November 21, 2017
With more and more transactions moving to connected devices, customer behavior has fundamentally changed. There is an expectation of real-time, customized and streamlined experiences across locations, devices, channels and properties. The growth of online transactions has democratized commerce, giving rise to competition from established and emerging disruptive players looking to deliver new solutions, either directly or through partnerships.
New technologies like Blockchain, mobile authentication and the ‘Internet of Things’ (IoT), are creating new ways to pay, or transfer funds between two parties with a digitized end-to-end value chain. The growth of digital banking and FinTech providers has also brought additional scrutiny from regulators who are aiming to increase competition and encourage innovation while maintaining or enhancing security.
Amid the rapidly evolving digital commerce space, many financial institutions still have legacy infrastructure, despite the massive investments in digital transformation. Such infrastructures can expose businesses to increased risk from hacks and vulnerabilities which have further increased regulatory fines and scrutiny.
The Changing Face of Global Payments
As transformations continue to take place within the digital payments landscape, regulators and government agencies around the globe closely monitor and/or influence these developments.
At the same time, the shift to real-time payments in many geographies has highlighted some of the key challenges financial institutions face when it comes to transaction monitoring in this new landscape. Without the safety net of time lags and manual reviews to further investigate high-risk payments, there is far greater emphasis on the ability to detect and block potentially fraudulent behavior in real time, before a payment in processed. Meanwhile fraudsters are inevitably looking to capitalize on this emerging shift; adapting their Malware and capitalizing on the opportunity to move money between mule accounts in real time to avoid detection.
The latest transformation to take shape is in Australia with the New Payments Platform (NPP), which will allow near real-time payments to be made between financial institutions and their customers’ accounts, changing the way Australians transact by essentially turning card payments into cash equivalents due to the speed and accessibility of funds.
With the NPP launch date approaching in the second half of this year, Australia’s payment ecosystem is on track to joining over 30 countries that are either planning to implement or have already implemented real-time payments systems, including Brazil, Japan, Mexico, Sweden, Singapore, and the United Kingdom. As the list of countries putting real-time payments into practice continues to grow, pressure mounts on those without existing or attainable platforms: consumers and businesses expect payments to keep pace with the rapidly changing, digital landscape in which they are living, while still maintaining security.
In Europe, the revised payment service directive (PSD2) regulates payment services and providers, aiming to fuel competition, innovation and transparency across the European payments market, while enhancing the security of digital payments and account access. PSD2 must be incorporated into member states’ national laws and regulations by early next year (2018). This incoming regulation will affect all international financial institutions and FinTechs operating in Europe. Currently financial institutions, FinTechs, and others affected by PSD2 are in the process of altering existing platforms and systems to comply with the new regulation, while also making strategic decisions that will significantly impact the future of their businesses.
In New York, the Department of Labor recently attempted to regulate the methods employers can use to pay their employees, including payroll debit cards. These regulations were challenged by payment solution provider, Global Cash Card, and have since been revoked. In what is viewed by the industry as a huge win for payroll and electronic payments, employers in New York can continue to utilize payroll debit cards which have enabled them to pay employees who do not possess bank accounts, minimize environmental impact by reducing paper usage, and facilitate immediate access to funds.
Introduction to NPP, Australia’s New Payment Platform
In order to maximize economies of scale and address many of the inefficiencies associated with the current payments system, the Reserve Bank of Australia (RBA) encouraged authorized deposit taking institutions (ADIs) to build and fund the NPP, a major industry initiative undertaken by the Australian Payments Clearing Association (APCA) to develop new national, open access infrastructure for Australian payments. The NPP will provide consumers, businesses and government departments with a secure and efficient platform on which to make fast, versatile and data-rich payments to meet the evolving needs of Australia’s digital economy.
Designed, built, and operated by The Society for Worldwide Interbank Financial Telecommunication (SWIFT), the basic infrastructure (BI) includes a network (to connect participants), a switch (to move messages between participants via the network) and an Addressing Service which enables transaction accounts to be identified by a ‘smart’ payment indicator such as an email address, phone number or Australian Business Number (ABN).
The BI will also support various overlays or applications, allowing ADIs to offer payment-related products or services to businesses and consumers, fueling innovation and promoting competition. The first overlay service, the Initial Convenience Service (ICS), will be delivered by bill payment system provider, BPAY. The ICS aims to provide businesses and consumers with a compelling reason to use the BI, creating momentum and driving early transaction volumes. The ICS will enable consumers to send payments from an account at their financial institution to another person or business using simpler payment addresses.
In order to facilitate the settling of payments in real time, the BI will use the Fast Settlement Service (FSS), which is built, owned, and operated by the RBA. The FSS enables all payments made on the NPP to be settled in real time in central bank funds, across each financial institution’s Exchange Settlement Account (ESA).
Key benefits of the initial NPP include:
- Speed – Payments will be settled in about 15 seconds compared to one to three days currently, facilitating real-time tracking
- Availability – Banking hours of operation will become irrelevant, payments can be made and received 24/7, 365 days of the year
- Data Enriched – Quality of remittance information will be expanded from an 18-character limit to up to 280 characters, due to the adoption of ISO 20022 payment messaging standards; there is also the potential to include attachments
- Simple Addressing – Ability to use a simpler alternate identifier, such as an email address, phone number, or ABN compared to the current requirement of a 6-digit Bank State Branch (BSB) code or 9-digit account number
How Will This Affect the Market?
The new infrastructure will make it possible for funds to be accessible almost as soon as payments are received, despite accounts at different financial institutions between payers and payees. Over time new overlay services will be developed which will yield additional features for consumers and new opportunities for ADIs, FinTechs and third-party providers. New ways to send and receive money will emerge, as well as new models, such as cross-bank cooperation.
ADIs will need to ensure that existing systems are able to securely process payments in accordance with the NPP and/or create safer, more efficient ones. Methods will need to be established for immediately resolving mistaken payments as well as assisting in the remediation of resulting disputes. In addition, ADIs will need to make strategic decisions regarding payment or service offerings and may need to consider whether to enhance their customer reporting offerings, provide multiple channel access, and/or deliver value added services to ensure differentiation.
The possibilities in overlay development are endless and such applications will have a direct impact on adoption rates, customer satisfaction, and brand loyalty. Yet innovation in payments may still seek to establish mechanisms aimed at disintermediation of the financial institutions, such as payments outside of RBA regulatory authority, including closed-loop systems (e.g. mobile wallets, loyalty or local marketplace schemes) and digital currencies. We may not see such players participating in the platform, except where entry or exit of value from/to local currency value is executed.
FinTechs and third-party providers seeking access to the NPP will need to do so through existing ADI members. There are opportunities for ADIs and FinTechs to work together to develop services not currently offered by ADIs, but there is also the potential to hamper competition from non-ADI members if a competing solution already exists from an ADI.
Some areas that will emerge presenting opportunity for innovation are:
- Bank payment apps and applications
- Other channel innovation
- Routing of payments, timing of payments, reporting on payments
- Influencing the core message set
- Digital Identity and payments
ADIs are expected to become early adopters of the NPP, even at the expense of displacing their own revenue obtained from other payment methods. However, there will be an increase in revenue resulting from more and more transactions moving to digital (non cash). ADIs that do not adapt quickly and innovatively will risk losing customers to the numerous competitors clamoring to capture a share of this exciting new market.
Australians are one of the most digital populations in the world. A majority of payment activity was once concentrated to two or three payment methods, which have increasingly been displaced by other payment methods that have enjoyed greater popularity. Many recent innovations, such as contactless payments and direct charging, have reflected the shift of payment methods towards technology-centered solutions. The implementation of the NPP will support continued growth towards digitization by further altering consumer behavior. With the NPP, consumers will be able to make payments at the last minute, avoid credit card or ATM fees, and switch ADIs with ease.
The behavior of businesses will change as well. Businesses will be able to take advantage of faster and more efficient reconciliation times, maximize cash flow, and strengthen their working capital. Card payment utilization will decrease and businesses will pay less in surcharges. Also, new marketing opportunities may emerge as businesses strategize about how to take advantage of the robust remittance information passed along the NPP.
Changing Threat Landscape
Connected consumers are driving digital transaction growth. The benefits delivered by the NPP will further increase the pace of innovation. At the same time, there will be elements of risk associated with this massive change. Due to the ease and speed of making and receiving payments, ADIs and businesses will have less time to investigate fraudulent activity or perform manual reviews on high-risk transactions, as fraudsters inevitably attempt to find and exploit weaknesses in the NPP. The burden of mitigating these risks will be placed on ADIs and other stakeholders.
In 2008, when the UK deployed its real-time payments system, Faster Payments Service (FPS), financial institutions were caught off guard by a sudden spike in online banking fraud, which increased 132 percent over the previous year.* The FPS had placed additional strain on banks’ fraud detection systems, which previously relied on time lapses and manual reviews to detect high-risk behavior. In order to process real-time payments and mitigate risk, financial institutions need access to dynamic real-time global data.
With global fraud losses expected to reach $27.7 billion this year,** and fraud tactics growing increasingly more sophisticated, the ability to detect and stop high-risk behavior in real time by leveraging global shared intelligence will become more important than ever in order to minimize potential fraud, particularly as Australia prepares to adopt and embrace the NPP.
ThreatMetrix Solution for Financial Institutions
The Key to Navigating an Uncertain Future
As financial institutions look to build solutions to meet the faster payment requirements, understanding the true digital identity of the transacting consumer in real time will be imperative. Most legacy fraud detection/transaction monitoring systems rely on the lag between the payment execution and receipt to detect fraudulent transactions. With the instant payment guarantee of the NPP and new entrants now becoming a part of the transaction flow, real-time context is going to be more important than ever. Also important will be the ability to understand the relationship between the payee and the sender in real time.
ThreatMetrix capabilities and future roadmap will enable businesses to deliver on the promise of the NPP without impacting their risk tolerance and customer experience. The changes recognize the benefits of risk-based authentication, which has been the cornerstone of digital transformation for financial institutions and retailers worldwide. ThreatMetrix has been working with some of the world’s leading institutions to deliver real-time insights into their user interactions across the customer touch points. The ThreatMetrix approach to risk-based authentication is built on many functions including dynamic digital identity intelligence, behavioral analytics, adaptive policies and rules, as well as multi-factor authentication when needed.
- Global Shared Intelligence: By leveraging dynamic global shared intelligence from the world’s largest Digital Identity Network, the ThreatMetrix solution will deliver instant insights on the transaction and the associated parties. This enables businesses across the globe to achieve a balance between security and convenience across customer touch points.
- Digital Identities: By operationalizing dynamic crowdsourced intelligence from the ThreatMetrix Digital Identity Network, ThreatMetrix maps the ever-changing associations between people and their devices, locations, account credentials, and behavior to form an adaptive, global framework of anonymized user identities used for fighting cybercrime— without compromising privacy. This enables businesses to understand the relationships between the parties involved in the payment flow. ThreatMetrix delivers real-time insights that can help businesses not only make informed decisions on the transaction in question but also enhance their anti-money laundering (AML) capabilities.
- Integrated Strong Customer Authentication (SCA): ThreatMetrix is extending its core technology platform to provide a Strong Authentication Framework wherein the customer’s mobile device becomes the authenticator and the ThreatMetrix SDK becomes the enabler. With a crypto-based PKI certificate, support for push notification and an extended biometric step-up, ThreatMetrix will enable the financial institutions the ability to reach the sender for additional verification ahead of the transaction initiation.
The past five to 10 years have been unprecedented in terms of growth and development in digital payments. ADIs will need to find innovative ways to meet customer expectations by leveraging solutions that will help meet their strategic goals without compromising security, cost, or customer experience.
As Australia begins to roll out the NPP, many will be observing and analyzing its impact on the digital payments space. ADIs, FinTechs, third-party providers, and others navigating this new system will need to build new relationships, create competitive payment solutions, and successfully manage new and existing threats.
About ThreatMetrix Digital Identity Network
The best way to tackle complex, global cybercrime is using the power of a global shared network. The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting businesses to potential fraud. Suspicious behavior can be detected and flagged for manual review or rejection before a transaction is processed.
The Network comprises two key components: Digital Identity Intelligence and a Dynamic Decision Platform.
The Power of Digital Identity Intelligence: Harnessing Dynamic, Crowdsourced Intelligence
ThreatMetrix is unique in its ability to dynamically combine the four key pillars that define digital identity across all device platforms. These can be summarized as:
- Device: Device identification, device health and application integrity.
- Location: Detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser).
- Identity: Incorporating anonymized, non-regulated personal information such as user name, email address and more. Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics.
- Threat: Harnessing point-in-time detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation.
Operationalizing Digital Identity Intelligence Using a Dynamic Decision Platform
The ThreatMetrix Dynamic Decision Platform enables businesses to leverage shared intelligence from The Network to make real-time digital decisions. This is facilitated via the following key functions:
- Integration and Orchestration: Uniting ThreatMetrix intelligence with back-end services and prepackaged/customized third-party services.
- Real-Time Analytics: Leveraging business rules, behavior analytics and machine learning capabilities to identify complex fraud patterns with high accuracy.
- Decision Management: Enabling continuous optimization of authentication and fraud decisions with visualization, data correlation and exception handling.