Fraudsters are increasingly targeting mobile banking services and that’s a challenge for financial app startups that don’t have long fraud-fighting histories to prove to customers they’re secure, says Nicolas Dinh, chief operating officer of money management and payment app startup STACK. In this month’s AML/KYC Tracker, he discusses how security tools such as liveness detection and remote card controls can help FinTechs overcome customer uncertainty and thwart synthetic ID fraud.
Fraudsters have been increasingly focused on mobile services, with one-third of all fraud attacks worldwide reportedly targeting mobile during the first half of 2018 — a 24 percent year-over-year increase.
Consumers have reason to be concerned, especially when choosing which mobile services to trust with their personal finances, and many may resultantly prefer to use apps from major financial companies with long-established reputations over those from fledgling startups.
Such caution presents a high bar that app-based startups must overcome. So, how can consumers be persuaded to take a chance on these new companies?
Nicolas Dinh, chief operating officer of year-old Canadian financial startup STACK, recently spoke with PYMNTS about the key forms of fraud that nascent mobile financial services firms face and how companies can leverage security technologies and partnerships to gain customers’ trust. STACK’s mobile app provides budget management and spending accounts, among other services.
“Startups like STACK are at a disadvantage by default because we lack the reputational track records of more established institutions and brands,” Dinh said.
Fighting Fraud Visibly and Invisibly
Financial services providers must run tight ships when offering mobile services, and various techniques can help keep them secure. Dinh noted they must be especially wary of the most prevalent attacks, such as fraudsters seeking to take over existing customer accounts or onboard using synthetic IDs — falsified documents created by altering or cobbling together pieces of legitimate IDs. Firms looking to keep legitimate users secure must take many steps that may seem minor by themselves, but combine to offer robust protection, he said.
STACK implements various behind-the-scenes procedures — tokenization, identity verification and automated fraud detection, for example — and provides customer-facing options that give users a sense of control and transparency. These tools include instant transaction notifications as well as capabilities to suspend or freeze cards and generate and use virtual cards when making online payments to previously unfamiliar merchants. Virtual cards are also beneficial because they can be reissued faster than plastic cards in the event of a merchant’s data breach.
“More customer-facing capabilities give [users] peace of mind, [such as] having the ability at any point in time to shut down a card,” Dinh said. “Consumers in general want to be empowered … This is starting to become table stakes.”
Communication is also critical, and Dinh recommended providing in-app, chat-based support as well as publishing notifications to keep customers informed about matters such as maintenance outages.
Partnering With Established Players
Startups can also make customers feel secure by piggybacking on well-known financial companies’ reputations. STACK works with major payment networks that can provide safeguards like zero liability protection, for example, ensuring that cardholders are not on the hook for any fraudulent card charges that issuers or cardholders discover and report.
“To bridge the [reputation] gap initially, [a startup should] partner directly with institutions such as a regulated bank sponsor to help build that initial level of trust with consumers,” Dinh advised.
This approach remains important as the company considers international expansion. Going global requires forming close partnerships with local bank sponsors and regulators to ensure compliance, Dinh explained. Global technology providers are also important, as they can offer insight and support to accelerate and simplify compliance efforts in new markets.
Partnerships with players like Trulioo are helping STACK offer quicker onboarding. Applicants who present low risk for money laundering or fraud are typically processed within two minutes.
Facing Future Fraud
Synthetic IDs are a major threat in today’s digital financial services space, but more advanced attacks are sure to emerge as technology evolves. Companies have deployed liveness checks and other robust measures to help verify identities and combat fraud, and they will have to continue to upgrade their defenses to stay ahead as scams like deepfakes become more prominent, Dinh predicted.
Hackers can use these highly realistic, falsified videos to challenge today’s liveness tests, thus necessitating that companies keep working to improve their toolkits to detect and thwart this and other new types of fraud.
Dinh expects to see increased investments in neural networks, sets of algorithms that mimic the human brain to detect patterns in data, for behavioral fingerprinting. The latter involves assessing devices’ web browsing and navigating behavior for patterns that deviate from the norm and might indicate illicit takeovers.
Fraud in mobile services is a continuously developing issue that deeply affects consumers and businesses. Startups cannot afford to fall behind on security measures as they work to build their user bases.
Robust, cutting-edge security methods — whether through collaborations with major partners, careful processing procedures or powerful technologies — are vital to young companies seeking to earn trust and establish reputations for safeguarding their customers.