Five individuals that are well placed to know, identify that cyber threats will dominate execution and planning in 2019 in this article. This isn’t rocket science. PSD2 demands new privacy and protections, including compliance with Strong Customer Authentication, be put in place by September 13th 2019. As a result, with only minor exceptions, all companies that do business with Europeans have just nine months to implement a compliant login method. This also means that every business that accepts card payments (with minor exceptions) will need to implement 3D Secure 2.0 in that timeframe. Here is what two of the five had to say:
“Mark Gazit, CEO, ThetaRay
The complexity of attacks will continue to grow as criminals increasingly use artificial intelligence (AI) to conduct their schemes.
Banks will receive more fines for money laundering, because they will have a decreased ability to protect themselves. Rogue regimes will also use AI to achieve their cybercrime goals, including election fraud, social media manipulation, money laundering and more.
Perhaps worst of all, AI-enabled money laundering will create a greater flow of money to criminal organisations to finance narcotrafficking, human trafficking and terror attacks.
On the bright side, new advances and AI technology will help financial organisations, critical infrastructure and enterprises to better protect themselves if they choose to deploy such systems.
Russell Robinson, MD – Customer Communications Services, EMEA, FICO
2019 will be a challenging year for payments and compliance. With less than 12 months to go until EU banks implement their Strong Customer Authentication (SCA) solutions, project teams are facing tough decisions about the most important aspect of the business – customers making payments. I meet many banks that are in the process of compiling their requirements and vendor selection, and know some of these final designs are either non-compliant or will create an unacceptable customer experience.
One-time passcodes
Some banks believe they can achieve SCA compliance by relying too heavily on sending one-time passcodes. While this will suit many consumers, based on consumer research across the EU (October 2018), 60% of consumers do not want a one-time passcode by SMS. In addition, 30% of consumers said in a recent survey that they would complain if they are unable to select their preferred channel to enable SCA — for example, not with an SMS.
The industry is making moves to prepare customers for SCA with requests for current contact details. However, we are seeing signs that prescriptive demands to enable future user access are not being well received. That is evident by the John Lewis article in the Guardian and comments from readers. It is well worth reading some of these comments, if you are in any way involved with SCA.
My prediction is that many banks are going to implement point solutions to achieve compliance, and the programme managers that executed this will move on. Due to these point solutions not meeting consumer acceptance, lack of up-to-date contact details, meeting regulations and many other issues, there will be a significant number of complaints, unacceptable fraud false-positive rates, and consumer payments not completed to a level we have not seen before.
If this happens, the people who inherit the SCA programmes of 2019 are going to have their work cut out unpicking this stuff and looking to replace them with a platform approach to SCA. They will need to enable SCA extensibility and rapid integration to new authentication use cases and channels as consumer demands require or novel fraud attacks appear in the new environment.
On a related point, many banks understand phone device profiling, and SIM-swap or call-forwarding solutions are essential. However, many are expecting that SIM-swap services offered by MNOs will have evolved before SCA implementation. I believe this will be true for some MNOs, but suspect alignment will not be in place across all UK MNOs in 2019. Therefore, banks need to plan better around how they secure the SMS channel, and deal with the higher false-positive ratio using traditional methods.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
