It seems as if new payment innovations are unveiled almost every day. There is a rapid rate of change happening, which can at times be difficult to keep up with. Apple Pay, Google Wallet, EMV, NFC – the list, and acronyms, goes on. There is, however, a dark side to these innovations - the people who are always looking for ways to defraud others and steal their money. Every time a company creates new products and payment methods, there are people looking to take advantage by leveraging the system in a way that had not been anticipated.
We commonly discuss the attack surface as it pertains to fraud—what are all the angles that an attacker can use to exploit a system? When we innovate with new ways to transfer money, the attack surface has likely expanded as a result. Therefore, we must consider the potential for fraud as one of the main criteria during the development and implementation of a new innovation.
Businesses can maintain their awareness of potential threats by staying vigilant of notifications and industry news. The main onus on minimizing fraud comes down to the organizations that are processing transactions. They can begin to see a much more comprehensive overview of where cards are being used and use this information to identify runs of fraud that may take place.
For example, if the same card is being used simultaneously in two different locations, it may have been cloned. We are able to identify abnormal buying patterns on a macro level. It is typically not an individual transaction that denotes fraudulent activity—instead, it is the transaction in the context of the person's purchasing history that will raise a flag.
Over the last few years, payment processors have become increasingly aware of the importance of staying updated on current threats. There has been a movement in the US towards EMV support toward the end of 2015, where chip and pin is going to become mandatory. There are new strategies to keep fraud prevention at the forefront of technological innovation. Products such as Google Wallet or Apple Pay are specifically designed to consider the potential dark ways that malicious actors will attempt to exploit the system.
Staying ahead of the game requires continual focus and investment. However, the cost of a potential attack can outweigh simply keeping focused on preventing attacks from occurring in the first place. One of the continuing challenges that the industry faces is the investment in dragging a very old banking system and infrastructure to implement modern solutions. The current electronic banking system, for example, functions very similarly to a glorified electronic check.
Slowly but surely, the whole ecosystem's infrastructure needs to be upgraded to take advantage of the real-time information we have at our disposal for fighting fraud. For example, the GPS location of where a transaction is taking place can be part of the transactional metadata. However, it is not a standardized component in today's industry. By implementing that feature, we would be able to compare the transaction location to the device being used to make the payment (it could be a physical card or smartphone).
Modernization of infrastructure would provide real-time visibility of the transactions that are taking place. There are many use cases for the availability of this information, but this real-time visibility of transactions is one very valuable information stream that could be leveraged for fraud prevention.