Connect with us

Business

How can testing and certification secure trust in biometrics?

Published

on

Stéphanie El Rhomri, Vice President of Services at Fime

 

Biometric authentication offers an innovative way for a user to authenticate themselves. A user’s face, iris, fingerprint or even voice can be used to authenticate a payment. This provides a seamless user experience without compromising on security. However, a successful project requires careful strategic planning and execution to navigate the necessary security and regulatory challenges.

In this blog, which is the latest in our biometrics blog series, I answer some of the key questions on the importance of certification and the role of testing in deploying successful biometric solutions.

Firstly, what role does certification play within the payment ecosystem?

The payment ecosystem brings together many stakeholders including payment service providers, merchants, vendors, payment networks, banks and fintechs. The process of certification acts as a layer of trust between these key players.

Certification should not be thought of as a tick-box exercise, but as a continuous process to ensure compliance with the latest standards and regulatory requirements. Through this, the whole payments ecosystem benefits, as higher levels of regulation increase both security and privacy in payment authentication.

Through certification, vendors can ensure that their products offer a seamless and secure experience. This inspires confidence for the end user, which is an accelerator of product adoption. Crucially, it’s also a way for product vendors to differentiate themselves from their competitors.

What is the importance of applying testing and certification to biometrics?

Testing and certification are fundamental to influencing and supporting the continued evolution of the biometric ecosystem. This is because biometrics, if implemented correctly, can provide robust security and a frictionless user experience. These two factors are seemingly contradictory, as often strong security means a more arduous customer experience. Therefore, striking the delicate balance between them is critical and can give a notable competitive advantage to any payment solution.

However, the biometrics ecosystem is largely fragmented, causing additional challenges for stakeholders. Individual companies and standards organizations are increasingly requiring certification to validate the security and reliability of a solution. Given the variance in requirements between the different international and domestic schemes, developing a product which satisfies multiple standards requires deep expertise and sophisticated testing strategies.

Robust testing and certification protocols ensure that any product meets the latest protections benchmarked against best-in-class solutions. This means that if a solution provider wants to demonstrate the value of its product by achieving certification, it must meet the relevant requirements. By developing biometrics certification initiatives, payment schemes can play a crucial role in advancing the ecosystem by continually pushing providers to improve their solutions and align with ever advancing demands.

Certification is also solving several vendor challenges. For example, it contributes to reducing product time-to-market. This is because when choosing a sensor which is already qualified, product vendors no longer need to go through all the required testing. Additionally, it enables multi-sourcing and the selection of several providers, which is key in the context of the chip shortage.

How are consumer attitudes to biometric payment cards and mobile payments changing?

After over a decade of biometric integration on smartphones, a large number of users are already familiar with using their fingerprint to authenticate themselves. Statista reports that 97% of mobile devices in 2022 worldwide are capable of utilizing biometric authentication. This familiarity translates well to user adoption of biometric payment cards, which will help drive widespread implementation.

However, to make the most of this familiarity, a biometric solution must be secure. If any vulnerabilities can be exploited, it risks a major loss in public trust. Testing can help ensure trust. Harnessing the latest artificial intelligence and machine learning techniques to validate products against the broadest set of use cases, requirements and benchmarks can ensure a solution is tested meticulously. It can be assessed not just against certification conditions, but also against the myriad of variables and attack capabilities that certification does not yet account for.

Likewise, reliability is essential to encourage adoption. Businesses need to ensure that they can provide a consistent payment experience, otherwise they will risk reputational damage. Factors such as light and humidity can influence the performance of biometric solutions. Solutions that address how environmental conditions impact the reliability of biometric solutions allow payment providers to enhance the quality and reliability of their products.

How do you see biometric payment authentication evolving in the next 12 months?

Comparing past certifications to the most recent ones highlights the evolution of testing. This progress has allowed solution providers to produce next generation payment products. As this process continues, more solutions can leverage the unique benefits of biometric authentication. For example, multimodal implementations – where a solution utilizes multiple biometric identifiers – don’t just allow solution providers to give consumers even more ways to authenticate payments. More importantly, they also provide a secure authentication method without sacrificing the user experience.

Biometrics are now a staple of mobile technology, and this trend looks set to expand into the payment card ecosystem. The market is also seeing the introduction of use cases from companies such as Amazon and Alipay, where consumers do not even need to carry their phone or wallet while shopping. As long as consumers have their biometrics registered, they can make purchases. As innovative new use cases expand the reach of this technology, understanding how to securely deploy biometrics is key for solution providers. Standardized testing and certification lay the foundations for this.

The regulations and requirements that govern biometric authentication are constantly evolving in line with the latest technological developments. Comprehensive certification and testing allow developers and OEMs to compare their products against uniform benchmarks. This ensures that they are meeting fundamental requirements that help them retain user trust.

Business

Shutting off mule accounts to effectively tackle APP fraud

Published

on

By

Cleber Martins, Head of Fraud Management for Banking at ACI Worldwide

 

Authorised Push Payment (APP) fraud is on the rise. Losses from this type of fraud are expected to record an average CAGR of 21% from 2021-26 in the UK, US and India. To combat this rising threat, late last year the Payment Systems Regulator (PSR) published new rules for banks and building societies regarding the reporting of APP fraud.

While losses won’t keep pace with the overall growth of real-time payments, banks shouldn’t be complacent regarding the risks. And though it’s true real-time payment channels have created a reality where fraudsters can succeed faster, it is mule accounts that allow them to keep getting away with it.

Fraudsters recruit mule accounts often through identity theft, turning a user’s account into a mule account without their knowledge, or by recruiting and targeting more vulnerable people on social media and other online communication channels. Thereby enabling criminals to hide their identity and quickly move stolen funds beyond the reach of banks and authorities, either through other mule accounts at different banks, or by buying crypto or NFTs. This is why, in order to effectively tackle APP fraud, banks need to shut off these mule accounts once and for all.

Banks battling back

Currently, most banks only tend to check outgoing transactions. This means that when a mule account suddenly receives money from numerous different accounts, following little to no activity, it’s usually not picked up. And this needs to change.

Cleber Martins

When battling back on scams, banks need to have the appropriate Know Your Customer (KYC) standards. Thus allowing them to monitor the money coming in as well as out of customers’ accounts and analyse the user behaviour of those accounts. This all helps banks to monitor for synthetic and stolen identities in relation to the money coming into accounts.

Being able to monitor and analyse all the data in real-time requires machine learning algorithms with rich contextual information. Put simply, these models are only as good as the signals and inputs they have been given. This means the more financial institutions – on both the sending and receiving end of the transaction – collaborate on signal sharing, the better they can target mule accounts. Additionally, more data and more accuracy should also lead to a decrease in the number of false positives and an improved user experience for legitimate customers.

To effectively shut off the supply of mule accounts, better collaboration and data sharing between banks and financial institutions are needed and with the introduction of the new PSR rules, we could see this quickly come to life.

Why receiving banks must be held accountable

There’s currently almost no risk at all for receiving fraudulent transactions into mule accounts, despite hosting the mule accounts used by fraudsters to receive stolen funds. This results in most banks doing little to no monitoring or analysis of the money coming into accounts. And little to no meaningful intelligence being exchanged between the two ends of a transaction. To turn the tide on scammers, this needs to change.

The Payment Systems Regulator (PSR) has said that in addition to putting mandatory reimbursement for most victims of APP scams, liability should be split equally between initiating and receiving banks. Unless the receiving bank can prove it has gone to greater lengths to do it’s checks, in comparison to the initiating bank, resulting in the initiating bank being held more financially liable.

This should incentivise a major shift in how banks monitor fraud activity, by increasing how they monitor the money coming in, in combination with behavioural profiling of the receiving accounts. Ideally, once the two sides of a transaction are working together, a “fraud DNA” can be constructed to enable more precise decision making. One strand of that DNA, in practice, would be the initiating end’s sending an intent for a real-time payment, including intelligence about the initiating account in metadata format. The receiving end would then correlate that with their own, thereby adding the second strand of intelligence to the DNA chain. Finally, a decision would be made as to whether to allow the transaction to be completed.

This increase in collaboration between banks, would symbolise the first step of building a framework that promotes the sharing of insights and could mean the end of mule accounts as reliable tools for fraudsters.

What future collaboration might look like

While banks play an important role, mule accounts are often created on social media, through the telecom industry, via email or even postal mail. Making APP fraud a cross-industry problem. This requires a next-level, cross-industry collaboration strategy, that sees solutions, techniques and intelligence being shared between banks and vendors, merchants, issuers and acquirers, and even with social media companies and telcos.

Ultimately, it’s about ensuring customers are better educated and protected and that banks perfect their monitoring of the money that comes in, as well as out, all while sharing that information. Building a true cross-industry framework will help deprive scammers of access to one of their main conditions for growth. As a result, we should begin to see the value of APP scam losses, as a proportion of the value of real-time transactions, drop.

Continue Reading

Business

Want to increase positive customer purchasing experiences? Let’s talk IVR

Published

on

By

Andy Watts, Senior Account Director, Financial Services, at Odigo

 

For many years, debit and credit cards have reigned supreme, with the latest figures showing that in just the month of August, there were 2.47 billion debit and credit card transactions. While this is unlikely to change any time soon, the way we pay has.

The popularity of paying ‘in person’, using chip and pin, has reduced significantly while paying online has skyrocketed. Nevertheless, during the highs and lows of this journey, making payments over the phone – using interactive voice response (IVR) – has remained.

When it comes to credit, debit and digital payments, the lack of physical cash can sometimes add an abstract layer to the purchasing experience. Resulting in some customers lowering their guard when it comes to financial fraud and risk, and the same goes for Interactive Voice Response (IVR) payments.

To combat this, businesses need to actively ensure their contact centres are internally remaining compliant with security standards when it comes to the data flowing around the contact centre, as well as tackling the external lack of IVR awareness among their customers.

Andy Watts

Fighting fraud from the inside

During the pandemic, the fear of fraud and breaching data security increased, as contact centre agents were required to work remotely. It’s fair to say, remnants of that fear still remain given the increase in spoofing scams, other types of fraud and hacks.

However, hope is far from lost. Different elements of these risks can be mitigated through the Payment Card Industry Data Security Standard (PCI-DSS). This global technological and operational standard aims to drive the adoption of data security standards for safer payments, including IVR payments. Providers that commit to the standard need to get involved in the protection of their customer’s data while it’s in storage, processing and transmission. As well as also regularly testing and monitoring their networks and maintaining a vulnerability management program.

Unsurprisingly, customers want to be assured of accurate, safe transactions and that organisations will follow through on their commitments to goods or services. Contact centres need to continue to adhere to operational standards to ensure compliance and security, and ensure they ramp up education and awareness around the risks of IVR payments. All in an effort to reassure their customers and enable them to have the smoothest and safest customer experience.

Ensuring education from the outside

The contact centre is the epicentre of personal customer data. Contact centre agents regularly pull up and use insights from the data accumulated to amplify customer understanding and add to new data points based on continuous customer interactions. To ensure a continuously high-quality customer purchasing experience, when using IVR payments, an awareness of the importance of data security – by both agent and customer – is crucial.

IVR payments are almost always fully automated for 24/7 self-service and are expertly tailored to suit the customer and business needs. In reality, this translates into customers slowly being guided through a process of intuitive phone menus and additional information to ease any fears of fraud and other anxieties they may have.

Information about the process of IVR payments, how to spot fraud attempts and how to best secure data must be readily available for customers. If this is not already being provided by contact centres, then businesses need to re-evaluate their processes, sooner rather than later. Agents should be actively educating customers and information should be readily available via FAQs pages and chatbot functions.

While IVR payments remain a popular payment method for customers, contact centres need to ensure they are internally operating to the highest security and compliance standard possible. By securing their data in transit and storage whilst simultaneously ensuring ease for agents to utilise the data to continue providing meaningful CX. All of which can reduce customer anxieties around potential fraud and increase awareness around the risks of IVR payments, while delivering high quality and seamless customer purchasing experience.

Continue Reading

Magazine

Trending

Business41 mins ago

Shutting off mule accounts to effectively tackle APP fraud

Cleber Martins, Head of Fraud Management for Banking at ACI Worldwide   Authorised Push Payment (APP) fraud is on the...

Business47 mins ago

Want to increase positive customer purchasing experiences? Let’s talk IVR

Andy Watts, Senior Account Director, Financial Services, at Odigo   For many years, debit and credit cards have reigned supreme,...

Finance1 hour ago

Demonstrating fintech resilience in 2023

Melba Montague, Head of Financial Services, Genpact    Despite ongoing economic turmoil and a slowdown in investment, the UK has...

Banking2 days ago

E-commerce marketplaces have become more than third-party platforms

By Luke Trayfoot, CRO, MANGOPAY   E-commerce marketplaces have become an essential driver of e-commerce growth. As found by Ascential...

News5 days ago

With big tech firms making massive redundancies, could we see a tech bubble burst in 2023?

Rhys Merett, Senior Account Director at PHA Group   Following the pandemic, the return from lockdown triggered an influx of...

Finance5 days ago

How can merchants overcome barriers to payment innovation in 2023

Kevin O’Connell, Chief Product Officer at Trust Payments   The payments sector is going through an exciting change. Consumer expectations...

Banking5 days ago

Banking Technologies To Thrive In The Modern World

By Frank Arellano, Founder and CEO of Revolv3.   According to research by Digital Banking Report 2022, 36% of financial...

Business7 days ago

The trends to expect in the future of work in 2023 through the lens of a CFO

By Eliran Glazer, CFO at monday.com   Not a week goes by without significant evolution in the world of work....

Business1 week ago

How ecommerce businesses can retain customer loyalty during a recession

By Olusegun Akande, founder of Samis & S&T Enterprises As the UK’s recession worsens and consumers continue to feel the pinch caused...

Business1 week ago

Top 5 benefits of low-code development in financial services

By Richard Higginbotham, Product Manager at Netcall   Amid the rise of challenger banks like Monzo and Resolut, traditional financial...

Business1 week ago

The top predictions for the year ahead  

David Rosa, General Manager of Wallets, Disburse and FX at Rapyd   Despite the current global economic landscape, the year...

Finance1 week ago

OUTSMART THE TAXMAN BY MAKING THE MOST OF TAX SEASON

By Rita Cool, certified financial planner at Alexforbes The start of the new year brings ‘tax season’ upon us –...

Business1 week ago

Why using Rules-Based technology should not be dismissed

Dr. Ben Larwood, Chief Architect at Facctum   Over recent years AI has grown hugely in popularity and is seen...

Business1 week ago

Data is the key to unlocking investment for emerging markets

By Devin de Vries, CEO, WhereIsMyTransport   Over the past few years, the rapid economic growth experienced by emerging markets...

Banking1 week ago

Digital banking: A necessity, an option or a risk?

By Jonny Williams, partner, and Emma Radmore, legal director, at law firm Womble Bond Dickinson   Banks are at the...

Business1 week ago

The Role of Software Development in Shaping the FinTech Industry in 2023 and Beyond

Paul Blowers, Commercial Director at Future Processing   As another year passes, now is the time for company leaders to...

Business2 weeks ago

How FS organisations can utilise data to boost customer experience

Charles Southwood, Regional VP and GM – Northern Europe and Africa at Denodo We’ve all heard the age-old adage “the customer...

Business2 weeks ago

The Evolution of SoftPoS in 2023

By Brad Hyett, CEO of phos Contactless payments and digital wallets have surged in popularity in recent years. Part of...

Banking2 weeks ago

The Importance of Digital Trust in Banking and Finance

By Maeson Maherry, COO at Ascertia   With the rising adoption of eSignatures and the acceleration of digital transformation, trust...

Business2 weeks ago

Taking Financial Services to the Edge

Authored by Pascal Holt, Director of Marketing, Iceotope   Edge computing, cloud, and AI are changing the competitive landscape for...

Trending