- Security TWENTY Home
- Women in Security Awards
Roberto Valerio, CEO of RISK IDENT describes 2017 as an eventful year in online fraud.
Data breaches were ramping up by the week – not by the month anymore – and hit mainstream media headlines as we saw with the leak at Uber towards the end of the year. Meanwhile, companies in Europe (and beyond) have been preparing for the implementation of the General Data Protection Regulation (GDPR). Will the New Year be equally momentous? Here are my predictions for what changes we can expect for 2018, and a look at what new fraud threats will appear:
Consumers and merchants will wise up
Account takeovers are on a rapid rise, thanks partly to so many consumers’ laissez-faire approach to online security. Common errors like “password sharing” – having a single log-in for multiple accounts – and the use of simple passwords such as “123456”, a code still used by about 20 per cent of US citizens, make it all-too-easy for fraudsters to access accounts and take control. To tackle this, there needs to be a joint effort between merchants and their customers to tighten account security and improve vigilance. I think we will see a shift in how consumers identify themselves online in the New Year. There will be a big drop in password sharing, and in using a single email address for retail accounts, as well as the use of stronger passcodes, as consumers begin to fully understand the implications of being lax about account security.
Merchants will also become smarter about security, developing methods to recognize fraud types in advance, in the initial account takeover stage. This is crucial to tackling fraud before it occurs, and can help prevent financial loss by the customer and retailer.
POS fraud will decline
We can expect to see less fraud at the physical point of sale through 2018 and beyond. This is simply because the risk-reward ratio for online fraud is much more attractive now, especially in transactions where the physical touchpoints are removed. For example, electronic gift certificates, as well as digital and online gaming currencies all have vulnerabilities that can be exploited by fraudsters. Merchants will have to take steps to tackle these issues with enhanced security.
Mobile banking will become mainstream
With competition from fleet-footed new FinTechs and challenger banking service providers, we’ll see banks ramp up their mobile offering in 2018. This will, of course, have implications for traditional banks, as they will have to provide the same stringent level of due diligence in terms of security against data leaks and fraud, while also offering the kind of smooth, frictionless user experience their customers will be used to on their other apps.
A key challenge for banks will be to optimize their security and risk management for mobile banking. Many traditional institutions have risk management systems built on manual processes – a hangover from a time when we routinely attended our local bank branch to pay in or withdraw money, or to get loans and other products.
The nature of mobile apps means that banks can no longer work the same way – they need to ensure that the technology behind the app is fully secure, and they must have the right authentication protocols in place at the front end. Security specialists are helping banks to achieve this goal, which is a positive step.
Increase in phone account takeovers
We’re already seeing a spike in smartphone account takeovers in Europe, mainly because of how contracts are structured across the continent, where customers received a subsidized, high-value phone upfront and pay for it monthly. This is attractive to fraudsters who can sign up before quickly selling the phone on, leaving the victim with the contract, collateral damage and no phone. We can expect to see this trend grow in 2018.
Regular phone customers also frequently want to prolong their contracts. Requiring them to sign new contracts creates friction in the process, risking turning customers away, so many telecommunications providers make it very easy for customers to extend their deals without jumping through hoops. This can present an attractive target to a nimble fraudster.
New payments will bring new threats
The payment industry is continuing to fragment and diversify, with new payment methods appearing, and existing ones becoming more or less prominent in individual markets. Some are familiar, like open invoicing, credit cards and PayPal, and some are new, such as the growth of mobile wallets and instant bank transfers. New payment methods, however, will bring new fraud problems, which merchants will need to tackle before offering new options to their customers. Customer unfamiliarity presents an opportunity for fraudsters, so while we’ll still see a majority of fraud targeting card payments, that is going to change. Whatever happens, risk management from a merchant perspective should always be a focus.
Beating fraudsters at their own game in 2018
It is not a question of “winning” against fraud – no one wins – criminals are constantly evolving their approach to circumvent security processes. Instead, it’s a constant effort to stay one step ahead to keep consumers and businesses safe.
To do so, it is imperative that merchants continuously benchmark what they are doing to protect themselves and their customers. Above all, they need to be willing to innovate, introducing new technologies and measures designed to prevent fraud from occurring.
There is no status quo; everyone at risk of fraud needs to improve. Working with experts dedicated to pioneering new standards of data security, merchants can ensure they are doing everything they can to protect themselves against financial crime well into 2018 and beyond.