CM July_August 2019

More documents

Recommendations

Info

FRAUD SPECIAL Strong-arm tactics More than £4 billion was stolen as a result of online card fraud last year, but help is at hand. AUTHOR – Adam Bernstein EUROPE has, for some time, been worried about online card fraud. As part of the fight back, from 14 September 2019 a new process known as Strong Customer Authentication (SCA) made under the Revised Directive on Payment Services (PSD2) will be in place which itself came into force in January 2018. SCA is effectively an extra layer of security designed to prevent payment fraud. It ensures that online card transactions become more secure through ‘multi-factor authentication’ – a second check to demonstrate that both the transaction and card holder are genuine. The aim of SCA is to be the ‘chip and pin’ of the online world; and be applied to transactions over a certain value – €30. But while SCA targets the online transaction, Mark Nelsen, Senior Vice President, Risk and Authentication Products at card processor Visa, says that banks and merchants may also need to regularly check that contactless payments are made by the correct cardholder too – by asking for a PIN. “This,” he says, “might occur after a contactless card has been tapped five times in succession, or when €150 has been spent using only contactless taps.” SCA could mean any one of numerous authentication methods such as an online PIN or password, a device that only the cardholder can authenticate – say a smartphone, or a biometric trait such as a fingerprint or facial recognition that is clearly very personal. For some retailers, there are worries that this extra layer of protection will add unnecessary complexity which will irritate customers who subsequently abandon their ‘shopping carts’ part way through the buying process – leading to lost sales. Just as the GDPR revolutionised how data protection is managed and individuals access their information, so SCA is going to change how retail works. WHAT IS PSD2? As the name suggests, PSD2 is an update on the original Payment Services Directive (PSD) that was brought into force in 2007. Its stated goal was for a single market for payments with easier and more efficient cross border payments, so that it mattered not if a payment was made to another within the same member state or to a party in a different member state. PSD2 expands on PSD by permitting third-parties to access an individual’s account information via the ‘Open Banking’ protocol; enhancing consumer rights, especially in relation to currency charges; and enhancing card holder security via SCA. Change was clearly needed as both credit and debit card usage is dramatically on the increase, and with a rising level of card use comes increasing risks of fraud. The European Central Bank, in its Fifth report on card fraud, published September 2018, found that that cards issued within Europe saw fraudulent transactions to the tune of €1.8bn in 2016 and that 73 percent of that sum related to card not present transactions. Not everyone is in favour of SCA. In 2016, card processor Visa argued that the new process would risk disrupting online shopping while not necessarily increasing security. The point is well made from its perspective as its fortune naturally depends on transaction volume. MANDATORY COMPLIANCE Compliance with the new regime is mandatory. If the online trader doesn’t comply then all transactions will be automatically declined by the cardholderʼs bank when they attempt to make a purchase. Further, by not planning ahead and developing authentication processes that offer the least friction to consumers traders could see huge falls in sales as consumers switch off and march with their feet. Considering that, according to Ecommerce Europe in its European Ecommerce Report 2018 Edition, the European business-to-consumer online economy is worth around €602bn in 2018 (up from €307bn in 2013), if only ten percent of consumers – let alone a potential 25 percent that could walk – abandon a transaction because of complexity or irritation then firms stand to lose huge sums. But with new rules comes opportunity – a chance to market themselves to customers as both being secure and trustworthy, as well as having the simplest way possible of complying with the new rules. Of course, consumers want protection, but in today’s modern world, they also want simplicity and they want it now. The rollout won’t be easy. While EU demands compliance, every member state will see different interpretations of PSD2. Whether that’s from the banks, card issuers or central bank, there will be differences. On top of this there is the €30 exemption to take into account. FORWARD PLANNING The first step for any online trader is to set their systems to recognise when transactions need to abide by SCA (i.e. above the €30 threshold) or when they don’t. Further, recurring payments will also be exempt so that needs noting by the system. Allied to this is the option The Recognised Standard / www.cicm.com / July/August 2019 / PAGE 24
Fraud on Tap Fraudsters are targeting new areas but the net is closing in. AUTHOR – Nick Mothershaw for a customer to ‘whitelist’ a business with their card issuer so that future purchases made from that business fall outside of the multi-step authentication regime. That said, some banks won’t permit this and with the sheer number of banks in Europe this may not even be an option for all but the largest of traders. The second step is for a business to consider how SCA is to be operated within its trading platform. Is it to be by text, smartphone, email, biometric trait or other option? Given the size of some firms such as Amazon the options are many. But for the smaller independent a text- or email-based process is likely to be more appropriate. Visa suggests that for transactions that require SCA, a business should have what is known as 3-D Secure 2.0 (3DS) in place to enable them to apply exemptions such as low-risk transaction analysis or perform two-factor authentication when needed. The benefit to traders of 3DS is that it allows issuing banks to verify credit card owners during the transaction process – this means that those firms using this protocol can transfer liability for fraud disputes away from themselves. Lastly, firms need to think about whether they want to implement SCA internally – and so become ‘expert’ – or hire in third-party help to undertake the task. A conversation with a firm’s merchant acquirer would be time well spent. Just as the GDPR revolutionised how data protection is managed and individuals access their information, so SCA is going to change how retail works. IT’S long been the case that if you carried out a straw poll in a busy café in a city or town asking if anyone had been a victim of fraud in the last year, a few hands would go up. The UK’s main conurbations have served as a lucrative hunting ground for fraudsters. The rising popularity of city living means more blocks of apartments where mail is often left in communal mail areas, or simply left lying around. It makes it easy for fraudsters to drop in unnoticed and pick up the letter which contains the credit or debit card they have applied for in a victim’s name. Yet the latest Hunter fraud statistics from Experian show fraudsters are looking beyond those who frequent trendy high street cafes, and turning more attention to those enjoying a drink in the countryside pub. There was a 29.5 percent rise in fraud against well-off homeowners living in the countryside, who either make lengthy commutes to work or have retired. Fraudsters have taken advantage of mailboxes which sit at the end of long driveways, where criminals can operate out of view from the residents. Suburbanites also experienced a rise in fraud, with 7.5 percent more cases against people living in family homes whose children are either older or have flown the nest. Fraudsters have also got older people in their crosshairs – the over 60s saw an 11.5 percent increase in fraud last year, more than any other age group, while people in their 50s were the only other age group to experience a rise in third party fraud. Part of the fraudsters’ logic for targeting out-of-town locations is that the residents of the properties are often wealthier and eligible for higher credit limits, so make for a more profitable mark. Areas commutable to London are being hit – such as Cheshunt in Hertfordshire, Grays in Essex, and Sevenoaks and Gravesend in Kent. FIGHTING BACK At Experian, we uncover a new fraud every 15 seconds. While we’re proud of this number, there’s much more that both individuals and organisations can do to frustrate fraudsters. As a consumer, it’s important to deny fraudsters the physical documents they need to make an application in your name. For people living in blocks with communal mail facilities, that means keeping a keen eye on your post and ensuring it’s not left somewhere where it can easily be picked up. Think carefully if you’re expecting a letter and it doesn’t turn up. It’s also worth considering if your mailbox is accessible from outside. A locked mailbox might block an opportunist, but professional fraudsters will know which type of keys open the locks to the mailboxes you can buy on the high street. If it’s at all possible to have your post drop through the door, or at least somewhere it can be seen from your home, then that’s preferable. Checking your credit report on a regular basis can act as an early warning sign to stop fraudsters from making a string of applications in your name. Take action at the first sign of an account opening you don’t recognise. For people who have been affected, Experian operates a free victims of fraud service which helps people repair the damage done to their credit history by criminals. INVESTING IN TECHNOLOGY Organisations are always on the lookout for innovative new ways to identify fraudulent applications and machine learning is the latest tool at their disposal. It learns from previous incidents, whether an application was found to be fraudulent or not, and adjusts which cases it flags accordingly. As a result, lenders’ fraud teams have a more concentrated set of applications flagged to them for further review, so they can work more efficiently. It also means that applicants are more likely to have a smooth and complete online customer journey, rather than needing to wait for a decision or to ring a lender to provide more information. Trends in fraud change over time, as criminals look to exploit vulnerabilities in the system, or in human behaviour. A combination of consumer vigilance and innovative approaches from lenders is the key to stopping fraudsters in their tracks. Nick Mothershaw is UK&I Director of Identity and Fraud Solutions at Experian. The Recognised Standard / www.cicm.com / July/August 2019 / PAGE 25
Page 1 and 2: CREDIT MANAGEMENT CM JULY / AUGUST
Page 3 and 4: 24 FRAUD SPECIAL ADAM BERNSTEIN NIC
Page 5 and 6: 3 YEARS IN 2018 Portfolio Credit Co
Page 7 and 8: StepChange supports calls to revisi
Page 9 and 10: UK Search claims ‘first’ in Ope
Page 11 and 12: NEWS SPECIAL AUTHOR - Sean Feast FC
Page 13 and 14: INSOLVENCY Deemed consent IPs hold
Page 15 and 16: DO YOUKNOWTHE TRUE IDENTITY OF YOUR
Page 17 and 18: TOWN & COUNTRY INTERVIEW AUTHOR - S
Page 19 and 20: TOWN & COUNTRY INTERVIEW AUTHOR - S
Page 21 and 22: INTERVIEW THE COMPLEAT ANGLER Sean
Page 23: INTERVIEW AUTHOR - Sean Feast FCICM
Page 27 and 28: As the Winners of the Legal Team of
Page 29 and 30: Ramadan Mubarak Algeria’s not a
Page 31 and 32: OPINION AUTHOR - Angelique Assaf Fu
Page 33 and 34: www.cicm.com ‘‘ If you are seri
Page 35 and 36: COUNTRY FOCUS AUTHOR - Adam Bernste
Page 37 and 38: PAYMENT TRENDS Top Five Prompter Pa
Page 39 and 40: Are you making the most of CICM and
Page 41 and 42: The Recognised Standard / www.cicm.
Page 43 and 44: Each of our Corporate Partners is c
Page 45 and 46: CICM TURNER LECTURE 20:20 Vision Th
Page 47 and 48: EDUCATION - CREDIT AND COLLECTIONS
Page 49 and 50: Tailored Summer offer and bespoke o
Page 51 and 52: CICM MEMBER EXCLUSIVE Your CICM lap
Page 53 and 54: BE ONE CLICK AWAY FROM OUR WEBSITE
Page 55 and 56: www.cicm.com ‘‘ Since being a m
Page 57 and 58: presents
Page 59 and 60: BRANCH NEWS Honesty is the best pol
Page 61 and 62: More reasons to be a member Make co
Page 63 and 64: CREDIT CONTROLLER ESTABLISH POLICIE
Page 65 and 66: FOR ADVERTISING INFORMATION OPTIONS
Page 67 and 68: Testimonial We have been regular ad

CM July_August 2019

Create successful ePaper yourself

Delete template?

Save as template?