An audience member stood up to ask a question of the opening panel of the PowerCARD User Conference organised by HPS in Marrakesh last week. The panel, which featured Abdeslam Alaoui Smaili, CEO of HPS, and Jeroen Holscher, head of global payments practice, Capgemini, focused on new trends in the payments arena.
The talk touched on everything from consistent and secure customer experience, the impact of “Generation Glass” (those under the age of 18) to cybercrime. The audience member asked a question related to fraud.
“We have user groups on SEPA (Single Euro Payments Area) Credit Transfers, but we don’t have a working group on fraud. Why aren’t the banks collaborating or working together to combat fraud, should the regulator get involved?”
It is a fair question and one that hits at the heart why innovation is so hard for most large incumbent banks to achieve successfully. The default position of most banks is proprietary, insular and risk adverse. For the most part there are very valid reasons for this – regulatory mandate, customer trust, massive global threat from cyber-criminals – all factor into an environment that is closed, but more importantly secure and protected. Banks deal with money – your money – it is taken in as deposits, it is sent out as loans and it is moved around the world as messages that enable payments.
Holscher outlined the evolution of online payments that travelled from 2000 (with online, closed loop payments from the likes of Amazon or PayPal) to 2020 and beyond with a connected and networked world of autonomous vehicles and virtual reality. All of these innovations are aimed at making payments simpler, more efficient and, eventually, almost invisible to the consumer. However, wherever there is money, there will people looking to separate it from its owners. Fraud and crime have found fertile ground in exploiting the holes and vulnerabilities that sometimes occur in the midst of digital transformation.
So, getting back to the audience members question: Why is there a working group on SEPA Credit Transfers, but not fraud? And does the regulator, in whatever country, need to get involved? With cybercrime and cybersecurity topping the list of priorities for most banks, it stands to reason that a solution would be to work together to identify patterns of behaviour, coordinate on systems and solutions.
The answers from the panel were mixed. Robust cybersecurity is seen as a competitive advantage at banks, according to HPS’ Smaili, they are loath to share, what is seen as a proprietary solution. However, most cybercrime experts will tell you, fraudster rely on the interconnected network of the financial ecosystem – merchants, card companies, banks, individuals – to exploit vulnerabilities and move money quicker than law enforcement can track it.
Some sort of nudge from a regulator could provide the impetus for banks to start working together to combat a global problem. Holscher, himself, predicted if banks were to work collaboratively to combat fraud, it would have to be market led, rather than a regulatory mandate.
There is evidence that global regulators are experimenting with a “nudge” approach to enable financial ecosystem collaboration. In the UK the Payments Services Regulator responded with consultation paper on a 2016 Which? Super Complaint concerning push payment fraud and how it was acerbated by Faster Payments.
Push Payments fraud is when a consumer is tricked into making a payment, online, that turns out to be fraudulent (for example, purchasing an item that does not exist). When that payment reaches the Faster Payments network, which is meant to resemble the speed and simplicity of a person to person cash payments, that payment is irreversible and effectively gone. The Super Complaint asked what banks were doing to protect, and in some cases, re-reimburse consumers for fraudulent payments.
The PSR found that the way banks worked together to respond to scams needed to improve and the data available on the type and scale of scams was of poor quality.
The PSR agreed a programme of work with Financial Fraud Action UK, which itself works with the UK payments industry to lead a collaborative activity. They urged the banking industry develop clearer data, develop a common approach on responding to reported APP scam and Develop a common understanding of the information that can be shared under current law and identifying any legal barriers to sharing.
All of the above point to a greater need for the sharing of data and strategies to identify patterns and create solution to stop nefarious actors from ever reaching the consumer. Cybercrime and payment fraud are not local issues, they are global, growing and interconnected. The banking and financial services industry itself shouldn’t wait from a mandate from a regulator. As evidenced by the question from the PowerCARD delegate’s question, the industry is asking for more collaboration and less proprietary fragmentation across the board.
This post first appeared in FinTech Futures