A new security roadmap to fight payment frauds

May 28, 2018 | 09:34
(0) user say
The scale of connectivity and the pace of change in technology is transforming payments. The rise of e-commerce and the adoption of EMV chip technology has contributed to a shift in payment fraud from the card-present to the card-not-present channel across the Asia Pacific region and on a global scale, whereas the fraud rate for Vietnam has reportedly been relatively low. Abdul Rahim, senior director of risk services for Visa Southeast Asia, spoke to VIR’s Trang Nguyen about the current development of the payment landscape in Vietnam and the proposed risk initiatives and security roadmap to ensure a safe and sound payment ecosystem for the country.

Can you update us on the current payment and security landscape in Vietnam? Also, in comparison to other markets, how is fraudulent activity performed and controlled here?

a new security roadmap to fight payment frauds
Abdul Rahim

The internet, mobile technology, and rising social networks are having a profound impact on consumers, their habits, and how they behave.

In Vietnam, we are seeing a significant growth in e-commerce transactions. At the same time, fraud has shifted from the card-present channel, the bulk of which is counterfeit (CFT) fraud to the card-not-present (CNP) channel, primarily the e-commerce channel.

From 2014 to 2017, the percentage of CNP fraud in Vietnam has increased from 75 per cent to 83 per cent, and one of the reasons for this is the adoption of EMV chip in the market, which helps to prevent CFT frauds, and as such, frauds have migrated from the CFT to the CNP channel.

Globally, the fraud rate is less than 10 basis points, meaning out of every $100 spent, $0.10 is reported as fraud. For the Vietnamese market, it’s only $0.03 out of every $100 spent. The fraud rate for Vietnam has remained low due to the collective efforts of the Vietnamese government, payment networks, financial institutions, merchants, and law enforcement.

What is the role of Visa as a payment technology firm in helping Vietnam minimise the risk of fraud and ensure security for its customers?

We continue to focus on four data-centric strategies: devaluing data, protecting data, harnessing data, and empowering consumers.

Our best defense is to make data less valuable to cyber criminals. We started the journey with EMV chip technology, which helps mitigate the risk of counterfeit fraud. Tokenisation is another critical technology that helps to devalue data. It replaces the card number with a unique token number and even in cases where the token is stolen, it’ll be useless to the cyber criminals.

Cyber security today is fundamental and we must strenghten our systems against cyber attackers. The payment industry is one of the few industries with data security standards, namely PCI DSS. We must also build resiliency into our systems. Point-to-point encryption is another way to protect data from being compromised. It will ensure data is encrypted and should the encrypted data be stolen, it will be useless to the criminals if they try to perform fraudulent transactions.

As we employ technologies to devalue and protect data, we must also harness the wealth of data available to mitigate and fight fraud. Strategies include machine learning to identify and stop fraudulent activities, and technologies such as biometrics. Version 2.0 of 3-D

Secure, the authentication platform for online transactions, will help to deliver more data between merchants and financial institutions, improve security, and improve the customer experience.

At Visa, we have a risk tool called Visa Advanced Authorisation which enables banks to monitor their customers’

activities. We look at more than 500 data elements to determine the likelihood of fraud and assign a risk score. Using the risk score, the banks can decide what action they want to take in relation to the customer’s transactions.

The fourth pillar is empowering consumers. Our research has shown that the consumer is one of the best and most under-utilised resources in fighting fraud, because they’re in the best position to tell the banks whether a transaction is valid or fraudulent

We’re also collaborating with client banks to implement transaction controls which allow consumers to view and control their accounts in real time through their issuers’ mobile banking app, with no need to call the customer service. For example, with the use of the mobile banking app, they can decide whether to allow their payment card to be used for cross-border or international transactions, e-commerce, and even ATM transactions with the touch of a button.

Our focus is always to ensure that payment transactions are secure, reliable, and convenient – and this focus is critical to maintaining and strengthening consumer trust in every payment transaction. So, we collaborate closely with all stakeholders to maintain the integrity of the payment ecosystem, because ultimately if we don’t, we will lose consumer trust in payments.

a new security roadmap to fight payment frauds
A new security roadmap to fight payment frauds
a new security roadmap to fight payment frauds
While the payment fraud rate is still relatively low in Vietnam, security measures must be taken

What plan does Visa propose for Vietnam as part of its security roadmap for the country?

We’re actually engaging all the stakeholders, such as the issuers and acquirers, on the risk initiatives for the Vietnam market. Firstly, we aim to elevate the fraud management capabilities of banks as well as merchants in Vietnam to ensure that they implement robust fraud detection systems with artificial intelligence or predictive analytics. Secondly, we support the adoption of standards in alignment with global security and acceptance standards such as PCI DSS, EMVCo standards for QR codes, and security standards for innovations such as biometrics. These are the initiatives that we’re looking at this year.

From 2019 onwards, we’re looking at the adoption of 3-D Secure 2.0 across issuers and merchants in Vietnam as well as tokenisation for large Card-on-File (COF) merchants. By 2020 and beyond, we’re looking at transaction controls aimed at empowering consumers in payment security, and continuing with the roll-out of tokenisation at all COF merchants and for all card data held outside of financial institutions.

It seems like frauds and payments will often go hand-in-hand as no matter how advanced payment technologies grow, risks follow and fraudsters will simply develop to that same level. Will fraud always be part of the payment ecosystem and is it all you can do to prevent it rather than completely get rid of it?

We’ve mentioned the importance of maintaining a balance between security and innovation. At Visa, our philosophy is responsible innovation: balancing the necessary security development with speed-to-market, meeting customer demand for convenience, and encouraging innovation without ignoring the obvious risks that engineering shortcuts could have on it. By adopting security by design at the beginning of any product implementation, it’s built in, not an afterthought or a bolt-on feature. For us, security must always keep pace with the speed of innovation and as we innovate our payment products, we must also strengthen and enhance our security controls.

The cyber criminals are well organised and are also actively engaged in the technology transformation, using more sophisticated tools and malware and always looking for weak links. The ecosystem is only as safe as the weakest link and the fraudsters are just waiting to find the one opportunity to commit fraud. So we need to ensure that issuers, acquirers, and merchants strengthen their risk controls.

In security and risk management, there’s no silver bullet. It’s a multi-layered approach to managing risk. It’s similar to how we secure our homes, where we have gates, walls, doors, and security alarms for our safety. And as you can see with our four-pillar security approach, it’s a layered strategy to manage risk and fraud.

Customers who unfortunately fall victim to payment fraud may at the end of the day lose trust in the banks or card issuers. So in these cases, what is Visa doing to help regain their customers’ trust?

Maintaining and strengthening consumer trust is critical to ensuring that consumers continue supporting payments. When it comes to customer trust, it’s a collective effort. Bank are deploying technologies to help manage risk, which include issuing EMV chip cards, rolling out 3DS for authentication of online transactions, implementing transaction alerts on suspicious transactions, implementing transaction control, and deploying robust fraud detection systems.

At Visa, we have various risk and brand protection programmes to manage risk in the payments ecosystem. We have also enhanced our dispute process that allows the banks to process and respond to cardholder disputes better.

Payment security is a responsibility shared amongst all stakeholders. It is critical that we work together to ensure that trust remains the bedrock of digital payments well into the future.

What the stars mean:

★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional