Fraud levels continue to rise, costing consumers in the US and the UK billions each year. While it is clear the financial sector must enhance its defence against fraudsters, it appears current levels of collaboration are not enough – and more must be done to protect consumers.
In response, Payments 20 (P20), the voice of the global payments industry, has published its newest report ‘Public-Private Data Exchange for Fraud Prevention: Best Practice Recommendations’, calling for enhanced public and private sector data exchange using new methods and technologies to fight against increasingly sophisticated fraud.
The report features contributions from leading organisations including J.P. Morgan, McKinsey & Co., the Federal Reserve, FIS, Fiserv, UK Payment Systems Regulator, and Pay.UK on how the public and private sectors can work closer together to tackle the fraud epidemic.
In 2022, the Federal Trade Commission (FTC) highlighted consumers in the US lost nearly $8.8billion to fraud, an increase of more than 30 per cent over the previous year. In the UK, over £1.2billion was stolen by criminals last year – equivalent to over £2,300 every minute.
Although efforts have been made to increase collaboration between the public and private sectors, the way fraud is currently tackled globally requires closer cooperation. Data is often held in multiple locations and data stores meaning a siloed, layered, complex system has evolved, requiring callouts to third parties. Efforts to collaborate on real-time data of transactions are also hampered by privacy laws such as GDPR, which uphold an individual’s fundamental right to privacy. This slows down attempts to combat fraud as soon as it is being committed.
Advancements and the adoption of new privacy-enhancing technologies (PETs) and artificial intelligence (AI) could not only help to resolve regulatory concerns of meeting privacy laws by protecting the consumer’s data but also provide a further defensive armoury against modern cybercriminals.
“Data is critical in this battle”
Duncan Sandys, chief executive officer at P20, commented: “Fraudsters are better organised than ever before and realise the importance of data to their efforts to swindle unsuspecting consumers and businesses.
“It’s becoming more difficult to defeat the criminals but the industry’s defence efforts could take a huge step forward if it was able to marshal data sets and collaborate more across borders. Organisations could create pain points for criminals which will slow their activity down and allow firms to build stronger defences to keep fraudsters at bay.
“Data is critical in this battle and we have worked with leading financial institutions, fraud experts and regulators to compile these recommendations which can help protect consumers from the deep financial and emotional impact of being a victim of fraud.”
P20’s recommendations
P20 has also set out a number of recommendations to help combat fraud and criminal transactions.
- Develop and agree on a protocol and platform for the secure real-time exchange of data between FIs, government agencies, law enforcement, tech companies and telcos to help identify suspected fraud. – The government should issue regulatory guidance on responsible data sharing between entities and on standard data formats.
- The industry should have For Your Eyes-Only access to law enforcement Suspicious Activity Reports (SARs).
- The government should incentivise industries to expand and deepen AI machine learning technologies which can help detect fraud. This will allow the private sector to invest in more AI capabilities, and the entire ecosystem’s payments will be better protected.
- Allow private sector access for the authentication of government data. The public sector holds a significant amount of data, which could be a resource to help prevent fraud.
- The creation of a regulator-led forum to facilitate regular dialogue with the private sector on combating fraud to foster mutual understanding and build trust.
- Government and industry should also work together to develop a fraud prevention protocol setting out circumstances when it is acceptable to override privacy law provisions.
