The payments journey, and landscape, is an ever evolving one, but one thing is certain: fraudsters will try to exploit any vulnerability they can to access money and data that isn’t theirs.
“It is an adversarial problem. You counter, and then they counter,” Wendy Roberts, senior vice president, risk management and data and analytics at Trustly, told PYMNTS.
With the rapid pace of technological advancements and the increasing prevalence of fraud, protecting against illicit activities remain a significant priority across the payment industry.
“Generally speaking, becoming more stringent and making sure that one adheres to the regulatory requirements of whatever form of business you’re in is quite important,” Roberts said.
Identity theft, account takeover, card-not-present fraud and friendly fraud are some of the common forms of fraud that have evolved alongside the advancements in payment methods and payment technologies. Consumer expectations and the demand for seamless, convenient and personalized payment experiences also contribute to the complexity of risk management.
“You’re trying to trade-off friction and other security measures with giving people a really good user experience that keeps them coming back,” Roberts said.
She emphasized the importance of adapting to fraudsters’ techniques and employing strong authentication and risk management systems to combat fraud, noting the role of open banking and artificial intelligence (AI) in mitigating risks.
Open banking in particular leverages strong authentication and offers a robust risk management system, thereby both enhancing and securing the user experience, Roberts said.
See also: Consumers Like Open Banking Features, Now Banks and FinTechs Need to Deliver
As the payment journey continues to transform, staying ahead of evolving risks and leveraging innovative solutions will be crucial for ensuring the security and success of payment systems.
Roberts emphasized several best practices for effectively controlling payment risks.
Implementing multifactor authentication and biometric authentication to enhance security during transactions is one way of managing risk, she said, as is the growing utilization of machine learning, AI and behavioral analytics to detect anomalies and patterns indicative of fraudulent activities.
“The race toward digitalization of payments is actually kind of amazing … and sophisticated detection rules to analyze large volume of data in real time and identify fraudulent patterns has become table stakes if you want to participate in payments,” Roberts added.
She also stressed the importance of education and awareness for both consumers and employees to combat phishing scams, social engineering attacks and other behaviorally driven fraudulent schemes, emphasizing that engaging with consortiums and third-party providers is also crucial for additional support in risk mitigation.
Above all, Roberts said risk management is an ongoing process that requires regular monitoring, review and updates — including the need for business continuity planning and risk assessment to identify and mitigate risks.
When performing a self-assessment for risk management, it’s crucial to clearly outline the scope and objectives of the risk assessment, identifying processes, systems and workflows to evaluate; as well as to identify stakeholders from various departments, including risk, technology, compliance, security, legal and finance.
Once that has taken place, Roberts said, the next step is to map out payment processes and workflows, identifying key touchpoints, data flows and dependencies, and identify vulnerabilities associated with each step in the payment process, covering cybersecurity, fraud, compliance and operational issues.
See also: Trustly Integrates MX Data Enhancement Services Into Open Banking Products
The payment landscape has transformed with the digitization of payments and the adoption of advanced technologies, and Roberts highlighted the ability of AI to analyze large volumes of data in real time, detect anomalies and identify fraudulent patterns. She also mentioned the potential of quantum computing in the future, which could further enhance the power of AI in risk management.
“It’s one thing to approve a $50 transaction, it’s another thing to approve a $5,000 transaction. AI can help with that predictive risk assessment and exposure control,” Roberts said. “And quantum computing, which has the ability to perform computational assessments at an exponentially higher rate than we do today, can make the power of AI even more impactful across risk management … I’m looking forward to seeing how that develops.”
But as AI becomes more prevalent in risk management, data security becomes a rising risk factor. Roberts emphasized the need for companies to implement best practices for data security, especially when storing payment credentials and personally identifiable information, noting that open banking provides a secure alternative that eliminates the need for merchants to store sensitive data on their own.