believe that it will be a symbiotic relationship between man and machine. Others believe that their introduction will mean the demise of the human worker. So what are these concepts and how will they impact the financial services?
AI vs Machine Learning
Artificial Intelligence is a board term, but was succinctly defined by Andrew Moore, Dean of the School of Computer Science at Carnegie Mellon University as “the science and engineering of making computers behave in ways that, until recently, we thought required human intelligence”. A modern day example of AI would be Apple’s beloved digital personal assistant Siri, who can assist in finding information, creating events and providing directions purely based on voice recognition. Another example would be self-parking cars, whereby the vehicle will park itself using spatial and proximity information without any human intervention.
Machine learning is a branch of AI that relies on analysing data to automatically improve itself through experience. Netflix has fully incorporated machine learning into its platform by using predictive technology to make recommendations based on what the viewer has previously watched or rated. Music streaming providers such as Spotify or Pandora also use machine learning to recommend new artists based on what music users have listened to in the past. Recommendations continue to get refined and improved as the platforms continue to learn and analyse the users’ choices.
Implications to Financial Services
Based on how society has already embraced these powerful and useful technologies in other sectors, it was only a matter of time before they infiltrated the finance industry. A study conducted in the UK identified that 86% of business leaders in the financial services sector said they were already using these technologies. The World Economic Forum published a report earlier this year indicating that AI is fundamentally changing the physics of financial services. The bonds that have traditionally held together the constituent parts of financial institutions have been transformed ushering in a new age where data equals capital. Manual processing is giving way to programmed automation. Generic campaigns are being replaced with targeted marketing. Algorithms are usurping spreadsheets. The fabric of payments is evolving.
Advanced Data Processing & Automation
According to McKinsey estimates, banks do not realise the value of more than 80% of the total data collected by them. Therefore, there is a data mine that is waiting to be tapped. AI will help organisations realise the full potential of its data. AI can effortlessly consume large amounts of data, process the information faster than human efforts and can provide insightful outputs based on inference. The more data that can be processed, the more refined and accurate the data analysis results.
By allowing AI to extrapolate from data, companies will gain insights on their customers, which can lead to more customised products, services, communication and advice. The speed of the computation can be leveraged to enable a faster feedback loop, which will continually learn and provide updated insights thus allowing adaptability of product development and marketing strategies. Organisations will also see increases in productivity as a result of automation and machine learning. Time-consuming work such as compliance reporting, customer on-boarding communications and administrative documentation can be made more efficient and accurate with AI-powered automation.[
Personalised Customer Experience
These technologies will give rise to a more personalised customer experience. One example is the use of chatbots. Chatbots are automated chat systems that are designed to simulate human interaction. Chatbots identify emotion and context within text and will respond in the most appropriate manner based on previous interactions. Bank of America recently implemented its own chatbot or resident digital financial assistant named ‘Erica’, which has been widely recognised as a successful initiative. In a press release earlier this year, Bank of America confirmed that Erica assisted with 8 million client requests. Personalised communications will allow organisations to ‘humanise’ what can be quite structured and cold processes and give the consumer the façade of having a human on the other end.
Although AI can lend itself well to customisation, it can potentially lead to other unwanted behaviour at times. Predatory lending or marketing, where individuals are targeted based on information gathered through machine learning, are only some examples of how organisations or individuals can exploit these technologies. As such, industry policies and standards relating to privacy and prudential behaviour must be continually reviewed and updated as the industry continues to adopt AI and machine learning in various degrees. Financial ethics will play a big part in how AI or machine learning will continue to be accepted in the financial services industry.
The introduction of artificial intelligence or machine learning does not equate to a bleak future for the human professionals. Computers can be tasked with doing the repetitive and tedious jobs such as data processing. Instead of having to manually troll through a copious amount of historical data, a financial advisor can provide customised advice with a click of button. Employees will subsequently have more capacity to undertake higher level responsibilities and expand their skillsets. AI will alleviate some of the monotony of certain jobs and create new focus areas for professional development. Certain types of individuals will embrace this change while others may not. Organisations will need to look at investing time and money into transforming their talent alongside their technology to accommodate this fundamental change in an employee’s role.
Better Fraud Detection
Machine learning has been fundamental in enhancing fraud detection in the financial services industry. Indue’s Financial Crimes service is a prime example of how talent and technology co-exist to provide a whole that is more efficient than the sum of its parts. The service has embraced the benefits of machine learning with its foundation in the Safer Payments platform, which leverages machine learning algorithms to continually enhance its fraud detection capabilities. The platform is a neural engine that analyses a large transactional data pool to detect certain patterns and flag any anomalous behaviours. Indue’s financial crimes specialists leverage the cognitive computing provided by the platform, but strengthens the process by performing the executive decisioning and customer engagement that is critical to fraud management. The platform assists with pattern detection, data modelling and predictive capabilities whilst the specialists provide the emotional intelligence that only humans can offer. This reciprocity approach has been fundamental to the success of Indue’s Financial Crimes service.
To find out more, visit Orion Financial Crimes
The New Payments Platform (NPP) opened up an opportunity for Indue to reinvent our financial crimes service in the mutual sector due to the potential increased risk with NPP over traditional channels.
Dave Hemingway, our Chief Product Officer, discussed how Indue’s relationship with IBMs safer payment solution has resulted in the following benefits:
The announcement coincides with the release of the latest card fraud data for 2017 showing card-not-present (CNP) fraud accounted for 85% of all fraud on Australian cards. This is in line with global trends and reflects the rapid growth of e-commerce and online payments.
AusPayNet CEO, Dr Leila Fourie said that the success of chip technology in preventing in-person card fraud meant that criminal activity was migrating to online payment channels.
“This is the trend internationally, and the Australian industry has mobilised to ramp up the uptake of prevention measures,” Dr Fourie said.
“With fraud values in other areas of card payments either flat or falling, attention is now focussed squarely on online fraud,” she said.
“The framework released for consultation today is the result of collaboration among the entire range of stakeholders in online payments. Card issuers, retailers, card schemes, payment gateways, payment service providers, regulators and industry bodies have joined forces to ramp up the fight.”
Key elements of the CNP Fraud Mitigation Framework include:
Recent Reserve Bank of Australia figures show that consumers spent more than ever on their cards in 2017, with the overall value of card transactions up 5% to $748.1 billion.
AusPayNet figures released today show that card fraud of all types was also up 5% to $561 million, and accounted for 0.075% of the overall value of card transactions. At 7.5 cents in every $100 transacted, the rate of card fraud remained largely the same as in 2016.
Strengthened protection offered by EMV/chip technology resulted in a 48% fall in counterfeit/skimming (in-person) fraud to $31 million, the lowest value since 2006. Lost and stolen card fraud accounted for 7% of all card fraud, unchanged from 2016 and down from 10% in 2012. While in-person fraud fell in 2017, CNP fraud was up 14% to $476 million.
“Through the framework, we are taking a leading-edge approach to tackling the global problem of increasing online card fraud. With a united front, we can have the same impact that the roll-out of chip technology has had in combatting face-to-face fraud,” said Dr Fourie.
CNP fraud occurs when valid card details are stolen and used to make purchases or other payments without the card, typically online or by phone.
“There are some simple things people can do to help the fight against online fraud,” Dr Fourie said.
“Only provide your card details on secure and trusted websites – look for the locked padlock icon. Be wary of offers that look too good to be true. Malware and phishing attacks are becoming increasingly sophisticated, so be suspicious of unsolicited emails and text messages from people you don’t know. Don’t click on the link provided and don’t be tricked into divulging confidential data such as your password,” she said.
Other steps people can take include:
Australians are not liable for any fraudulent transactions on their payment cards and will be reimbursed as long as they have taken due care.
The McKinsey Global Institute looked at five broad categories of AI: computer vision, natural language, virtual assistants, robotic process automation, and advanced machine learning. Companies will likely use these tools to varying degrees. Some will take an opportunistic approach, testing only one technology and piloting it in a specific function (an approach our modeling calls adoption). Others might be bolder, adopting all five and then absorbing them across the entire organization (an approach we call full absorption). In between these two poles, there will be many companies at different stages of adoption; the model also captures this partial impact.
Source: McKinsey GlobalInstitute September, 2018