The session was moderated by Deepa Sinha, VP, payments and financial crime, BAFT. She was joined by Enrico Canna, head of antifraud, Intesa Sanpaolo; Thomas Egner, secretary general, Euro Banking Association; Aravind Narayan, global director, sales strategy and execution, Refinitiv, a LSEG business; and Jenny Winther, head of payment schemes, Svenska Handelsbanken.

Regarding the fraud risks to PaaS, Winther argued that one thing PaaS can do is share the technology and solutions between each other so the industry is prepared for the risks. However, she also argued that this proposes its own set of problems as it may result in each provider behaving the same way, opening everyone up to the same vulnerabilities.

Canna pointed out some of the steps they had been making to improve fraud risks for their customers but also that they have experienced an increase in the sophistication of attacks and in turn, an increase in the number of scams.

Narayan added to this sentiment, stating that, “if you don’t have the right guardrails in place then fraudsters are basically waiting for an opportunity to get in and I think PaaS has probably given that opportunity. PaaS does have controls in place, but the attack vectors have gone up. That’s something we need to be mindful of.”

Sinha asked what measures can be brought in through cyber security to help defend against these attacks. Winther responded that the key is “collaboration. We need broader collaboration. Private and public collaboration. Authorities and financial market players working together.”

On this point of collaboration, Egner emphasised the importance of having standardised language about the issues of fraud and cyber security, he used of the example of phishing and smishing, where often there were different company-specific definitions for these. The aim here is to create unified attack vectors.