There’s no soft version, no smoothing it over. Companies charged with protecting people’s data lost ground in 2020, after an abysmal 2019 of breathtaking data breaches. Yes, the pandemic explains a great deal of the new action. Preparedness (or lack thereof) explains the rest.
“This year has been even worse on the fraud front,” we learn from the new PYMNTS Preventing Financial Crimes Playbook, done in collaboration with NICE Actimize, “as financial crime stresses FIs that are already confronting the pandemic, economic struggles and an unpredictable political climate. Digital and mobile payments are surging as businesses and consumers transact from home, and this increased digital engagement has opened the door to more financial crime.” Per the Playbook, 21 percent of all fraud attacks “were waged on mobile transactions in the first half of the year and 37 percent of them originated from mobile devices.”
If we’re talking mobile payments, we’re talking peer-to-peer (P2P) instant transfers too. It’s a major focus of players in the space. “Securing P2P apps as well as other financial accounts will require banks to upgrade their security protocols and customers to take their security more seriously,” per the Playbook. “Just 37 percent of bank customers use separate passwords for different accounts, for example, and 22 percent use two to five passwords across all their online profiles. This means that even one compromised account could threaten all others that rely on the same credentials, potentially costing victims a fortune in stolen money and data.”
P2P Is A Double-Edged Sword
P2P is a current wonder of the world because, after all, who doesn’t like instant money? It’s ranked second only to “free money.” If only the scoundrels would let people enjoy it.
“The ubiquity of these apps belies serious security concerns,” the Playbook states. “Fraudsters utilize numerous schemes to intercept these payments or trick app users into paying them directly, and the problem has worsened as the apps have gained popularity. The number of P2P payment fraud victims has increased by 733 percent since 2016 and the total amount of money stolen has likewise risen. There were 1.4 million fewer fraud victims in 2019 than in 2018, for example, but the total cost of these incidents rose by $2.2 billion.”
Since there’s no putting the P2P genie back in the bottle, it’s up to financial institutions (FIs) to protect legitimate account holders. “One of the challenges of P2P technology is the immediacy of the payment. While that may seem to be a benefit for consumers, it can be a double-edged sword,” Yuval Marco, general manager of fraud and authentication at NICE Actimize told PYMNTS. “This immediacy means that, once initiated, the payments are virtually irrevocable. We are seeing fraudsters use P2P payment services as the final steps in larger, more traditional fraud attacks — such as check fraud [and] social engineering. … Therefore, as payments services evolve to meet customer demand, so must a financial service organization’s fraud controls.
Real-Time, Cross-Channel Fraud Controls
For many organizations, integrating appropriate P2P fraud defenses means overcoming legacy system deficiencies, or a “Frankenstein” patchwork of disparate tools working in silos.
P2P platforms need to up their security game and make the job of securing P2P transactions easier on all stakeholders. “One of the most effective tools that apps can deploy against [P2P fraud] is MFA, which requires users to enter secondary validation measures — such as emailed security codes or biometric fingerprint scans — in addition to their passwords,” per the Playbook. “These authentication methods can stop potential bad actors cold, making the passwords they steal from data breaches useless on their own. Studies have found that using MFA can prevent more than 99.9 percent of attacks that utilize stolen credentials.”
“It’s important for [financial service organizations] to a take real-time, cross-channel, cross-payment holistic approach when it comes to their fraud controls,” Marco told PYMNTS. “At Actimize, we use behavioral analytics to detect and prevent fraud across multiple payments products and servicing channels to allow organizations a single view of the customer. Consolidated account and customer-level alerts, cross-channel investigations and robust reporting and query tools reduce false positives and enhance investigations, enabling a frictionless customer experience for the [financial service organization’s] customers.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More