Payments-as-a-Service (PaaS) providers operate on cloud-based platforms and offer services such as card issuance, cross-border transactions, and e-commerce gateways. PaaS platforms have disrupted the financial industry as non-bank competitors and fintech startups that are offering personalised
and innovative products to consumers.

This is an excerpt from Future of Payments 2023.

PaaS makes payments transactions and processing faster, cheaper, smoother, and more efficient, however, there is also the risk that they can open up platforms to threats of fraud and cybercrime. Monitoring and customer onboarding processes present a concern around security as data is potentially facing greater levels of exposure.

As Alexandre Maymat, head of GTPS at Société Générale remarks: “The challenges payment service providers (PSPs) are facing consist of delivering fast and easy payments options to customers without compromising security and compliance, in a competitive and dynamic market. Technology and innovation play a leading role in allowing PSPs to face these challenges: new solutions such as one click check out, mobile wallets, biometric authentication or contactless cards allow enhanced frictionless and more convenient payment experiences. However, frictionless and instantaneous payments expose higher fraud risk and data breaches, where customer identity or payment information are hacked.”

A crime survey by the UK Government taken over the course of 2021 and 2022, found that fraud makes up for 41% of all crime in England and Wales, indicating the move to fast and frictionless payments has increased the amount of payment scams that occur.

In 2022, one in 15 adults were targets of fraud, and 18% of them were targeted more than once. The diagram below demonstrates how there has been an increase in authorised fraud in comparison to unauthorised fraud, showing that crooks have become savvier in tricking victims into authorising funds being taken from their accounts.

Many large PSPs have been built on legacy technology and are therefore looking outwards to source preventative methods and integrating risk solutions to keep up with fraudsters. They face concerns of cost-effectiveness and interoperability when using third parties to combat challenges. With the increasing usage of embedded payments and third-party payments platforms that require shared data, payment services providers and banks need to enhance their fraud prevention and cybersecurity strategies to stay ahead of cybercriminals.

A 2022 survey by the Association for Financial Professionals found that in 2021, 71% of participating organisations were victims of payments fraud, which was lower than the 81% reported in 2019. The survey also concluded that 36% of participating firms validate payment recipient information through their vendor or bank and 30% by using an external service.

Payments providers are taking innovative measures to prevent crime

PSPs are developing new approaches in risk management to combat fraud, and PaaS services such as embedded fraud and risk management, advanced security features, and reporting and analytics insights can reduce payments-related crime.

Deutsche Bank has been experimenting in ‘swarm intelligence’ fraud prevention methods, which combines its data with that of other businesses and corporates in the cloud, to create a ‘data-lake’ that can be used to assist in detecting fraud. This idea can create a secure community of data for analysis.

Yves Longchamp, head of research at SEBA Bank, comments on the use of decentralised identities (DIDs): “The detection of payment fraud can be improved with the generalisation of DIDs. A DID offers both security — as one can verifier the payer and receiver — and, at the same time, adds a layer of privacy, which is attractive to users.”

AI and machine learning technologies are also being deployed to enhance fraud detection and reduce human error when it comes to preventing crime. AI technologies can learn behaviours and note patterns in screening processes to better understand their users and help identify criminals. Technology can also flag inconsistencies in payment patterns and investigate changes in payment processes.

Maymat remarks: “The challenge is to find the right balance between security and convenience. Using advanced technology could boost both. Artificial Intelligence and Machine Learning for instance can be used to analyse customer behaviour, transactions patterns, and risks factors to better adapt authentication method based on risk exposition assessment. Tokenisation and encryption can protect customer and payment data from breaches.”

Payments giant Stripe uses Stripe Radar for their risk management. Stripe Radar monitors the wide scale of Stripe’s data that operates in 197 countries and processes the data from partners, payments, and checkout tools to ensure that all transactions are administered securely. The platform uses signals to check for fraud threats, such as device fingerprints to authenticate the user, patterns in historical data, and identifying proxies, and uses all of the above to score transactions to determine if a payment is valid.

Annelinda Koldewe, global head of wholesale banking payments at ING, notes that transaction monitoring and real-time analytics are key tools to work against payments fraud. “Given the nature of payments involving multiple parties, sharing of data to detect anomalies is intuitive, but is in practice restricted by data protection regulations,” says Koldewe. “Specifically for instant payments, the introduction of ‘confirmation of  payee’ is a step to reduce risk of payments fraud. To ensure efficient working, a single European solution is required.”

Maymat states that PSPs must focus on regulation compliance and staying up to date on governance guidelines in order to protect consumers and ensure transactions are made securely. PSD2 requires customer two-factor customer authentication and PCI DSS sets requirements for secure cardholder data.

The UK’s Payments Systems Regulator (PSR) aims to publish data on how well customers are being protected from APP scams and fraud by payment service providers in the UK later this year, which will further understanding of how PSPs are combatting cybersecurity issues.

Payments fraud is on an upwards trajectory due to the widening of the online payments space and influx of digital payments innovations, but PSPs are reaching out to outside fintechs and technology providers to aid them in creating a preventative barrier to secure consumer transactions and safeguard them against fraud. Additionally, more and more regulators are putting governance guidelines in place for payments service providers to protect consumers.