It seems almost every other day there is a new innovation in payments, but do these innovations always lead to a great outcome? Sure, they may offer great flexibility to the end user, but in many instances it can open up a whole new 'attack surface' for the fraudsters. In this post to the IR-Podcast, John Dunne, Chief Solutions Officer at IR discusses the dark side of innovation and the potential threats to be aware of.
Scott: We all know that technology is always expanding with new innovations unveiled seemingly every day. But what are the downsides of endless innovation? Here to discuss that is John Dunne, Vice President of Products with IR. John, is there a dark side to innovation?
John: You know, there definitely is a dark side to innovation, and there's people always out there innovating ways to defraud you and steal your money. And, just as much as we have companies innovating with new products and new ways for you to pay for those, there's definitely people watching that saying, how do I take advantage of this new innovation in a way that I can potentially leverage it in a way people haven't anticipated to defraud you. A common phrase that we talk about when it comes to fraud is what is my attack surface? What are all the angles that someone can attack me from? And, when I innovate in a new way to transfer money, then suddenly I'm expanding my attack surface, and I want to make sure that however I've considered fraud is the first requirement of that new innovation.
Scott: How can businesses keep up in their awareness of potential threats?
John: They want to make sure they stay vigilant across any notifications or industry news in that area. I think the main onus on minimizing fraud comes down to the people who are processing those transactions. And they can start to see much more comprehensive information about where cards are being used and looking for the runs of fraud that may take place. So if I've got the same card being used simultaneously in different locations and someone may have cloned it versus abnormal buying patterns and looking at it at a macro level. It's typically not an individual transaction that's going to be fraudulent, but it's going to be that transaction in the context of the history that's going to raise my flag there.
Scott: So I mean, as an average consumer, we would like to think that the payment processors are up to speed and up to date on the latest threats and things of that nature. Are they? Do you find that they are as prepared, generally speaking, as we might hope they, or as they need to be?
John: I think the profile of how important this is is definitely raised in the last few years. There's definitely a movement in the US towards EMV support towards the end of this year, where chip and pin is going to be mandatory. There's definite fraud first strategies when it comes to innovating, and whether you're Google Wallet or you're Apple Pay, those products are specifically designed to say, okay, how is someone going to take advantage of this in a dark way that's going to cost either the consumer or one of the bank or payment provider in the middle revenue and cause this product not to be adopted? So, I think there is great awareness of the potential, and yet staying ahead of the game there requires continual focus and investment.
Scott: Yeah, and investment. That's what I was sort of getting at. I mean, that would take a significant investment just to keep up. Because you know, innovation is on both sides of the spectrum here, right? And so, I guess that's the question. Is the investment level being reached that's necessary to fight this?
John: And I think one of the challenges that you have here is there's a lot of investment being made to drag forward what is a very old school banking system. And if you look at how a lot of the electronic banking system works, you know, the payments are just a glorified electronic check. And, there's a component that happens in real-time and there's a component that happens in batch processing later in the day or in the evening. And slowly but surely, that whole ecosystem needs to be upgraded to take advantage of all the rich information we have to help fight fraud. And just as an example, you know, the GPS location of where the transaction's taking place. So that can be part of the transactional information, but it's not really a standardized component that's part of the industry standard today. But that would be fantastic for fraud rules to understand geographically where is this transaction taking place, and does that match what we understand to be the geographic location of the payment device, the device that is being used to pay for it, whether it's a card or a smartphone, and incorporating that into fraud rules. So we provide real-time visibility of the transactions taking place. And there's a number of use cases around that, but in essence, whenever anybody wants to do something to innovate or to address fraud in their environment, having real-time visibility of what transactions are happening is a very valuable information stream that you can leverage.
Scott: You can't afford to be complacent when it comes to your company's security. Visit IR.com to learn how Prognosis can help. IR Prognosis, proactive performance management solutions.