Tackling fraud In the age of open banking

One example is the real-time payments infrastructure that enables instant payments and instant access to funds for businesses and individuals in the UK. The benefit of this technology is more than the speed at which payments are processed: the network’s high levels of security, stability and resilience engender trust and mean consumers know it will work as expected.

Ensuring the security of the payments that people and businesses make every day is top of our agenda at my own company Vocalink, however, as the industry innovates, so do fraudsters, making it more difficult to track and trace illicit funds — issues that could impact consumer trust if not managed proactively. By using cutting-edge artificial intelligence to combat fraud, we are greatly disrupting organised criminal activity.

In March 2018, Vocalink announced a partnership with NatWest to detect and prevent invoice redirection fraud — where businesses are duped into paying money into a fraudster’s account rather than to their intended supplier — using a state-of-the-art machine learning solution. As of April 2018, the solution, known as Corporate Fraud Insights, had prevented losses of over £7m to business account customers, with individual attacks often worth hundreds of thousands of pounds.

Open to innovation

So, digital technology is certainly playing a key role in helping the financial industry protect its customers from payments-related fraud on existing systems. But in order to support adoption of new propositions, consumer trust will need to be considered from the start.

To see what this looks like in practice, we can look to open banking. This is an industry initiative initially driven by legislation in Europe, and that is quickly being adopted worldwide. PSD2 (the second Payment Services Directive) requires EU banks to allow their customers to securely share their transaction data with approved third parties, and requires banks to allow those third parties to initiate payments from customers’ accounts, subject to customer consent. In doing so, it effectively transfers ownership of account information from the banks to the consumer.

Open banking is designed to increase competition, to make it easier for non-banks to participate, and to encourage greater product and service innovation – all in the interests of benefiting the end user. Early use cases are addressing both consumer and commercial needs. These include bank account aggregation services; personal finance management applications; quicker credit assessments, and payment initiation services designed to streamline the user experience for online payments.

This functionality is not new, as such – players like Mint, Kontomatic, Yodlee and others have been operating services like these for a long time — but the regulation makes it safer and easier to build services by leveraging APIs. Previously, users were required to hand over their internet banking usernames and passwords for each account, then third parties would ‘scrape’ the data off the screens of those accounts. This practice has potential security risks and the results of screen scraping are not always entirely accurate, making it difficult for users to identify transactions. APIs are a much more secure option because they enable applications to access account information and initiate payments without customers having to share their login details. The regulations require more transparency over what the user has and hasn’t signed up to.

Security matters

Despite enthusiasm for these solutions, consumer trust remains an issue. According to research conducted by Crealogix for Financial IT in April 2018, 46% of people are concerned about the security implications of open banking-enabled solutions, including theft and data breaches. When looking to make use of the benefits of open Banking to offer new propositions, any firm – whether brand new or incumbent – will need to build consumer trust. Much of this comes down to ensuring new services work to the high standards consumers demand from finance providers.

Mastercard is working to help firms deliver to these high standards. We are developing infrastructure and services to build trust and facilitate interactions between banks and third parties in the new open banking ecosystem. These include a connectivity platform to make it easier for third parties to access bank APIs, a sophisticated fraud monitoring service to help keep consumers safe against compromised providers, and a centralised dispute resolution service to ensure any issues are managed in a consistent way.

By creating a safe, secure environment in which digital technologies can evolve, we’re helping to build consumer trust in the banking industry — and enabling it to thrive.

This article originally appeared in The Drum Network Finance Supplement. For more information on how to get involved, please contact tehmeena.latif@thedrum.com

Paul Stoddart, CEO, Vocalink, a Mastercard company