As a security provider focused solely on fraud detection and prevention, Easy Solutions has a unique perspective on fraud as it occurs around the world. Trends like the adoption of digital payment services and mobile device use vary by geography, and have a direct influence on fraud. Here are five trends we are watching as it relates to fraud in Europe, that will likely impact the landscape in both the short- and long-term.
• Europe’s adoption of EMV technology – Europe is no stranger to EMV. France was the first country to use the chip technology standard for payment in 1992. Thanks to EMV’s wide adoption, there has been a significant decline in credit card fraud in Europe.
• The lagging adoption of EMV in the United States – In countries where EMV technology is not yet widely adopted, as in the U.S., EMV cards are scanned using traditional readers and used with the signature. When used in this manner, EMV cards are as susceptible to fraud as magnetic strip cards. So while credit card fraud has declined in Europe, overseas fraud has increased. In fact, according to the Financial Fraud Action UK, fraud committed abroad on UK-issued cards increased 20% in 2013 over 2012. The implication of this is that even with EMV technology in place, European banks are still a target for credit card skimming, because the card data stolen is sold for use in the various countries where EMV is not yet implemented.
• Faster Payments – Thanks to Faster Payments, mandated in 2008, the time required to transfer one-time payments has decreased from days to minutes. Customers can transfer up to £100,000 (depending on their bank) in nearly real-time. Last year £771B was paid under the program, significant growth from the £109B that was transacted in its first full year. The advantage to the consumer is clear, while the risk to the financial institution is increased due to the small time-window they have to analyze the transaction for fraudulent behavior. Because of this, a plethora of controls were put in place at the time Faster Payments was mandated. The challenge is that those technologies were written a relative long time ago, so more advance techniques, such as using social media to infiltrate bank systems, are likely to remain unaddressed. In addition, a revision to the Faster Payments program addressing quicker Internet and phone banking payments became standard from 1 January 2012, enabling many consumers to pay their tax and credit card bills on a same-day basis across the European Union.
• The adoption of new Mobile Payment schemes. Banks and other organizations are introducing many new mobile-based payment schemes and the UK and other European countries are investing heavily in new mobile payment approaches. PayM, Zapp, Monitise and others are all creating numerous different approaches to provide lower-value instant payments mechanisms using mobile devices. This creates new challenges for financial institutions and new opportunities for fraudster to exploit the technology. It is generally accepted that currently, the mobile platform is more secure than traditional PCs. Currently the general threats to mobile devices are around the loss of SMS, contact information and photos. Security on the devices can often be ensured by the users having the latest OS or applications on the phones. However fraudsters are also trying innovative approaches in their attacks such as creating fake mobile banking apps and luring their targets to download them instead of legitimate ones. This is particularly an issue with rooted phones, or those that have been allowed to side-load applications, bypassing the App Stores validation process.
• New regulatory requirements – If adopted, the scope of the Payment Services Directive II and Regulation on Interchange Fees will be broadened to include third-party providers that allow consumers and e-retailers to use “simple and cheap means of payment such as online credit transfers.” It would also oblige members to "establish a framework with appropriate mitigation measures and control mechanisms to manage the operational risks, including security risks, related to the payment services they provide" and inform regulators without undue delay where they experience a "major operational incident", such as a security incident. Financial institutions need to be aware of these changes and be prepared to comply.
The adoption of new payment services and regulatory requirements in Europe creates a unique landscape for fraud attempts. Financial institutions need to be aware of these trends and partner with providers that can advise them on the best course of action.