Although advent of chip and PIN in the UK closed one door to fraudsters, the simultaneous boom in e-commerce opened another. Consumer-facing businesses need to view security as an essential and inherent part of their products and services says David Poole, business development director at myPINpad
Today, we are doing more and more with our mobiles. Banking, making payments and retail shopping are just a few of the activities that, in the past, we would have had to go to the high street to do.
Now, in the digital age, and with the increasing dominance and capability of our mobile devices, we are able to do all these things wherever we are.
While this has undoubtedly improved the user experience for consumers and allowed for greater interaction with such services, it has also resulted in massive amounts of consumer data being shared over the internet.
Organisations in the banking, financial services and retail industries, particularly the e-commerce and m-commerce sectors, are storing and transporting significant amounts of consumer data.
This includes highly sensitive information including, financial data and even biometric identifiers.
Organisations are now facing greater challenges of leaving consumers exposed if they do not operate appropriate data-protection measures.
Failure to do this is resulting in greater instances of data breaches, where the consumer data is obtained by hackers and then used to commit fraud.
This has been occurring at an increasing rate in the UK, which has now been labelled as Europe’s capital of fraud.
Fraud losses get higher
Fraud losses in the UK increased by 18% (£88.5m) in 2015. Of this, 75% (£66.7m) is card-not-present fraud, and £42.4m of this came from e-commerce.
The advent of chip and PIN in the UK closed one door to fraudsters, but the simultaneous boom in e-commerce opened another, and criminals grabbed the opportunities available with both hands.
Now, with mobile taking centre stage as the dominant platform for e-commerce, fraudsters are turning their attention to it as never before. Security for mobile commerce has never been more important.
Companies are striving to improve the user experience for consumers in order to increase sales.
They are making it easier for the consumer to buy and make payments, by offering frictionless one-click payments. Yet this has led to concerns that security is being compromised in favour of convenience.
Services such as Amazon Prime and Uber have adopted compelling strategies in consumer convenience and have reaped the rewards; however, their pursuit of one-click payments has increasingly left their customers open to fraud.
We believe that the technology exists that could help reduce many such instances of fraud, but can be de-prioritised in favour of developments that are seen to have a more immediate commercial return.
Consumer-facing businesses need to view security as an essential and inherent part of their products and services, rather than as a secondary consideration. They need to see the long-term value in providing a strong and secure authentication solution that is also convenient for the consumer.
What do the customers want?
It should also be remembered that consumers value security.
With data breaches never far from the headlines, consumers have never been more aware of the necessity of staying safe online and preventing their personal and financial details from falling into the wrong hands.
Earlier this year, we published a report based on consumer research that we had carried out which demonstrated that consumers are actually willing to add a limited amount of friction to transactions to make them secure.
We revealed that 85% of consumers would like to be notified, by text, of a high-value transaction they had carried out, and then authorise it by entering their PIN.
Balancing security and convenience is no easy task, but that does not mean that security needs to be or should be compromised.
Equally, our own research has shown that consumers want a balanced approach of convenience and security.
The European Union’s upcoming Second Payment Services Directive (PSD2) is a step in the right direction.
It requires payment service providers (PSPs) to apply ‘strong customer authentication’ (multi-factor authentication) when payers initiate ‘an electronic payment transaction’.
If we are to fight fraud, all the entities involved in the process need to play a part.
Consumers need to be more aware of the risks of fraud, and empowered to know how to better protect themselves.
Companies need to place greater emphasis on security and proactively take action against fraudsters.
The fintech industry also needs to play an active role, creating solutions that can seamlessly integrate with the current infrastructure. This means working with existing entities, rather than disrupting the current market.
It needs to be a collaborative effort, working with all parties and not picking out one particular area of the process as responsible for the fraudulent conduct.