Fintech's security gaps threaten its challenge to traditional payments

Register now

Traditional financial institutions have become increasingly challenged by fintechs that are changing the way consumers think about financial services and jockeying for a larger share of the market.

To be both secure and deliver a frictionless experience, fintechs must be able to establish when payment behaviors are legitimate and detect anomalies that are indicative of suspicious activity.

This is possible using real-time adaptive behavioral analytics of customer interactions. This includes transaction-specific data such as frequency of transactions, average dollar amount spent per transaction. It also includes or nontransactional data such as IP address from which an account balance is checked, the time of day a login occurs.
Individually, these factors can be weighed so that collectively, they provide a customer-specific behavioral profile that serves as a benchmark for detecting anomalies in real time.

As the richness of the information increases, so does the accuracy of the model’s ability to identify if the transaction should proceed or be stopped. This level of fraud detection minimizes fraud costs and increases revenue by increasing the total number of genuine transactions that are processed, while meeting consumers’ expectation for a friction-free interaction that offers real-time fraud detection.

If fintechs can prove effective at overcoming fraud challenges as they scale their customer base, they’ll be able to better capitalize on their unique position of operating independent of legacy platforms as they create a more financially connected consumer experience.

There are plenty of fintech players making substantial moves. We've seen TransferWise’s partnership with Barclays in Europe and Wells Fargo in the U.S. to pilot a cross-border Mastercard debit card allows customers to withdraw funds in more than 30 countries’ respective currencies.

Also, PayPal’s recent acquisitions (iZettle, Jetlore and Hyperwallet)to expand its integrated payments access to millions of new consumers, digital merchants and hundreds of thousands of physical retailers around the world; and Revolut’s filing of an application for a banking license in the U.S. and Europe.

Other nonbanks are trying to take a bigger seat at the financial services, such as Square, Varo Money (a mobile-only bank) and SoFi (an online lending company). And Starling (a U.K.-based mobile-only bank) and Chime (an app-only bank out of San Francisco) are integrating more human-to-human capabilities.

More broadly, the influx of these new companies follows the trend of meeting consumers’ ever-rising expectation of convenience, as exemplified by the explosion of ridesharing and mobility services (Uber, Lyft, Bird, Lime), store-to-door delivery (Instacart, AmazonFresh, Shipt) and apps that facilitate instant money transfers and availability. Zelle, for example, is expected to grow more than 73% this year and finally overtake Venmo as the leading P2P platform.

The relationship dynamic between consumers and financial institutions is undoubtedly changing. A recent Bain & Co. survey found that 73% of consumers aged 18-34 would try banking with a technology firm, and PwC estimates 28% of traditional banking and payments business will go to fintech by 2020. As the global payments landscape becomes more ubiquitous, a power shift is on the horizon.

For the time being, traditional banks’ dominance of the market remains, nearly 70% of deposits are currently held by the top 20 U.S. banks, and before fintechs can truly assume the scale of the incumbents, they’ll need to demonstrate the same compliance and risk competencies as their well-established counterparts, with fraud controls being one of the most consequential.

This year, card-not-present losses are expected to double from just four years ago, and in 2017, a reported 2.6 billion records were stolen, lost or exposed, which is an 88% increase from the previous year).

A significant factor in minimizing fraud is protecting consumer data and there are initiatives that seek to achieve this. In Europe, the General Data Protection Regulation (GDPR) ramped up data processor and data controller accountability when handling European consumer information, imposing much higher fines for breaches and improper oversight; while the revised Payment Service Directive (PSD2) intends to harmonize online and digital payments and provide consumers with more control of their financial information.

In the U.S., the Treasury Department is expected to announce its decision on issuing special- purpose national bank charters to nondepository fintechs, effectively placing them under similar regulatory scrutiny as financial institutions. The effectiveness of these measures is improved by various layers of authentication and security checks; however, the controls intended to protect data don’t mix well with consumers’ expectations for convenience.

For reprint and licensing requests for this article, click here.
Digital payments Fintech Payment processing Security risk Data breaches ISO and agent