Indian Banking sector detected frauds worth more than the Rs 71,000 crore recapitalisation package planned by the government.
The payments industry is evolving, and so are consumer spending habits and expectations. On one hand POS credit transactions grew by 29.8% y-o-y, while debit card swipes increased by 14.4%, taking market share from cash payments. On the other hand, UPI transactions continued to witness increasing merchant acceptance and crossed 100 million users, allowing the e-payments ecosystem to thrive.
In that sense, 2019 has been yet another significant year for the payments industry in India and the pace of evolution here has gone into overdrive. And it is expected to only get faster. This makes it critical for payments companies, banks and other players in the space to anticipate what’s next—now.
Unfortunately, fraudsters have also been keeping pace with these developments, constantly in search of weaknesses to exploit. The latest RBI report quoted that the banking system in India detected frauds worth Rs 71,500 crore in the financial year 2018-19.
To put this into context, this is slightly more than the Rs 71,000 crore recapitalisation package planned by the government to revive the health of the public sector banks! Hence, it is essential for banks – and all the parties involved in the payments ecosystem – to constantly adapt to emerging fraud threats.Here are some of the emerging threats – and key fraud prevention mechanisms to combat them – that we foresee gaining traction in 2020:
- User behaviour analytics (UBA): While yesterday’s security concepts used rules and signatures to prevent “unwanted” occurrences, increasing digitization in payments will lead the industry to rely more on User Behaviour Analytics (UBA) to detect increasingly sophisticated attacks. With UBA, banks and payment companies will assess user behaviour; whether it’s a swipe on the phone, a wiggle of the mouse or a tap on the keyboard, making it quicker and easier to detect unusual or suspicious behaviour. Going beyond static machine learning, adaptive behavioural analytics are extremely proficient and will be better at differentiating between actual fraud, and activities that appear suspicious but are ultimately genuine.
- For example, if a user logs into his or her account at an irregular rate or suddenly begins adding priority shipping to high-priced orders, the system will detect this irregularity and immediately raise a red flag. However, if a user simply purchases an expensive gift, or books travel arrangements during the festive season—behaviours that coincide with seasonal activity—the system will recognize and differentiate the fraudulent from the legitimate accordingly.
- Democratized machine learning: With ‘democratized’ machine learning, what we mean is that financial crime risk managers, with specific subject matter expertise, are equipped with machine learning modelling tools that they can build, test and deploy on their own – without extensive help from tech experts. This will give them better understanding and more power to explain their choice of features, use of model scores and the actions taken to their management, auditors and regulators. This more democratized approach to machine learning will make it easier to not only address specific threats but to show ROI – one of the biggest reasons why this trend will emerge strongly.
- Centralized payments intelligence hub: With real-time payments, the window for fraud prevention is much shorter and the ability to recover a fraudulent payment is much lower. Traditional rules-only systems are great at detecting known threats but can’t uncover new criminal fraud strategies or zero-day attacks, which puts customers at risk. Hence, 2020 will see more interest among banks for shared intelligence (features and signals vs. data) for increased accuracy of fraud detection and prevention. In fact, The Reserve Bank of India (RBI), in August this year proposed to set up a central payment fraud registry with an intention to monitor digital payment frauds in real-time – a move that has been lauded by the industry. A common repository will definitely help banks work together rather than in silos when it comes to dealing with frauds, especially where the money is siphoned off across various bank accounts in different geographies. Furthermore, the trends and patterns from the repository will also be used to improve banks’ analytics engines and help in predicting future frauds.
- Rise of application fraud: Across the world, identity scans are largely broken, meaning that synthetic IDs and pure identity theft will continue to increase next year, especially as banks and credit grantors continue to neglect reporting these losses or lose them in credit losses. This could be further fuelled by attacks on central infrastructures that manage digital identities and other important information, for example attacks on Aadhaar data and similar breaches.
- Card-not-present (CNP) fraud: CNP fraud is done by obtaining details of a credit card holder like billing address, account number, three-digit security code and expiry date of the card. Credit card holders are generally fooled through mediums like online phishing, but both customers and merchants suffer when card-not present fraud occurs. In the recent past, after the mandate of two-factor authentication from RBI, the number of such ‘card-less’ or ‘card not present’ transactions have marginally gone down. However, due to the rise in SIM swaps and skimming, the percentage of such frauds could potentially rocket. These types of attacks will compel businesses to look beyond traditional endpoint security solutions if they are going to effectively combat evolving threats.
Cybersecurity and digital payment fraud cases are a critical concern when it comes to digitization of payments, and banks and other players in the ecosystem will have to take the right steps to mitigate them. Investments in next-level authentication methods, behavioural biometrics, multi-factor authentication, and real-time monitoring of frauds are some of the tools that will come to the fore in 2020 and can be leveraged to reduce frauds and continue to instil in consumers’ confidence in digital payments.The author is Principal Fraud Consultant, Middle East and South Asia, ACI Worldwide.