Cyber security

Making Digital Payments Safe in a Digital World

By Gavin Lock, COO, Senjō Group

This article first appeared on Fintech Innovation, a targeted channel for the banking, finance and insurance industry across Asia under Enterprise Innovation, on 12 June 2018.

The way we pay has changed since Coca-Cola first introduced mobile payment via text messages and ExxonMobil began offering contactless payments more than 20 years ago in 1997. The technology behind digital payments is continuing to improve at a rapid pace, changing the way we pay and consume – as digital payments methods become increasingly integrated into our everyday life.

In Asia Pacific (APAC), the mobile payments market (excluding China and India) is expected to grow to $271.5 billion by 2021 (up from $71.9 billion in 2016) – with the mobile payments market in China alone predicted to grow to $1.4 trillion by 2021. This is primarily driven by the drive to go cashless, the ubiquity of smartphones in the APAC region and preference for “tap and go” convenience that mobile payments afford.

A quick overview of the APAC region reflects the rising popularity and preference of mobile, alternative and contactless payments methods as the region pushes its cashless society agenda:
Worldpay’s 2017 Global Payments Report found that consumers across APAC increasingly prefer to pay online via alternative payment methods such as e-wallets, bank transfers and cash on delivery with e-wallets accounting for 62% of market share in China
The Reserve Bank of Australia Consumer Payments Survey reported that contactless payments accounted for 2/3 of all card transactions in 2016
• The 2016 Visa Consumer Payment Attitudes Study found that 87% of Singaporeans and 75% of Thais use electronic payments more often than cash
• The 2017 MasterCard Mobile Shopping Survey reported that Asia Pacific’s penchant for mobile shopping has also fuelled a steady increase in digital wallet adoption, with more than one in five consumers (22.3 percent) using such payment methods.


ADDRESSING SECURITY CONCERNS

While the use of digital payments methods (such as mobile payment via Apple Pay, Android Pay and Samsung Pay or contactless payment methods such as Visa payWave and MasterPass by Mastercard) has started to become second nature to some, many are still hesitant in going cashless due to the vulnerability of digital systems to fraud and attack. According to the 2018 AFP Payments Fraud Survey, 78% of its respondent’s organisations in the United States were hit by payments fraud. Closer to home, the Experian Fraud Management Insights 2017 reported that nearly half of financial services customers (44%) believe fraud has increased.

There is no doubt that the cost of fraud is immense – it compromises consumer loyalty, brand trust and adversely impacts revenue. But there are preventive measures that both businesses and consumers can take to safeguard their accounts – and the crux of it is data:

1. Leverage data for pattern recognition modelling: Data is extremely effective when looking to combat payment fraud. The use of data can help with early detection of fraud patterns by comparing the frequency of transactions, velocity and size of payments against the customer’s behaviour pattern. Financial institutions can work with businesses to leverage these insights to generate real-time automated detection, responses and alert consumers immediately should a possible fraud incident arise.

2. Use multi-factor authentication: Whether it’s biometric authentication, fingerprint or facial recognition technology, mobile devices are perfectly suited for multi-factor authentication. Additional methods of authentication are identification questions, PIN codes and phone number verification where a one-time password is sent through a separate communication channel (telecom network channel in addition to IP channel). The combination of authentication methods will go a long way in preventing identity fraud for payments.

3. Ensure multi-channel integration: With the plethora of channels, payment methods and systems available globally, it has now become critical for organisations to integrate all their channels to produce a single source of “truth”. This involves the use of a shared platform to manage payment fraud systems and monitor digital payments channels. By capturing the movement of transactions and payments from all channels and the application of a consistent fraud prevention logic, businesses will be better equipped to prevent hackers looking to bypass traditional detection systems on one standalone channel.

4. Move from encryption to tokenisation: Tokenisation completely removes credit card data from a company’s internal networks and replaces it with a unique, generated placeholder (token) that cannot be reverse-engineered. This means that the merchants will only be able to use the token to retrieve the customer credit card information while the customers’ real credit card details are stored in a highly secure facility.

5. Use of machine learning and artificial intelligence (AI): As fraud attacks get more sophisticated, there will be an uptake in the use of machine learning and AI to increase the accuracy of real-time approvals of transactions and reduce false declines using automated credit risk and fraud scores calculations.

The collective use of a layered approach to fraud prevention including the use of real-time data analysis to detect and prevent possible fraud incidences and use of machine learning and artificial intelligence will be key to making payments safe in a digital world.