By Bill Trueman CEO of fraud prevention consultancy UKFraud.co.uk
I have always believed that the effective fraud consultant has to have some ability to read the runes – to see how fraud will change over time or where it will evolve to once it has been defeated in a particular area. However, you don’t need to be that much of a fortune teller to see the risks that are facing the mobile payment sector; even though little research has been done into the nature of the threat in this sector, the problems at hand or the likely response of the differing parties.
Thus, UKFraud.co.uk decided to set up a new Special Interest Group (SIG) for the Mobile Payments sector. The new SIG will monitor, analyse and report on key market developments for use by stakeholders in the domestic fraud prevention sector. The SIG consists of leading fraud prevention consultants coupled with representative input from a wide range of mobile payment industry specialists. In its initial review,the SIG will analyse those characteristics and challenges of the mobile payment market that are most likely to encourage fraudsters to target the sector. In particular, the SIG will investigate the factors that could give rise to an increased risk of fraud. Amongst the key market challenges that the SIG will review are:
1 Sheer Scale of Market Growth
The SIG notes the appearance of a number of spectacular recent mobile payment market forecasts. These include a report from Reuters, in March 2013, highlighting a survey by ‘Heavy Reading Mobile Networks Insider’ suggesting: “The mobile payment industry is growing, offering revenue generating solutions throughout the market and potentially… $1 trillion in global transactions by 2015.”
The SIG is also conscious of the global spread of mobile payment, with the explosive growth of m-commerce in the United States, China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) supports this, pointing to global mobile subscriptions now reaching 6 billion. However, in the face of this backdrop of explosive growth, the SIG is concerned that key sector protagonists lack visible preparedness for the likelihood of such large-scale market expansion or the resultant fraud risks that might ensue.
Indeed, the SIG believes from its own analysis of the sector,that only a small proportion of marketers currently have any formal strategy for leveraging and exploiting mobile payments fully. And, whilst there are also other reports that there is a huge need for ‘Mobile SEO’ to spread the news of the latest products to potential consumers, it is the SIG believes, also still a relatively scarce activity. Should this scenario represent reality on the promotional side, then it is also unlikely, the SIG believes, that adequate fraud systems will have been put in place by many of the main players either.
2 The Speed of Technology Advances
The SIG also recognises that the greatest challenge to the development of plans and strategies that align organisations within the mobile payments sector is the sheer speed of technical change. Seemingly, all the main mobile device players are racing to produce the ‘next best thing’ and major forces such as Google with its Wallet and Apple with the Passbook are also having a significant and positive impact with market pundits. The international card schemes also have an influence on the development route(s) as do many other highly innovative and respected third parties including: iZettle, mpowa, and PayPal. However the chances are, says the SIG, that whilst some of the other sector protagonists, regulators and customers could potentially struggle to keep pace with such an enormous rate of change, the fraudster thrives in such fast moving environments and simply ‘adapts’ like an ‘amorphous entity’ to outsmart and outflank the market’s developments.
3 What Are The Customer Perceptions of The Mobile Payments Sector?
Amongst the other contradictions to be reviewed by the SIG are claims by some pundits who point to the relatively modest levels of take up of mobile payment products to date. Whilst some believe that many people are waiting until the next ‘big thing’ appears, others cite the plethora of new products already appearing. Some claim that this consumer reluctance to adopt, is the result of confusion over the number and nomenclature of devices and financial products. Yet others highlight a number of recent high profile data breaches both amongst financial services and social media companies which drive caution amongst consumers. However,it is felt that once a major new standard or solution appears that the dam could break. When the dam breaks, the SIG feels,there is a potential concern that some of the new solutions will be more easily and quickly exploited by fraudsters than those that currently benefit from clear best-practice and consumer guidelines.
4 Can Standards Keep Pace?
Whilst standards would boost consumer confidence, the impact of technology and financial product churn coupled with extreme growth could, the SIG believes, threaten the applicability of many existing standards. Other newer standards might simply not keep pace. There is also, the SIG believes, a myriad of organisations from which such standards can come. This could well cause confusion for consumers and therein delight the fraudsters.
The SIG feels that a widely respected organisation that might potentially take a positive lead in the payments sector is UK Payments (formerly APACS). The SIG will also review other alternatives and analyse which existing standards bodies might develop an effective solution. Well regarded bodies might include: the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA regulation for the mobile sector.The SIG will also review whether widely acclaimed and respected card schemes (such as: Visa / MasterCard etc.) might take a lead as there is potentially a strong interest to capture the market if it grows rapidly.
The SIG feels that potentially mobile payments control could be evolved through an entirely new ‘standard’ that will develop by default and be adopted by others. It is possible, says the SIG, that this could be led by a card organisation, a proprietary payments provider, by an individual bank or a telecoms company. Indeed, the SIG believes that there is every chance that it could result from a collaboration or spin-off of any of the above. Indeed, as things roll-on so fast, this body may not yet exist.
Mobile payments could potentially, the SIG claims, replicate traditional magnetic stripe read transactions; or even replace the later ‘chip read’ transactions. This would cause an evolution in ecommerce transactions through m-commerce, and be the ideal facilitator of NFC contactless payments. In addition, mobile devices could very well become the first choice to be used by merchants as a payment acceptance terminal themselves.
5 Who Owns The Regulation?
The SIG will also review whether a ‘potential standards debacle’ might have a ‘knock-on’ effect upon regulation. The SIG feels that there are so many complications, and so many interested stakeholders, all with conflicting desires to collaborate or compete, that it is hard to know where and how mobile payments will be regulated, let alone who will ‘own’ the regulation.
It will be interesting to see the role governments play. The SIG feels that with the respected EU Cyber directive focussing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments. Turning to the UK, the SIG questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required.
The SIG’s new Chairman Kevin Smith (a former head of fraud management at Visa Europe and now an independent payments, risk and fraud specialist) feels that the review will highlight a need to ‘build fraud prevention in’ at all stages early on. In his inaugural address he noted that, “There will be so much potential change and growth, that it’s not just the technology vendors or financial service providers that are watching the situation closely. Rest assured that a seasoned group of criminals will be looking just as closely, albeit at a different range of opportunities. Only by sharing information and working together at an early stage can the sector start to properly understand the challenges and offer a really effective series of counter-measures. Our aim is hopefully to assimilate and collate a weight of analysis that will prove useful to those stakeholders who are keen to fend off fraudulent activity.”
Kevin makes a good point. In my view, sharing information and collaboration could work at all levels and could even be led by the UK government. Potentially there is a golden opportunity here for the UK to take a lead. Naturally a governmental lead would be preferable. However, some feel that The NFA (National Fraud Authority) and also the Cybercrimes Unit are rather more engaged in defending UK Plc., against attacks than driving commercial standards globally in internationally applicable growth areas such as this. However, they should play a major role here. Some though feel that recently the priority of these bodies has been turned upon the domestic public sector, as this alone is a mammoth area to direct and protect. Hopefully, though, if the mobile payments sector grows as fast as has been suggested, the UK government will then see an opportunity to invest an appropriate amount of money in safeguarding the UK from fraud in the mobile payments sector. In the meantime, we shall work alongside other like-minded groups as a collective approach is certainly one way to ensure that the right information is shared by those in fraud prevention who most need it.
The SIG’s findings will be published later this year.
About UKFraud (www.ukfraud.co.uk)
UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.