Markets' Perfect Storm: How Financial Companies Can Prepare
By Jim Gasaway, CTO, Kount
Jim Gasaway, CTO, Kount
There are seemingly hundreds of emerging technologies that claim to protect institutions and make transactions safer, but it’s almost impossible to keep up with what’s new and what actually works. Despite the number of new solutions available that promise stronger security, a string of trends has left financial institutions more susceptible to fraud than they realize. There are three storms that are poised to combine and create the “perfect” storm against any company that handles consumer and business accounts, including capital markets.
“The solution is not to tackle fraud in a blanket fashion that can turn away customers and lessen profits, but rather strike a balance between enabling legitimate transactions while barring suspected fraud.”
Recent large-scale data breaches that provide cyber criminals with an abundance of highly valuable financial information, the EMV regulations in the U.S. market is pushing more criminals online, and the shift to mobile channels and payments have made it much more difficult for companies to detect and prevent fraud among transactions, including within financial services. This series of events has created a more dangerous marketplace, increasing the pressure on financial companies to make sure they are aware and equipped with the right tools to protect themselves against fraud. Financial companies may be caught in the middle of this "perfect storm" if they are not prepared. The solution is not to tackle fraud in a blanket fashion that can turn away customers and lessen profits, but rather strike a balance between enabling legitimate transactions while barring suspected fraud.
In 2015, more than 1,600 breaches were reported, resulting in 707.5 million records being compromised worldwide, according to Gemalto’s Breach Level Index. As a result of these breaches, large amounts of company data can be easily purchased online and used by fraudsters before anyone becomes aware of the breach. In addition to security measures that protect their own customers’data, financial institutions must also be on the lookout for fraudsters utilizing stolen data who pose as legitimate customers.
New technologies and solutions aimed at decreasing fraud have created a false premise that transactions are becoming more secure when in fact, the opposite is the case. For instance, the recent shift to EMV, or “chip and pin,” technology is driving fraudsters to adjust their tactics to focus on card-not-present transactions, where the EMV chip is irrelevant. The result of these adjustments is a dramatic increase in online fraud in every market that EMV has been implemented. As one of the largest global economies in the world, the U.S. and its pending shift to EMV will almost certainly have a global ripple effect.
Additionally, mobile is on the rise within the financial services sector—according to a recent study from the Federal Reserve, 43 percent of all mobile phone owners with a bank account had used mobile banking in the 12 months prior to the survey, up from 39 percent in 2014 and 33 percent in 2013. The Kount Mobile Payments & Fraud Survey: 2016 Report found more than 90 percent (90.9 percent) of financial service organizations consider a mobile strategy ‘very important’ for growth.
Fraud on mobile channels will only continue to increase, as individuals are becoming more comfortable with using their phone as their wallet and primary device for business transactions. But some clear vulnerabilities with mobile transactions mean that fraudsters will quickly find and exploit the weak points in a system, making the evolving mobile landscape a key target. These vulnerabilities include the fact that mobile devices typically store financial information among other personal identifiers on the device, essentially allowing fraudsters to bypass many online payment security measures. That means that there are also weaknesses for those in capital markets.
So how can financial companies protect themselves against fraud? While the solution for each organization differs, here are three tips to better safeguard transactions and your business from the high costs of fraud:
Annual Fraud & Payments Audit
The market is changing too rapidly to think that what a merchant did last year will be fine for this year when it comes to mobile payments and fraud issues.
Ensure IP location, Billing, and device information are in Sync
Always verify the various elements of each transaction to ensure they are in sync. Also, know what kind of device your customers are transacting from – whether a transaction is made through standard desktop channels or via a mobile device may impact the nature of the transaction and influence the likelihood of fraud.
Investigate Multiple Transactions Coming from a Single Device
Fraudsters will attempt to run multiple transactions in succession. This is also known as “card testing,” when fraudsters try to validate stolen cards or accounts and leave businesses open to fraud. Multiple transactions from different accounts coming from a single device is a strong indication of fraud.
Work with Your Payment Service Provider (PSP)
Don’t assume your PSP or payment gateway is reviewing transactions for fraud or that they are doing it very well. Online organizations still hold the major liability of fraud losses. Some PSPs are working to implement fraud tools that can be very helpful in mitigating losses.
There is currently no shortage of tools to help businesses, from complete fraud prevention software systems to ID authentication, mobile geo-location, fraud scoring, device identification and more. But with the current state of fraud and business, capabilities need to operate seamlessly together and in real-time. The solution is to better understand your customers and the context behind order details to prevent truly fraudulent transactions, while also protecting the legitimate ones.