In the finance sector’s hunt to improve ways to combat the scourge of payment fraud, biometric verification technology is coming to the fore and being adopted by banks, especially when it comes to card fraud. Artificial Intelligence, often touted as the next major evolutionary step in technological advancement, will also play a key role in the development and deployment of crucial tools to help gather customer behaviour data for the banking industry to deliver safe, secure and meaningful services to their customers. Zoya Malik, managing editor TFT speaks to biometrics, cards and payment experts to discuss trends in averting payment fraud
The status quo
Financial institutions are routinely subjected to the costly consequences of card and payment fraud. With fraudsters inflicting both financial and logistical damage upon these organisations, the challenge of clearing up the mess that’s left behind can be highly alarming and significantly costly. UK Finance reports that in the first half of 2018, fraud losses on just debit, credit, charge and ATM cards alone issued in the UK, totalled an astonishing £281.2 million. Such is the gravity of the issue. In fact, there were 1,036,367 cases of unauthorised financial fraud across payment cards, remote banking and cheques during January to June 2018, a rise of 10% compared with the year before, which highlights just how serious and urgent this problem really is.
The picture is even more alarming when you look at the overall figures covering other areas of the payments industry but to understand the numbers, you have to be aware of a ludicrous distinction made by the finance industry between “authorised” and “unauthorised” fraud. The UK Finance report, Fraud The Facts 2019, defines an “authorised fraud” as an “authorised push payment fraudulent transaction where the genuine customer themselves processes a payment to another account which is controlled by a criminal.” An “unauthorised fraud” is “a transaction where the account holder does not provide authorisation for the payment to proceed and the transaction is carried out by a third party.”
UK Finance reports that in the first half of 2018, fraud losses on just debit, credit, charge and ATM cards alone issued in the UK, totalled an astonishing £281.2 million
Taken within that context, unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16% compared to 2017. Banks and card companies prevented £1.66 billion in unauthorised fraud in 2018. According to UK Finance, this represents incidents that were detected and prevented by firms and is equivalent to £2 in every £3 of attempted fraud being stopped. In addition to this, in 2018 UK Finance members reported 84,624 incidents of authorised push payment scams with gross losses of £354.3 million.
However fraud happens, the threats to the efficiency and security of the banking system manifest themselves every day as institutions are subjected to the costly consequences. The damage can be pervasive within an organisation and, naturally, affects the customer as well.
Dave Orme, SVP at IDEX Biometrics, gets to the heart of the matter, “How would you react if you saw a transaction that you know you hadn’t made, show up on your payment history? Aside from an initial sense of dread, cardholders are forced to take time away from their lives to report stolen cards, cancel cards and wait for new ones. No matter who you are, payment card fraud can be a serious problem.”
The fault in our stars?
There is no single reason for these figures; impersonation and deception scams, as well as data breaches, have all played their part. But the UK is becoming an increasingly cashless state with debit card payments having overtaken cash payments for the first time recently, so institutions have no real option but to stop the fraudsters. The obvious question is, how?
Financial institutions currently bear much of the impact of card fraud, and in response are investing heavily in machine learning, predictive analytics and other cutting-edge technologies to beat the criminals. These are having some effect; in 2017, fraud losses on payment cards fell somewhat, which contrasts with 2016, but even so there was still £566 million lost to payment card fraud alone and seven pence in every £100 spent was fraudulent, a very worrying statistic in a society that is rapidly increasing its reliance on cards. In other words, payment card fraud has been a huge problem for a sustained period of time and the steps currently being taken to stop it, are not effective enough.
In a society that, increasingly, relies on technology, payment cards are the weak link; or rather, the behaviour of the people who own and use payment cards are the weaker link. It is human nature to make the mundane administration of life easier, but we all know how dangerous writing down your PIN can be because you keep forgetting it (and worse still, keeping the card and the PIN together.) Many people are also guilty of sharing their PIN and card with their friend/partner/relative to enable transactions without the need to be present. Others give out cards and PINs to trusted people because they are elderly or have mobility problems and getting the necessities of life is so much easier that way. All these behaviours are very common but they are also making card crime very easy.
Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16% compared to 2017
Orme suggests that people fail to keep their PINs or other card details safe not because they are inherently foolish or lazy, but because PINs are simply unfit for purpose. To be effective they demand a far higher standard of discipline and security from human nature than human nature is ever likely to produce. The result is a massive headache for individuals, financial institutions and businesses all over the world. But if not PINs, then what?
Biometrics, including fingerprint recognition, is a field increasingly recognised as holding the key to card fraud prevention and while financial services firms may now be looking at large-scale use of biometrics, in other security-conscious sectors this has already happened. For example, many smartphones, which are themselves fast becoming the twenty-first century replacement for the wallet, are protected via fingerprint authentication. Passports are also routinely issued with biometric authentication built in, as are government ID cards. Biometrics are used where security is non-negotiable.
Orme explains that, “Until recently, including biometric authentication in a payment card was very difficult. This is because it required a sensor to be incorporated in the card and for many years those sensors were too large and inflexible to make that viable. However, there have been breakthroughs in this technology recently and we are now able to deliver a very thin, flexible fingerprint sensor that is easy to add to a standard card, so the major barrier to using biometrics with payment cards has now been overcome.”
In the pursuit of mass market adoption, biometrics companies are now working to make biometric authentication affordable, practical and available for payment card users and issuers. With biometric companies already partnering with banks, financial institutions, payment processing firms and smartphone manufacturers, biometric smart card payments will soon be a reality for all. Through the arrival of this advancement, financial and security businesses, are given a far stronger barrier of defence against payment fraud.
As if on cue, NatWest Bank have just announced that they are launching a biometric payments card pilot with about 200 customers. As part of the trial, these customers will use biometric fingerprint data to verify transactions over £30, increasing security and making it easier for customers when paying for goods or services at the tills as no PIN is required.
David Crawford, Head of Effortless Payments at NatWest said, “We are using the very latest technology across our business to make banking easier for our customers and biometric fingerprint cards are one of the many technologies we are exploring further. This is the biggest development in card technology in recent years.”
NatWest is working closely with digital security company Gemalto along with Visa and MasterCard to bring the service to customers in the UK. Howard Berg, UK MD of Gemalto said, “Using a fingerprint rather than a PIN code to authorise transactions has many advantages, primarily enhanced security and greater convenience. Cardholders can pay quickly and easily with just a simple touch, and they no longer need to worry about the limit on contactless payment transactions.”
Fortunately, AI has the potential to both help streamline customer interactions and to sift through customer data in a far more efficient manner
What about AI?
Traditionally, there has been an emphasis, not just in banking but in many industries, on having large customer support teams providing face-to-face service to their clients with even bigger teams, in the background, working out customer needs and the products/services required to satisfy that demand. All of that costs money and, in itself, presents management challenges. This modus operandi had modulated slightly with the advent of Fintech products but it is the advancements in AI which are actually allowing both banks and Fintechs to significantly reduce their costs for dealing with their customers whilst still providing personalised and dedicated support.
As Hardik Shah, Group Head of Product at Currencies Direct puts it, “When it comes to customer engagement and retention, conventional wisdom emphasises the need for a ‘personal touch’ when addressing consumer needs. Fortunately, AI has the potential to both help streamline customer interactions and to sift through customer data in a far more efficient manner, allowing firms to more easily tailor their promotions and the consumer journey.” The run-on effect is that AI can be adapted to spot fraudulent transactions.
Companies like Currencies Direct, who maintain a payments platform utilised by a number of banks for providing online local and international payments facilities for their customers, are also relying, increasingly, on the use of AI to aid in fraud detection and prevention. Shah explains the philosophy behind the growing reliance on AI, “As machine learning comes into its own, AI is fast becoming the cornerstone of the financial industry’s fight against fraud and is already being used for anomaly detection throughout the sector. It’s the ability of AI to quickly and efficiently process large volumes of data that has elevated it to the holy grail of fraud protection and prevention, with AI able to pin-point malicious trends and adapt to new data far faster than any human”.
He continued, “Ultimately and as pertaining to payments, CNNs (Convolutional Neural Networks) can help drive machines into determining fraud intent and customer profiling, again effectively allowing the system to intercept the fraudsters. These models are able to process equally complex data sources encompassing the qualitative, as well as the purely quantitative. When combined with the benefits of speed and efficiency, this makes AI an increasingly formidable force in the fight against fraud.”
Puneet Taneja, EVP at Teleperformance Digital Integrated Business Services (TP DIBS), offers an additional perspective stating, “The rise of cybercrime has led to a new generation of fraudsters using technology to come up with new and innovative ways to steal hundreds of millions of pounds from customers, all while remaining undetected. Overcoming fraudulent losses has the natural flow-on effect of boosting customer satisfaction, one of the key factors to banks’ long term financial health. If customers view banks as being up to date on the relevant technologies to keep on top of inbound fraud, reputational equity builds and so too does customer satisfaction. This relies on banks being able to tackle the issue of fraudulent transactions in real time, in a proactive manner, rather than taking a reactive approach.”
What is the next waypoint on this technological journey?
The results, thus far, are encouraging. TP DIBS claim that their work with a leading bank has seen a 50% reduction in anti-money laundering alerts and a 98% increase in fraud detection – good news for risk management. This was accomplished through digital profiling, which examined customer data available from an existing information source, alongside determining how data can be stored and changed. Encouragingly, Taneja adds, “While it is all well and good to harness the power of existing technologies and data analytics to spot irregular data patterns to highlight suspicious transactions, this is only half the story. Employing a greater number of customer service agents who can aid in the risk management process can similarly help banks pre-empt fraud and treat the causes of financial loss, as opposed to the symptoms.”
This is a familiar sentiment with other industry experts agreeing that the “human touch” should not be forsaken. While there are clearly many opportunities for fintech firms to leverage AI to improve efficiency, security and customer service, they should also be aware of the development needs. Shah adds, “First of all, most AIs have a very narrow focus, excelling at a single task but unable to deviate, resulting in a large investment in a resource that cannot easily be diverted to different areas of the business. On top of this, financial firms must be vigilant in regards to the quality of data inputted into systems, this may require the investment of significant time and effort to prevent the risk of rogue data distorting the algorithms. But, potentially, the greatest challenge is how to solve the question of liability should something go wrong. AI is far from infallible and still requires human input at various stages, such as the validation of critical activities, so we won’t be moving to a fully automated world anytime soon.”
“The rise of cybercrime has led to a new generation of fraudsters using technology to come up with new and innovative ways to steal hundreds of millions of pounds from customers”
The International Data Corporation (IDC) predicts the world will be creating up to 163 zettabytes of data a year by 2025 necessitating greater incorporation of intelligent algorithms in day-to-day life and as AIs become increasingly affordable to develop, deploy and manage, we are likely to see more widespread use in the fight against crime. According to Gartner, by 2020 chatbots will be handling no less than 85 per cent of all customer service interactions. This necessarily means that chatbot technology algorithms will become more sophisticated to measure sentiment, mood and customer behaviour as a way to track customer interactions and to prevent fraud throughout the end-to-end process of the digital customer journey.