Article

• Nov 16 2022

Security and fraud in payments

5 min read

Fraudsters might look at the direction of travel in payments and start to feel optimistic. After all, there’s a lot more ‘surface area’ to attack than there once was, and there’s a lot more coming. New and unfamiliar technology means businesses and consumers are less likely to fully appreciate the security threats and know the best practice, and that can mean a cyber crime feeding frenzy.

However, the truth is that it’s not a good time to be a payments criminal. Payment security technology is shutting off avenues for breaches and scams, more consumers are digital natives and inherently more security savvy, and an increasing proportion of payment types are inhospitable to fraud.

Here are the latest developments toward the future of payment security.

Multifactor Authentication

For a period, any two-factor or multi-factor authentication was an irritation and an inconvenience. First, there’d be the step of typing in a password, then waiting for a verification text message or email (which probably went into the spam folder), then either remembering or copying a code and putting that into a checkout. Now, with the abilities of consumer technology,a shopper can just look at their phone, or touch the screen, and the device knows it’s in the hands of the rightful owner. If there needs to be another layer of security, a PIN is easy to remember and input. That’s not only more convenient than a traditional password, but it’s also close to invulnerable from a security perspective.

That said, nothing is perfect, and complacency is the last approach any business should take with security. So, the bar is at a very high level — shoppers are now used to phenomenally easy verification, and incredible security. The challenge then is

a) not to undermine that by allowing cyber threats to catch up

b) to continue competing for more secure, more convenient verification

Criminals and your peers have every incentive to compete with you on both of those points — the authentication race is far from run.

Surface Area

As the ‘architecture’ of payments expands, so does the number of vulnerable points. More devices carry payment functionality, and even more will be joining them. Wearables are the perfect example. As the name suggests, that’s technology that consumers wear, rather than carry. Typically it would be a watch, but other jewellery like rings are prime candidates. Between 2017 and 2020, the number of payments using wearables increased by 365%.

Crucially, those wearable devices are going to be linked to other devices, at least by a payment account, but probably by an Apple or a Google account as well, and increasingly by the internet of things (IoT). That interconnectedness is a huge temptation for a cyber criminal, because once you’ve infiltrated a highly connected account or a device, there’s a route to many more.

It might start with wearables, but there’s no chance payment tech stops there. There’s no reason why a consumer couldn’t take their self-driving car to a shopping mall, have it park itself, let it pay for its own parking, and then also have it also pay for the shopping that the owner brings back.

With an explosion in the number of IoT devices comes data in volumes that the mind might struggle to comprehend. By 2025 we’re expecting IoT devices to generate 73.1 zettabytes (73.1 trillion gigabytes) of data. That surface area is astonishing, and defending it will be a never-ending challenge. What’s more, defending it while maintaining a smooth and uninterrupted customer experience will add several layers of complexity to the project.

AI and Payment Approvals

On the topic of complexity and customer experience, AI has a huge and growing role in payments and checkouts. Improvements in machine learning mean faster and more accurate assessments of risk. They also mean a reduction in ‘false positives’, when the system deems legitimate transactions to be suspicious — those mistakes cost businesses 3% of their revenue per year, as well as costing loyalty and reputation.

Online sellers lose 70% of the visitors who reach the checkout, so to alienate those who attempt to complete a purchase is disastrous. There will continue to be a fierce battle for businesses and security providers to offer the checkout that’s the most secure while also being the most friction-free.

Streamlining and protecting your payment process

To complete the triangle of security — consumer friendliness, robustness, and cost-effectiveness — is perhaps easier than it’s ever been, but that doesn’t mean it is easy. It’s an aspiration that every consumer-facing business shares, and as such the talent who can make it happen are in extreme demand.

RPI’s payments and technology heritage is unmatched, and those deep roots are what allow us to find the leaders, visionaries, and technicians who drive the innovation you need to keep your business at the cutting edge.

Get in touch today through people@rpint.com.

RPI provides access to the top leadership and technology talent globally