If the pace of product innovation in the payments industry has demonstrated one thing about human nature, it is the fundamental desire to seek the path of least resistance. This impulse has been a key driver of the migration of commerce to digital channels over time (particularly mobile), as well as the development and adoption of new payment services to streamline and remove friction from these customer journeys.
The level of investment made across the industry to deliver these improvements has been substantial. However, providing digital payment services will always involve striking a balance between customer convenience and fraud risk. It is always tempting to focus on the level of sophistication that can be found in many of today’s newest digital payment experiences, but it should be remembered that these are largely possible (at least within a sensible risk tolerance) because of advances in the security, fraud detection and risk scoring technologies that underpin them.
Recent advances in technologies such as behavioral biometrics, the use of machine learning in fraud detection, and device level security have all helped to ensure that, behind the customer-facing payment experience, the risk of fraud can be maintained at an appropriate level.
Unfortunately, the criminal community also continues to invest in its capabilities, and the release of the UK’s official payment fraud statistics for 2018 make for sobering reading. Following a year of decline in 2017, the total value of fraud lost on UK-issued payment cards grew to £671.4m ($870m) last year, up 19% on the prior year. Within this, card not present (CNP) fraud losses were £506.4m ($658m), increasing by 24% on the previous year and now accounting for 75% of UK card fraud.
While UK fraud losses remain low relative to total payment volumes (8.4 basis points for 2018), the rate has increased relative to the 2017 level. Addressing these challenges will require an increased focus on each of the core pillars: customer education, industry collaboration, and investment in technology. In addition, the rollout of initiatives such as 3D Secure 2.0 and the Strong Customer Authentication provisions under PSD2 will also help to address the growth in losses.
Alongside the growth of card fraud, 2018 also saw a rapid increase in authorized push payment (APP) fraud. This is becoming a considerable challenge for banks, a £354.3m ($461m) problem in fact, and is something that practitioners in any market with real-time payments infrastructure should watch carefully. In cases of APP fraud, a criminal convinces a victim to send funds to an account they control, often as a result of social engineering. This can be very difficult to stop, because the customer makes and authorizes the payment, and so traditional fraud screening technologies have only a limited impact. In addition, without the standard protections that surround card payments, many customers, both consumers and businesses, have been left to shoulder the losses.
The industry has responded, focusing on customer education in particular, but it is clear that further investment is needed to address this challenge. The development of new process and technology solutions to aid both detection and recovery will be important, particularly around better tracking of the onward flow of funds from these frauds. In addition, a payee confirmation service is also in development in the UK (although delayed until at least 2020).
Ultimately, while the payment industry has been hugely successful in enabling customers to transact in a friction-free way, the fight against fraud is never won.
Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.