The rapid digital transformation has not only paved the way for better online services, but also created a rich environment for cybercriminals to thrive in — creating greater exposure to cyberattacks. This is evident in Malaysia, where the number of reported cybercrimes increased from about 13,000 in 2019 to more than 20,000 in 2021 with total losses of RM560 million.
As more employees are working remotely, this presents a new gateway for bad actors. In addition to the increased use of personal devices and home Wi-Fi networks to access corporate IT environments, greater dependency on third-party technologies have posed a considerable risk for cybercriminals to hack into a company’s network. It is therefore critical for companies to have a risk management framework in place for assessing the full IT parameters of remote work, including third-party technology providers.
To complicate matters, many industries are still in the midst of further digitalising. For instance, it is becoming easier to transact with the travel and hotel industries online — leaving passport details susceptible to breaches. The online gaming industry is also in a resurgence, in addition to metaverses coming up around the corner, which may allow hackers to gain access to credit card numbers and in-game currency. And, with five digital banks set to launch in Malaysia in the near future, there is an urgent need to secure our transactions in cyberspace to minimise the risk of fraud.
Looking ahead, as systems and online infrastructures become increasingly interconnected, implications from attacks can multiply more rapidly and extensively, potentially crippling not just businesses but entire economies.
In what ways can online fraud affect consumers’ experience and trust in transaction security?
As more businesses turn to online transactions, the use of digital payments has also risen in volume. According to a report by IDC, digital payments will account for 91% of online transactions by 2025. New technologies are also creating the potential for new means of payment to emerge, including tools such as digital currencies, e-wallets and Buy Now Pay Later (BNPL). Alongside this, digital identity usage has also accelerated. Jumio’s Global Consumer Survey reveals that over half (57%) of consumers across the globe have to use their digital identity often in order to access their online accounts following the pandemic.
The revolution and growth in digital payments and identity usage have led to a surge in online fraud, especially in Asia Pacific (APAC). As reported by Experian, one in four consumers across the region have been victims of online fraud and identity theft. What is worrying is that 80% of them expect businesses to take the necessary measures to protect them online. With 74% of Malaysian consumers already going cashless, digital payment is becoming more omnipresent in our lives. Organisations must then look toward simple yet robust real-time identity verification technologies that ensure security and privacy, without preceding the real needs of consumers and businesses. That way, consumers can feel safe and secure while transacting with businesses online.
What are some ways businesses and financial institutions can counteract the growing threat of identity fraud?
Fraudsters hide behind anonymity, and use a range of sophisticated tactics to breach an organisation’s perimeters.
This means that it is crucial for businesses to use the right mix of technologies to counteract cybercriminals. These include checking IP addresses, verifying emails and addresses, as well as ensuring that the user behind the screen is physically present and is who they say they are.
Businesses must also strengthen their fraud prevention processes by taking an end-to-end approach throughout the customer lifecycle. After all, it is not enough for organisations to only verify their customers’ identities during account sign up. People tend to use the same group of passwords across multiple accounts and websites, increasing the risk of account takeovers — a risk that is present throughout the consumer’s lifecycle. While many businesses have implemented multi-factor authentication such as SMS or email one-time passwords, these have been proven to be susceptible to social engineering attacks.
New authentication methods such as biometrics have allowed businesses to improve security and the customer experience in various ways. For instance, biometric data (e.g., a face-based biometric template) captured during the onboarding process can be repurposed when high-risk transactions are initiated (e.g.: a wire transfer or a password reset).
There are already robust solutions available to perform these various checks throughout the customer lifecycle — from account sign-up to ongoing transaction monitoring. These tools can incorporate advanced liveness detection to determine and verify the user’s physical presence behind an app — which have sent fraud levels plummeting as most fraudsters will abandon the process as soon as they learn that they are required to take a ‘live’ selfie.
And, the fact that these tools are used to authenticate users on an ongoing basis means that they can help deter various types of fraud, such as account takeovers, and detect any suspicious transactions throughout the customer journey. In fact, some regulators have recommended leveraging biometrics in addition to multi-factor authentication, such as SMS OTP, to strengthen defence against identity fraud. This could provide an effective, convenient and secure way to capture to verify the real identity of the online user.
Besides cybersecurity, what are the other concerns that businesses need to address?
In order to run a sustainable business, customer acquisition is vital. As businesses look to strengthen their cybersecurity stance, they need to take into consideration the user experience when designing their processes, which will in turn impact customer conversions. A seamless digital experience is a priority for consumers.
KYC processes that require users to fill out a long form or take hours to get approval will increase customer abandonment — leading to a loss of potential revenue for the business. With a high demand for seamless digital experiences, businesses should leverage advanced technologies such as AI and biometric identity verification to streamline and improve the customer onboarding and ongoing authentication experience, while enhancing security at the same time. AI can easily detect manipulated IDs quickly, while biometric solutions such as selfie identity verification provide a fast and user-friendly way to verify the user’s real identity. Furthermore, as most users are familiar with taking selfies, this is becoming more widely adopted by companies, including financial institutions.
Another key consideration is scalability. For businesses that are expanding beyond borders, they need to assess the cost-effectiveness of their current fraud prevention and compliance systems. An integrated solution provider with global coverage helps save costs and resources on implementation and maintenance of multiple solutions across different markets. At the same time, they can enjoy the flexibility to scale and customise compliance workflows to adapt to the ever-evolving fraud threats and regulatory landscape.
Adopting a single, unified platform helps create seamless orchestration between disparate and ongoing verification checks in a way that is secure, fast, and scalable. And most importantly, without any additional steps from the user.
What are some of the vital strategies for digital payment compliance?
Speed and accuracy are crucial when designing compliance workflows for digital payment. If the person on the other side of the transaction is deemed unsuitable, you must be able to block the transaction with real-time interdiction. However, you must only stop the payments that need to be stopped, or you risk losing legitimate customers. And if you process payments that should have been stopped, you face hefty fines.
It is therefore crucial for businesses in the payments industry to have a strong AI-driven AML monitoring system in place that can accurately detect suspicious activities in real time and provides the flexibility to tune the rules over time to help enhance the compliance team’s efficiency and meet regulatory obligations.
For businesses who wish to expand abroad, cross-border payments can present unique challenges as they need to deal with different customer due diligence standards and workflows for such payments. As a result, 100% automation is extremely difficult, and businesses must rely on highly trained experts to manage cross-border payments. In fact, 2% to 5% of cross-border payments are subject to investigation, resulting in a time lag in the payment being completed.
Businesses should use a vendor that can provide a flexible platform that allows them to tailor their KYC workflow, based on the business requirements, risk tolerance and the regulatory standards in the different markets.
For instance, you can start your KYC workflow with a device check, and if the user’s cell phone has already been used multiple times to open accounts, a more rigorous set of checks will be initiated. This allows companies to provide a frictionless experience for their legitimate customers and increase scrutiny for higher-risk individuals. The result is both higher conversions and higher fraud deterrence.
With these strategies in mind, many companies are now turning to end-to-end identity proofing and AML platforms with orchestration. Orchestration is the ability to run multiple Know Your Customer/Know Your Business checks and dynamically adjust the workflow based on real-time inputs. This enables companies to provide a frictionless experience for their legitimate customers and increase scrutiny for higher-risk individuals. Through such orchestration, businesses can also improve productivity, achieve flexibility as the business expands, and adapt quickly to the fast-changing business and regulatory landscape.
By Frederic Ho, the Vice President of Asia Pacific at Jumio Corporation
