Other parts of this series:
Occasionally, I’ll tap into the insights of my Accenture colleagues to enrich the perspectives I share in this blog. I want to thank Casey Merolla—one of our payments security experts—for working with me to develop this post. You may have heard her speak on this topic last year at Money 20/20.
Not too long ago, several banks launched what was essentially a virtual credit card for online shopping. With a digital acquisitions process, the vision was to bring consumers a fully digital experience. But the banks experienced so much fraud that they had to abandon the program. This illustrates the tension between customer experience and security in digital payments. Consumers expect personalized, friction-free interactions. In fact, more than 75 percent of the global financial services consumers who Accenture surveyed would share data for personalized and convenient services.1
Yet the more data that consumers share, the more vulnerable they are to breaches. There was a 126 percent increase in the exposure of sensitive consumer data from 2017 to 2018 in the United States alone.2 As challenging as this environment is, it also presents an opportunity. Protecting consumer data is part of the industry’s genetic code. For traditional players, mastering data security can strengthen (and keep) consumer trust and boost competitiveness.
Here are three fundamentals to digital payments security:
1. Non-stop innovation: Win at whack-a-mole
Hammering toy moles only to have them resurface in different places is a perfect analogy for payments security. It’s a constant game of one-upmanship between card providers and criminal sophisticates. When the industry introduced EMV chip card technology to protect payments at the point of sale, counterfeit card fraud rates did in fact drop precipitously but correspondingly increased significantly online. Fueled by the power of technology and their own devious entrepreneurialism, fraudsters have simply moved on to “easier” targets like identity theft and synthetic identity fraud. Tokenization is the gold standard for a strong defense for card-not-present fraud, but expect the bad guys to find new security holes to exploit.
This is why payments providers can never stop innovating. Today, automated bots can complete about 100 attacks every second.3 Imagine what they will be able to do tomorrow. To stay ahead of the criminals, financial institutions need to become as innovative as them. Advanced analytics and machine learning are the next wave, and layer, of protection. They can identify patterns and anomalies that could signal fraud with speed and specificity that humans can’t. This will bring a whole new approach for securing transactions, applications and cross-bank products. The key will be to utilize these technologies without creating speed bumps for consumers.
2. Consumer engagement: Share the power of control
Anyone who follows the news knows how frequent breaches have become. So it’s no surprise that many consumers try to stay vigilant and protect themselves. People are taking it upon themselves to be proactive here. One survey reveals that 77 percent check their bank accounts each week for any unusual activity, and 38 percent say they find problems even before their bank does.4 Tapping into this consumer proactivity and joining forces with consumers in the fight against fraud is a powerful joint defense.
For traditional players, mastering data security can strengthen (and keep) consumer trust and boost competitiveness.
There are many ways to do this. Outreach to consumers about how they can keep their personal data safer, such as smart password management is one way. Card providers already offer consumer-controlled functionality like alerts on accounts for certain transaction types or suspicious transactions, which gives consumers the control to choose how watchful they want to be and dial alerts up or down as needed. These programs have been shown to reduce fraud rates for the people, and issuers, enrolled in them. On-off functionality is another common card control. In the near future, this functionality will also extend to limiting transactions to certain merchant types or geographies. And if breaches do occur, financial institutions must be accountable and transparent. Keeping the trust pact with consumers means notifying them of issues quickly using multiple channels and sharing as much information as possible about what happened, how it is being resolved and what’s next.
3. Industry collaboration: Partner against crime
An industry-wide problem deserves an industry-wide solution. But the reality is that while industry collaboration is highly valuable, it is difficult to execute because financial institutions are reticent to share any kind of data with their competitors. However, there is a historical precedent for collaboration around check payments. Banks can check negative files through systems like ChexSystems® that track people who write fraudulent checks. This limits the ability of the same individual (or identity) to defraud multiple banks.
While there is some small-scale, private information sharing that is occurring in the market, there is nothing like this system today for digital payments. A big data solution that would enable card providers to share “known-bad” credentials, identities, contact information, and digital fingerprints among other identifiers would be a game changer. The industry as a whole would benefit, but there are some significant issues that would have to be worked through related to the customer experience. There is a risk of false identification, and untangling a real, valid person could be very difficult and shatter consumer trust. Balancing security and trust against the convenience of anywhere, anytime payments is the tight-rope that financial institutions need to walk.
This blog concludes my series on critical market shifts in retail payments. Watch for my next post, which will focus on merchant acquiring and acceptance.
1 Accenture, 2019 Accenture Global Financial Services Consumer Study
2 Identity Theft Resource Center, 2018 End-of-Year Data Breach Report
3 Michael Reitblat, “Know Thy Fraudster: The Secret Life of an ATO Criminal” 1/30/2019
4 Dave Excell, “Quantifying Fraud’s Impact on Customers’ Expectations and Behavior” 1/29/2019