As the number of consumers transacting online rapidly grows in lockdown economies, bad actors have followed the money, with a spike in online fraud. However, involving the customer through “intelligent friction” can stymie the efforts of fraudsters.
Over recent months, users flocking online due to the Covid-19 pandemic have resulted in fraudsters launching huge volleys of cybercrime attempts. These volume-based attacks can be described as ‘spray and pray’ efforts and even the new tech heroes, machine learning (ML) and artificial intelligence (AI), are battling to keep up. In fact, the World Economic Forum estimates financial crimes could cost global citizens up to $1-trillion dollars each year.
Things are more focused now. It becomes a numbers game. If you have double the amount of users transacting online, even if you get just a two percent return on your emails, that’s a good rate for any fraudster. What we are seeing now just boils down to new use cases based on the same methodology.
The obvious response to the increase in fraud attempts and especially some for the more sophisticated attempts, is to throw more technology at the problem. However, banks and other organisations are missing a trick if they think they can just rely on new tech like ML and AI.
The problem with so many new users is that you have nothing to compare their behaviour against. No matter how good your ML or AI is, it’s all about relying on user behaviour to predict actions. This ratchets up the number of false positives.
If consumers use their credit card online for the first time, for example, and it gets declined because of a false positive result from the fraud engine, they will be far less likely to try shop online again with that card (or at all). Machines need to experience fraud before they can learn from that fraud – it’s a reactive process.
For this reason, getting the customer involved in the process puts boots on the ground to fight fraud and they are the most invested boots of all.
Imagine if we could reach out to a customer and just ask them, is this really what you want to do? That’s the magic. Nobody knows whether a transaction is real as well as the customer does. This intelligent friction is something to be welcomed.
It’s all about finding the balance, You don’t want to bother the customer too much, but customers want to be in control, even when it comes to paying their existing beneficiaries. Authenticating the transaction instils confidence, and deputising the customer by giving them control builds trust.
Different types of fraud raises its head in different parts of the world depending on local conditions and standards embraced in that location.
You see fraud move around the world. As it’s solved in one place, it moves on to another market. Choosing the best standards is what keeps customers safe — and they needn’t even know it’s happening in the background. Sometimes you experience a kickback from your user base if their experience changes and so updating in the background is sometimes best.
Looking to the future, banks could leverage their position of trust as well as their access to user data to become the custodians of our consumers’ digital identities.
Banks play a significant role in consumers’ lives. The trusted relationship between consumers and their financial institution means that banks are exceptionally well-positioned to play a much larger role going forward. Instead of using my Google and Facebook to log in somewhere in the future, perhaps I can use my bank account, because that’s where the anchor of my identity is.
Like many in this industry, we believe there is room for industry standards when it comes to fraud detection and prevention. There is no reason why the best authentication should be a competitive advantage when it could be an industry standard. However, while this becomes a reality, organisations should waste no time in taking action. The tools are there, there is no reason to wait for the industry to define what should be done.
You can’t be paralysed by worrying about how your customers will perceive the changes. Ultimately, if they are part of the solution and they know that they will be safer, they will be on board. The winning formula is to find someone to partner with who has done it before and done it at scale.
Someone who knows the tech and knows what to expect. And even though fraudsters are constantly evolving and refining their techniques, we know that we can still make a massive dent in the damage they are doing. It’s all about having the right partner.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
