RiskSkill Warns That Risks Will Grow Together With The Mobile Payments Sector

fraud and risk management specialist

The leading UK corporate risk prevention consultancy and analyst Riskskill is warning that the expected rapid growth of the global mobile payments market will create a potential cocktail of different risks that pose new challenges for risk managers and other stakeholders in the sector.

In its latest research, Riskskill studied developments in the mobile payments (M-Commerce) arena, i.e. all types of mobile payment services including mobile money and mobile wallets, which are subject to financial regulation and performed from or by mobile devices.

Riskskill identified where it feels the key areas of risk lie in the sector, including:

1. The scale of sector growth and technology change

With commentators suggesting that the mobile payments sector will reach US $1 trillion in global transactions by 2015, the Riskskill research highlights that many risk professionals are concerned by the sector’s significant rate of growth. In Riskskill’s view, this rapid growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

Riskskill recognizes that as a consequence of this growth, one of the greatest challenges to the development of plans and strategies that align organizations within the mobile payments sector is not only the diversity of sources of change but also the sheer speed of technology change be this hardware, software or the technology platforms used.

According to Riskskill, the main ‘mobile payment’ players are now extremely keen to produce the next ‘big thing’ and this is reflected in the significant investment being made. Many feel that Apple with its i-infrastructure and significant market presence has the potential to launch something ground-breaking within iOS7. Other market leading names such as PayPal, Google and Amazon are also likely to have a significant and positive market impact with upcoming developments of their own, as will global and EU based telecom infrastructure owners. The international card schemes too, believes Riskskill, have a positive influence on the development route(s) in the sector, as will many other highly innovative and respected third parties including: iZettle and mpowa.

Riskskill believes that it is the technology organizations that act the most responsibly and altruistically now that will help minimize market risks over time. They are concerned though that in the rush to ‘jump on the bandwagon’, smaller players will adopt solutions that are based upon outmoded foundations and infrastructures. If this happens some regulators and stakeholders could struggle to keep up with the pace of technology change. This could mean that they might be unable to introduce the safeguards, protected environments and fraud prevention methodologies that are required at this early stage of market evolution. Fraud is deemed to be the greatest risk here. The fraudster thrives in such fast-paced environments, especially when there is no history, formality, process standards, anti-risk architecture or common IT foundations. Typically, fraudsters just ‘adapt’ and outsmart their targets.

2. Globalization of mobile payments

Riskskill also points to the rapid spread of mobile payments globally, with the explosive growth of M-Commerce in China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) reveals that global mobile subscriptions are now reaching 6 billion. In some of these newer territories, the mobile payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, whilst the growth figures are impressive, the rate of growth could draw into question whether the existing and on occasion nascent regulatory systems and controls are sufficient to cope. Indeed, Riskskill believes that the most worrying aspect of this global spread is whether the technical and security infrastructures are built and based upon the solid foundations required.

3. Consumer communication and information risks

Riskskill believes, in addition, that in the mobile payments sector there is a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Riskskill is concerned that, alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused, and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems, which will not have been put in place by all the main players at an early stage, as some will only just have kept up with competitive product development.

4. Standards and regulation outpaced?

The impact of such a rapid evolution of technology and financial products could threaten the applicability and implementations of many existing ‘standards’ programs. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change. Riskskill believes that as there is such a broad range of organizations and bodies from which such standards might come, that this in itself could cause confusion for market stakeholders and consumers alike. Once again, the most likely beneficiary of such confusion could well be ‘professional’ fraudsters. The hope is then, says Riskskill, that standards bodies will harmonize with other similar organizations around them, especially those who take a lead.

According to Riskskill there are a number of widely regarded bodies whose intervention could have a major impact in reducing market risk. This includes highly respected organizations such as UK Payments (formerly APACS), the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA-type regulation for the mobile payment sector. Other widely acclaimed and respected card schemes (such as Visa / MasterCard etc.) might also take a lead as they have a strong commitment to acting responsibly and correctly in the market.

Riskskill believes that if the standards that do emerge could drive the right risk–reduced conditions, it could in turn lead to both an evolution and a revolution in M-commerce practice and risk management. This could then prove to be a facilitator for wider adoption of mobile-based NFC /contactless payments.

RiskSkill has also studied whether the effects of the ‘potential standards debacle’ might also have a ‘knock-on’ effect upon government regulation too, as there is always the possibility that more interventionist governments might take the opportunity to play a constructive role. The company feels that with the respected EU Cyber Security Directive, focusing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments.

In the UK, Riskskill questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required to lead direction and strategy in the mobile payment sector.

Riskskill’s CEO Bill Trueman believes that whilst the risk in each of these areas can be incorporated into risk strategies, the combined effects are harder to predict. In his view, “It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector. This is a simply enormous issue to address. Organizations, and indeed many governments, are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a ‘tall order’ and only time will tell if it is possible.” 

News Source

Advertisements

Mobile Payments Sector Could Face A ‘Cocktail’ Of Risks

Leading corporate risk prevention consultancy and analyst Riskskill, a division of UKFraud, is warning that the expected rapid growth of the global mobile payments market will create a potential cocktail of different risks that pose new challenges for risk managers and other stakeholders in the sector.

In its latest research, Riskskill studied developments in the mobile payments (M-Commerce) arena, i.e. all types of mobile payment services including mobile money and mobile wallets, which are subject to financial regulation and performed from or by mobile devices. Riskskill identified where it feels the key areas of risk lie in the sector. These include:

Bill Trueman

1. The Scale of Sector Growth and Technology Change. 
With commentators suggesting that the mobile payments sector will reach US $1 trillion in global transactions by 2015, the Riskskill research highlights that many risk professionals are concerned by the sector’s significant rate of growth. In Riskskill’s view, this rapid growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

Riskskill recognises that as a consequence of this growth, one of the greatest challenges to the development of plans and strategies that align organisations within the mobile payments sector is not only the diversity of sources of change but also the sheer speed of technology change be this hardware, software or the technology platforms used.

According to Riskskill, the main ‘mobile payments’ players are now extremely keen to produce the next ‘big thing’ and this is reflected in the significant investment being made by these key players. Many feel that Apple with its i-infrastructure and significant market presence has the potential to launch something ground-breaking within iOS7. Other market leading names such as PayPal, Google and Amazon are also likely to have a significant and positive market impact with upcoming developments of their own, as will global and EU based telecom infrastructure owners. The international card schemes too, believes Riskskill, have a positive influence on the development route(s) in the sector as will many other highly innovative and respected third parties including: iZettle and mpowa.

Riskskill believes that it is the technology organisations that act the most responsibly and altruistically now that will help minimise market risks over time. They are concerned though that in the rush to ‘jump on the bandwagon’, smaller players will adopt solutions that are based upon outmoded foundations and infrastructures. If this happens some regulators and stakeholders could struggle to keep up with the pace of technology change. This could mean that they might be unable to introduce the safeguards, protected environments and fraud prevention methodologies that are required at this early stage of market evolution. Fraud is deemed to be the greatest risk here. The fraudster thrives in such fast-paced environments, especially when there is no history, formality, process standards, anti-risk architecture or common IT foundations. Typically, fraudsters just ‘adapt’ and outsmart their targets.

2. Globalisation of Mobile Payments
Riskskill also points to the rapid spread of mobile payments globally, with the explosive growth of M-Commerce in China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) points to global mobile subscriptions now reaching 6 billion. In some of these newer territories, the mobile payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, whilst the growth figures are impressive, the rate of growth could draw into question whether the existing and on occasion nascent regulatory systems and controls are sufficient to cope. Indeed, Riskskill believes that the most worrying aspect of this global spread is whether the technical and security infrastructures are built and based upon the solid foundations required.

3. Consumer Communication and Information Risks.
In addition, in the mobile payments sector there is, Riskskill believes, a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Riskskill is concerned that alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems which will not have been put in place by all the main players, at an early stage, as some will only just have kept up with competitive product development.

4. Standards and Regulation Outpaced? 
The impact of such a rapid evolution of technology and financial products could threaten the applicability and implementations of many existing ‘standards’ programmes. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change. Riskskill believes that as there is such a broad range of organisations and bodies from which such standards might come, that this in itself could cause confusion for market stakeholders and consumers alike. Once again, the most likely beneficiary of such confusion could well be ‘professional’ fraudsters. The hope is then, says Riskskill, that standards bodies will harmonise with other similar organisations around them, especially those who take a lead.

Riskskill believes that there are a number of widely regarded bodies whose intervention could have a major impact in reducing market risk. This includes highly respected organisations such as UK Payments (formerly APACS), the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA-type regulation for the mobile payment sector. Other widely acclaimed and respected card schemes (such as: Visa / MasterCard etc.) might also take a lead as they have a strong commitment to acting responsibly and correctly in the market.

Riskskill believes that if the standards that do emerge could drive the right risk–reduced conditions, it could in turn lead to both an evolution and a revolution in M-commerce practice and risk management. This could then prove to be a facilitator for wider adoption of mobile-based NFC /contactless payments.

Riskskill has also studied whether the effects of the ‘potential standards debacle’ might also have a ‘knock-on’ effect upon government regulation too, as there is always the possibility that more interventionist governments might take the opportunity to play a constructive role. Riskskill feels that with the respected EU Cyber Security Directive focussing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments. In the UK, Riskskill questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required to lead direction and strategy in the mobile payment sector. Understandably, much of their current focus, many feel, is deployed in addressing the public sector fraud element of the UK’s existing £52 billion fraud problem, as defined by the AFI statistics produced by the National Fraud Authority.

Riskskill’s CEO Bill Trueman believes that whilst the risk in each of these areas can be incorporated into risk strategies, the combined effects are harder to predict. In his view, “It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector. This is a simply enormous issue to address. Organisations and indeed many governments are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a ‘tall order’ and only time will tell if it is possible.”

About Riskskill

Part of the acclaimed UKFraud operation, Riskskill delivers ‘total risk’ assessments for major corporations, solving problems and engineering bespoke risk reduction solutions in organisational, management, financial control and IT.

Such assessments analyse all areas where organisations are at risk including: fraud, credit risks, counterparty or partner risks, cyber crime breaches, bad debt management, and the oversight and control of other write-offs, along with compliance penalties and legal-case losses. Having identified specific areas of risk, Riskskill prescribes solutions and work-plans for businesses to manage progress themselves. Plans can then be supported with executive and management coaching, training, mentoring programmes or project management to target the engineering of solutions throughout client organisations.

News Source

Mobile Payments Sector Growth Could Bring Fresh Fraud Challenges Says New UKFraud Special Interest Group

UKFraud (www.ukfraud.co.uk) has set up a new Special Interest Group (SIG) for the Mobile Payments sector. The new SIG will monitor, analyse and report on key market developments for use by stakeholders in the domestic fraud prevention sector. The SIG consists of leading fraud prevention consultants coupled with representative input from a wide range of mobile payment industry specialists. In its initial review, the SIG will analyse those characteristics and challenges of the mobile payment market that are most likely to encourage fraudsters to target the sector. In particular, the SIG will investigate the factors that could give rise to an increased risk of fraud. Amongst the key market challenges that the SIG will review are:

1 Sheer Scale of Market Growth
The SIG notes the appearance of a number of spectacular recent mobile payment market forecasts. These include a report from Reuters, in March 2013, highlighting a survey by ‘Heavy Reading Mobile Networks Insider’ suggesting: “The mobile payment industry is growing, offering revenue generating solutions throughout the market and potentially… $1 trillion in global transactions by 2015.”

The SIG is also conscious of the global spread of mobile payment, with the explosive growth of m-commerce in the United States, China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) supports this, pointing to global mobile subscriptions now reaching 6 billion. However, in the face of this backdrop of explosive growth, the SIG is concerned that key sector protagonists lack visible preparedness for the likelihood of such large-scale market expansion or the resultant fraud risks that might ensue.

Indeed, the SIG believes from its own analysis of the sector, that only a small proportion of marketers currently have any formal strategy for leveraging and exploiting mobile payments fully. And, whilst there are also other reports that there is a huge need for ‘Mobile SEO’ to spread the news of the latest products to potential consumers, it is the SIG believes, also still a relatively scarce activity. Should this scenario represent reality on the promotional side, then it is also unlikely, the SIG believes, that adequate fraud systems will have been put in place by many of the main players either.

2 The Speed of Technology Advances
The SIG also recognises that the greatest challenge to the development of plans and strategies that align organisations within the mobile payments sector is the sheer speed of technical change. Seemingly, all the main mobile device players are racing to produce the ‘next best thing’ and major forces such as Google with its Wallet and Apple with the Passbook are also having a significant and positive impact with market pundits. The international card schemes also have an influence on the development route(s) as do many other highly innovative and respected third parties including:  iZettle, mpowa, and PayPal. However the chances are, says the SIG, that whilst some of the other sector protagonists, regulators and customers could potentially struggle to keep pace with such an enormous rate of change, the fraudster thrives in such fast moving environments and simply ‘adapts’ like an ‘amorphous entity’ to outsmart and outflank the market’s developments.

3 What Are The Customer Perceptions of The Mobile Payments Sector?
Amongst the other contradictions to be reviewed by the SIG are claims by some pundits who point to the relatively modest levels of take up of mobile payment products to date. Whilst some believe that many people are waiting until the next ‘big thing’ appears, others cite the plethora of new products already appearing. Some claim that this consumer reluctance to adopt, is the result of confusion over the number and nomenclature of devices and financial products. Yet others highlight a number of recent high profile data breaches both amongst financial services and social media companies which drive caution amongst consumers. However, it is felt that once a major new standard or solution appears that the dam could break. When the dam breaks, the SIG feels, there is a potential concern that some of the new solutions will be more easily and quickly exploited by fraudsters than those that currently benefit from clear best-practice and consumer guidelines.

4 Can Standards Keep Pace? 
Whilst standards would boost consumer confidence, the impact of technology and financial product churn coupled with extreme growth could, the SIG believes, threaten the applicability of many existing standards. Other newer standards might simply not keep pace. There is also, the SIG believes, a myriad of organisations from which such standards can come. This could well cause confusion for consumers and therein delight the fraudsters.

The SIG feels that a widely respected organisation that might potentially take a positive lead in the payments sector is UK Payments (formerly APACS). The SIG will also review other alternatives and analyse which existing standards bodies might develop an effective solution. Well regarded bodies might include: the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA regulation for the mobile sector. The SIG will also review whether widely acclaimed and respected card schemes (such as: Visa / MasterCard etc.) might take a lead as there is potentially a strong interest to capture the market if it grows rapidly.

The SIG feels that potentially mobile payments control could be evolved through an entirely new ‘standard’ that will develop by default and be adopted by others. It is possible, says the SIG, that this could be led by a card organisation, a proprietary payments provider, by an individual bank or a telecoms company. Indeed, the SIG believes that there is every chance that it could result from a collaboration or spin-off of any of the above. Indeed, as things roll-on so fast, this body may not yet exist.

Mobile payments could potentially, the SIG claims, replicate traditional magnetic stripe read transactions; or even replace the later ‘chip read’ transactions. This would cause an evolution in ecommerce transactions through m-commerce, and be the ideal facilitator of NFC contactless payments. In addition, mobile devices could very well become the first choice to be used by merchants as a payment acceptance terminal themselves.

5 Who Owns The Regulation?
The SIG will also review whether a ‘potential standards debacle’ might have a ‘knock-on’ effect upon regulation. The SIG feels that there are so many complications, and so many interested stakeholders, all with conflicting desires to collaborate or compete, that it is hard to know where and how mobile payments will be regulated, let alone who will ‘own’ the regulation.

It will be interesting to see the role governments play. The SIG feels that with the respected EU Cyber directive focussing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments. Turning to the UK, the SIG questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required.

Commenting on the new SIG, its Chairman Kevin Smith (a former head of fraud management at Visa Europe and now an independent payments, risk and fraud specialist) feels that the review will highlight a need to ‘build fraud prevention in’ at all stages early on. He notes, “There will be so much potential change and growth, that it’s not just the technology vendors or financial service providers that are watching the situation closely. Rest assured that a seasoned group of criminals will be looking just as closely, albeit at a different range of opportunities. Only by sharing information and working together at an early stage can the sector start to properly understand the challenges and offer a really effective series of counter-measures. Our aim is hopefully to assimilate and collate a weight of analysis that will prove useful to those stakeholders who are keen to fend off fraudulent activity.”

Bill Trueman CEO of UKFraud and RiskSkill welcomed Smith’s comments. In his view, sharing information and collaboration could work at all levels and could even be led by the UK government. He notes, “Potentially there is a golden opportunity here for the UK to take a lead. Naturally a governmental lead would be preferable. However, some feel that The NFA (National Fraud Authority) and also the Cybercrimes Unit are rather more engaged in defending UK Plc., against attacks than driving commercial standards globally in internationally applicable growth areas such as this. However, they should play a major role here. Some though feel that recently the priority of these bodies has been turned upon the domestic public sector, as this alone is a mammoth area to direct and protect. Hopefully, though, if the mobile payments sector grows as fast as has been suggested, the UK government will then see an opportunity to invest an appropriate amount of money in safeguarding the UK from fraud in the mobile payments sector. In the meantime, we shall work alongside other like-minded groups as a collective approach is certainly one way to ensure that the right information is shared by those in fraud prevention who most need it.”

The SIG’s findings will be published later this year.

About UKFraud (www.ukfraud.co.uk)

UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

News Source