Last evening I attended a presentation by Tony Sales, Britain's Greatest Fraudster ("ex", actually - but he is still as sharp as ever). Although he didn't tell anything new in
respect of how online and offline payment fraud is carried out, I could tell from the audience's reaction that several people were gobsmacked with the effortless ease of what Tony demonstrated. Here's the problem: the audience was represented by top security
experts of the top UK banks...
Without going into details, the essence of fraud is the ability to carry out numerous tasks and operations in the victim's name without the victim's knowledge. Just think about that for a second - how would you feel if someone could enter your home and wonder
around at will. Tony made an interesting comment about the phrase "acceptable level of fraud". How can fraud be "acceptable"? Would the bankers who agreed to that find it acceptable if someone visited their homes "just 5%" of the time? I don't think so.
What can be done to reduce fraud in payments? Not such silly things, for example, as multiple security questions: that makes fraudsters laugh - the more banks ask their customers to reveal about themselves online, the greater exposure they cause. That's
not to mention uselessness of such questions as my date of birth or the last three digits of my mobile phone number (the latter, for example, is on my business cards).
The simplest effective measure, readily available in 2013, is multi-channel confirmation of every ID-related action. Email and mobile are the most obvious channels. Neither is infallible, but diverting calls and SMS selectively is not trivial. Layering voice
biometrics on top of the mobile channel, for example, would make the system hard to beat even for a determined professional fraudster. We don't change our addresses and apply for loans on a regular basis. Hence, a phone call to check that it was you who authorized
the change or made an application will not be a nuisance.
Why hasn't that been done yet?
One of the senior IT directors yesterday said that the banks these days resemble huge rusty oil tankers - it take an enormous amount of effort and form filling (which very few people within the banks are willing to do) to change the course even by one degree.
Detours, zig-zags and "following the wind" agility are simply impossible and unthinkable.
Luckily, customers don't need to switch banks to get a better security and user experience: several innovative services will soon allow consumers to enjoy compelling features and benefits by simply linking such services to their existing bank accounts via
It will be the next big thing in finance and payment: keeping money in a safe and trusted "good old" bank and using that money in a convenient and fun ways. New smart wheels on the old rails.