With a mammoth £268M lost to cybercrime in the last 12 months, the time has come for banks to do more to tackle online payment fraud according to Nexmo’s Srivatsan Srinivasan
As new innovative technologies continue to change the way payments are processed, it is no surprise that the UK has been victim to over 1.3 million instances of payment fraud in the last year. Gone are the days when transactions were secured with a signature or verified by a PIN number. The rise of the internet has forced people to take the risk of paying online without any reliable means of verification whatsoever.
As m-payments become increasingly the norm, online marketplaces have become an alluring proposition for fraudsters. The recent TalkTalk and Vodafone cyber-attacks have only highlighted further the need for financial institutions and payment processing service providers to undertake a bigger role in protecting consumers.
Do banks see damage limitation as a cheaper alternative?
With the rapid increase in mobile banking, fraudulent activity has inevitably increased. But before we consider the responsibility afforded to these financial institutions and payment processing services, it may first be prudent to establish awareness.
According to the Global IT Security Risks Survey 2015, the banks seem confused as to their responsibilities. The survey conducted by research specialist B2B International and Kaspersky Lab stipulates that only 67 percent of banks said that providing a secure connection was mandatory.
But how much does fraud prevention cost? Is it cheaper just to pick up the pieces once the damage is already done? The study confirms this suspicion, with 48 percent of financial institutions stating that the measures they take are designed to mitigate rather than solve the problem. In fact, 29 percent of the organisations claimed it was cheaper to deal with fraudulent activity once it had already occurred, rather than preventing it from happening in the first place.
Who else must take responsibility?
This then passes the responsibility on to other parties. As mobile payment providers such as Apple, Google and PayPal continue the battle to gain traction and market share in Europe, consumers are left more susceptible to fraud in the melee as payment technology advances outpace security advancements. Even the European Union has proposed to amend existing regulation to improve the security of payments and facilitate the emergence of innovative new mobile and internet payment methods.
Payment service providers, in particular, must also address this problem. They could be deemed liable for clients’ losses if they fail to act to prevent fraud or not implement a strong customer authentication process. However, strengthening the authentication process must not come at the expense of user experience, as this could potentially lead to shoppers abandoning their transactions. Does this then call for a risk-based authentication scheme which will allow the service provider to implement a One Time Password (OTP)? So, even if the banks have not implemented an OTP, the service provider is able to confirm that the user is who he/she says she is depending on risk indicators such as the size, location or the velocity of transactions.
Srivatsan Srinivasan is product leader at Nexmo
All clued up on mobile payments? Try our quiz!