The conversation opened with a review of trends they have seen. Both agreed that there has been a significant uptick in payments and identity fraud, especially over last two years, due to the increased online activity during the global pandemic. Ruben noted that digital payments are now approaching $7 trillion annually, a 40% growth in two years. A further trend is the rise of direct attacks on individuals, seeking personally identifiable information that can be subsequently used across a range of scam campaigns over multiple lines of business.

Those using traditional password and validation techniques are particularly vulnerable to these attacks as they are perpetrated over multiple channels including SMS, social media, and the multiplicity of peer-to-peer payment options now available to consumers. John mentioned statistics from Javelin’s “Shifting Angles” report that suggested up to $56BN may have been lost though identify fraud and identity fraud scams in 2020 alone and, alarmingly, that over half of all millennials may have been affected.

It was discussed that the impact transcends the immediate monetary losses that may be suffered. Ruben mentioned that in a survey Capco conducted across retail customers, they determined that the primary reason for clients switching banks was fraud, either to themselves directly or to their host bank, that undermined their confidence in the institution. He also commented on the increase of ransomware and the double-edge complication it causes where release payments, if made, are by definition to a sanctioned recipient and hence fall foul of the regulator. As a result, he noted, commercial and institutional organisations are increasing their focus on fraud and increasingly looking throughout their payments value chain to identify it.

And therein lies many of the challenges. The payment ecosystem has become more complex, both technically and relationally in terms of the number of intermediaries involved, increasing both systemic and entity risk. Validating payment instructions is increasingly difficult, not just because they may be issued on behalf of the customer, or indeed the customer’s customer, but because they are also susceptible to internal fraud where one small change to a valid instruction can render it fraudulent. While initiatives like PSD2 and KYCC seek to address this disintermediation there remains the problem that there are many processing points in the payment lifecycle, particularly fragmented ones, where intrusion can occur and fraud can be perpetrated. So, the big challenge is how do you authenticate a payment instruction?

At the entity level, Ruben advocates bringing the authentication back to the source, if possible, as in retail payments so that the initiator owns the payment. At a systemic level, institutions would ideally eliminate their multiple payment stacks and reduce them to one cohesive pipeline. Where that is not achievable, they agreed that they need to a technology that can collate the data across all the disparate channels and systems and to build their fraud management program from there based on a centralised view of their behaviours.

Central to that exercise is a change of mindset that focuses on defining “good” behaviour and using monitoring and continuous intelligence to confirm that they are being adhered to as opposed to defining static rules that codify “bad” behaviour they seek to trap. The problem with the latter is that they are based largely on supervised learning techniques for detecting specific patterns that, as the fraud evolves, become irrelevant and no longer effective. A better approach is to augment detection with unsupervised learning techniques that help inform the appropriate parameter and configuration changes required to keep abreast of the evolving criminal activity.

That requires not just high-performance processing and analytical capabilities to identify anomalies within microseconds but a significant amount of data for the unsupervised learning that proceeded it. On that front, Ruben closed the conversation with the observation that, with ISO, the payments area has become data-rich so having the right technology and analytics framework means there is great opportunity for efficiently thwarting financial crime.