Insights Digital & Analytics
Payments Will Soon Disappear
With more than 20 years in financial services, Neira Jones has played a leading role in revolutionizing payment security. Formerly, Director of Payment Security and Fraud at Barclaycard, she was responsible for the security compliance and risk management of some 100,000 merchants and 3rd parties, as well as developing innovative fraud offerings. Neira who is an InfoSecurity Europe Hall of Fame alumni also received the Acquiring Personality of the Year 2013 Award (Merchant Payments Ecosystem) and voted to the Top 10 Most Influential People in Information Security.
I had the opportunity to interview Neira prior to her speech at the event so that she could introduce us to the world and the future of real-time payments.
1. Collaboration is of strategic importance in fighting fraud. However, banks seem reluctant to collaborate and share data. Why is that so?
In general, banks are reluctant to share information on anything, for competitive reasons. However, this has changed a lot over the last few years, mainly as a result of the increase in cybercrime. Some threat intelligence sharing initiatives such as the CISP have also been quite successful. The Cyber Security Information Sharing Partnership is a joint industry and U.K government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on businesses.
When it comes to fraud information sharing, collaboration is mostly driven by vendors in the fraud prevention space. Fraud prevention should be looked at in a holistic fashion. Obviously, collaboration is absolutely critical as it plays a huge part in the overall fraud prevention and detection. There also needs to be a convergence in the fight against fraud. Rather than a separation, there should be more convergence between things that used to be separate.
Banks and financial institutions in general, have to work together and be as organized as Organized Crime itself.
2. What were the most significant challenges the UK faced during the migration to Real-Time Payments?
- Inability to quickly identify the pain points of the consumers. This is because, even though consumers had been crying for such a service, the banks had to be pushed (by regulation), to implement it. In 2011, three years after launch, still only a few banks offered the service, and the deployment was inconsistent across the banking community. Additionally, transfer limits were at the bank’s discretion, so one bank may offer up to £10,000 and another only £300. Consumers wanting to use the service found this difficult to understand. There was also no marketing and adequate communications in the early days, and certainly no value-added services.
- Early consumer adoption was not automatic. This was due to a lack of awareness of what was possible. We are now observing this currently with the slow consumer adoption of Open Banking, which is also due to low consumer awareness.
- Lack of adequate infrastructure initially and having to justify the infrastructure investment and integration costs, bearing in mind the need to start at low volumes before scaling up rapidly. The payment systems available in the past rarely offered 24/7 availability. But in a real-time payments system, around-the-clock availability is part of the equation.
- Effect on liquidity management could not be easily predicted. With real-time payments, time is a luxury, and always creates a challenge for the treasury.
3. Despite the fraud-fighting tools and strategies the banks are putting in place, fraud has been on the increase. What are the reasons for this resurgence?
It is interesting to note that fraud keeps evolving but still often goes back to its old ways. It is like a hand squeezing a balloon. If you squeeze one part, another part pops out. Fraud is acting the same way. Once you curb one aspect of fraud, it appears somewhere else. This is why we are seeing a resurgence in some fraud types. Take ATM frauds for example. This used to take place in the 80s and 90s. Following the path of least resistance also makes economic sense to criminals.
Whilst the most obvious fraud related to real-time payments is Authorized Push Payment (APP) fraud, real-time payments actually feed a complex fraud ecosystem, driving other fraud types including account takeover, application fraud andmoney-laundering. This, along with increased digitization, is a strong reason for banks to take a more holistic approach to fraud prevention and cybercrime - one that works across channels and covers payment mechanisms and the customer lifecycle.
4. Tell us more about Authorized Push Payment fraud and the effects on the entire system
Authorized push payment (APP) fraud has been in the news recently in the UK because of the consumer trade association Which Super Complaint. The advent of real-time payment schemes, such as Faster Payments in the UK, has made push payments more attractive to criminals because they can quickly take the money and run. This type of fraud is on the rise and happens when fraudsters deceive consumers or individuals at a business to send a payment under pretenses to a bank account controlled by the fraudster, using social engineering.
As payments made using the real-time payment mode are irrevocable, the victims cannot reverse a payment once they realize they have been conned. It is like putting a letter in the post. Once in, it is gone. However new models of real-time payment schemes are increasingly using the ISO 20022 messaging format that can carry more data and therefore provide more safeguards.
5. Alternative payments and the rapid increase of non-bank players in the retail payments environment have revolutionized the payments system. Does this pose a challenge from a security perspective?
The new entrants are indeed redefining the payment ecosystem, but there still remains a huge difference between them and the banks. The big banks are used to being regulated as well as managing risks. With the new players, security is not at the forefront of their strategy.
Fintech companies and new real-time payment service providers would need to be more risk-conscious and incorporate data protection at the onset by design. As they do so more and more, they will improve the overall payments system and pose a more significant threat to the banks.
6. How big a threat is technology disruption to the financial industry? What other major threats should Canadian banks be worried about?
Technology is easily the biggest challenge currently facing the entire banking industry. We now operate in an environment that is promoting innovation and putting the customer first. This has enabled non-finance entrants to penetrate the market. But the biggest threat facing the banks are not the Fintechs, but rather the large technology companies. Because suddenly they can have a piece of the cake too.
Google and Facebook have all penetrated the payments market. The likes of Ali Baba and We Chat are also rapidly entering the payments system on the strength of the billions of people they have on their platforms. Not forgetting Amazon that is pretty much revolutionizing everything they touch. They are doing exactly the same with payments.
These tech companies have a comparative competitive advantage over the banks in their superior digital skills. The technology companies start from a digital standpoint, whereas the banks don’t. With the recent emergence in digital banking and technology, the banks lack those technical skills. They then turn to Fintech companies who are able to respond to the digital problems quickly. However, a gap may still exist. Though the technology solution may solve the immediate problem, the technology companies do not always have the data governance, compliance, and security foundation. This may leave the solution vulnerable to future problems.
The banks have built a solid foundation over many years that is strong in compliance, privacy and controls for a solid overall banking experience for clients. This will remain a strategic differentiator. The banks, however, need to go beyond compliance to stay competitive. They should provide more value-added services and try to build an ecosystem just like the technology companies are doing, so they are not left behind.
7. What direction do you see the industry going and what will payments look like in the future?
As the digital era becomes increasingly dominant, traditional payments as we know them will be more and more in the background. This is driven by new consumer behaviour. The average individual does not get up in the morning and say I am going to make a payment. They think of doing or buying - not paying. The word payment is actually a bit of a pain.
We want to be able to conduct any activity ubiquitously, anywhere, at any time, and from any device. Moreover, we want the experience to be seamless. Therefore payments will become increasingly buried in the activity they are linked to. We have seen this happen first with in-App gaming payments. These payments are so seamless that you have to watch your kids when they play on your phone, lest you are faced with a massive bill at the end of the month.
What will happen in the future is that we will concentrate more on the experience and payments will disappear and just be part of the experience, whatever that experience may be. Payment as an act may eventually have to give way to “experiential transaction.”
If you would like to watch Neira speak about the lessons learnt from the revolution of real-time payments in the UK, kindly register for the 2018 Innovation Summit. Entry is limited and carefully gated, we encourage you to reserve your seat ahead of time.