Will strong anti-fraud measures in Europe increase cybercrime in the rest of the world? ECOMMPAY’s Counter Fraud Team Lead Daniel Sevskis sat down with PaySpace Magazine to talk PSD2, anti-fraud trends, the ‘American Paradox’, and how technological innovation has impacted the fight against fraud.
What are your biggest predictions for the fraud landscape in Europe and globally?
I have a couple of personal hypotheses that I’ll be keeping an eye on over the next 5 years. You probably already know about the recent regulatory changes that relate to the fight against fraud: PSD2 and the subsequent change in the 3D Secure protocol (EMV 3DS). As a result of this, I predict that the situation in Europe will become much worse in the near future and the scale of fraud will grow many times larger.
First of all, the immediate response of many issuers will be to make changes to legacy security software that was originally engineered by developers who aren’t necessary at the same company anymore. Consequently, these modernisation attempts can end up breaking something or leave the business vulnerable to attack.
Secondly, there’s a difficulty with payments that feature ‘invisible authentication’. While people are learning to use it, and issuers work their way through the kinds of transactions they can conduct, everything will be a bit worse. The possible outcomes are either the screws tighten and conversion worsens, or they unwind completely and fraud reaches new heights.
The third consideration is this: in a couple of years, when the situation stabilises and improves (because the technology is, ultimately, good for the industry), fraudsters will begin selling stolen data more cheaply to get rid of the soon-to-be-illiquid assets, meaning more fraudulent transactions. That’s trend number 1.
My second hypothesis is that as soon as Europe gets its house in order, the situation in the rest of the world will worsen considerably due to focus switching to other parts of the world. There’s already bad security to take advantage of in developing countries. Even in America, the payment technology is full of seams for fraudsters to pick at. Those of us operating in these markets will suffer from these changes, but we’ll continue fighting the good fight.
Training on Tech
What are the problems facing the American market?
Technology in America is lagging far behind other regions. An Apple credit card launch is perceived as some kind of massive, ‘mind-blowing’ breakthrough. In Europe, meanwhile, an internet bank with that kind of payment functionality is so familiar that people are bored by it. In fact, Russians were already asking why we can’t pay with a smartphone or smartwatch for anything anywhere three years ago. For a number of reasons, technology arrives late to some places. In America, plenty of transactions are still conducted with cheques. Smartphones are only used to snap a picture of the cheque to send to the bank. That has ramifications for cybercrime and anti-fraud.
What would you say is the reason for that lag?
The current situation suits them. In most cases, technology arises to satisfy consumer needs. America has a very strong group of big companies that don’t want anything changed – they’re doing well as it is. They’ve divided the market and it’s not profitable for them to go through the effort of remaking and modernising all their systems and equipment that was built who-knows-how-many years ago. They’re fine, so why would they? Their customers don’t complain; they’re used to it.
So you don’t consider that this conservatism is related to the regulators putting pressure on cryptocurrency projects from the likes of Facebook and Telegram?
American regulators are highly politicised, and American politics makes money. Once upon a time, America turned a blind eye to crypto, which had its two main markets in China and America. Then, suddenly, the US launched a law that forced people to declare their annual crypto income, and China is looking to ban it altogether. That is to say, they allowed the first wave to be an absolutely legal avenue for money laundering. I think the assumption is that, in addition to the lucky few average Joes, there were some individuals in positions of power who took advantage of this environment and are now looking to regulate it.
You said that the US market is lagging behind on payment tech. How well protected are US payment schemes, like Visa and Mastercard, against fraud?
It seems to me that if Visa and Mastercard were to suffer real losses, losing millions, they would fight the problem more actively. Nevertheless, Mastercard is one of several companies that have introduced behavioural biometric security measures to protect themselves against fraud. Still, the development of anti-fraud tech isn’t their main specialty, nor their main source of income. In some ways, they just don’t have to keep up with Visa to stay competitive. They have a problem in the form of regulator squeeze, too. At first, they had their arms twisted with strict authentication requirements, forcing them to launch 3DS 2.0 as a matter of urgency, and they’ve really struggled with it since. Sure, they’ve achieved something on the security front, but it’s not the main goal of the company. They’re not an anti-fraud solution provider that makes its money from the amount of fraud it stops; it’s just not high on their list of priorities as a business.
Making Customers’ Lives Easier and Fraudsters’ Lives Harder
Do contactless and online payments make life easier or harder for scammers?
Naturally, they make the scammer’s job easier due to the lack of password and PIN requirements. So far, however, there hasn’t been much direct correlation between the growth of that technology and fraud, especially in the case of contactless payments. From what I’ve seen of different reports on this, there’s not been a proportional increase in the number of scams using contactless payments. With online transactions, it’s true that fraud has grown, but that’s more to do with the fact that online transactions themselves have grown in number. It’s growing in line with the market, in which online transactions are displacing the offline, and that’s completely normal. Anti-fraud tech just needs to keep up.
So you don’t see any connection?
No. Logic might dictate that it should exist, but the numbers say it doesn’t. If I have to pick between logic and numbers, I’d probably veer towards the numbers. Besides, there’s nothing we can do about it. The technology will evolve, and right now the direction of that evolution is towards making it more convenient for users to make payments, because that’s what millennials want. We can write as many articles as we want to saying that if you check one thing, or stop checking another, then everything’s bound to collapse. The truth is, none of that will make a dent. By giving people the opportunity to pay the way they want, we positively impact the whole ecosystem, including the fight against fraud. Security changes need to be addressed at a different level, not at the expense of making people’s lives more complicated. That’s what payment systems are doing right now.
It's imperative to properly regulate how acquirers verify transactions and to ensure issuers maintain high standards. They themselves are looking for opportunities to detect fraud, so it’s important to have the framework in place. All market participants (excluding cardholders) should contribute, which for a long time wasn’t the case. I’m much more optimistic about anti-fraud these days; people are finally pulling together to launch a unified counterattack.
Learn more about ECOMMPAY’s anti-fraud systems!