5 trends that will shape the fraud and security landscape in 2022
By Edlyn Cardoza
The FinTech sector blew up last year as the number of fraud cases increased at an exceptional rate. Scammers break anti-fraud systems to steal credit card details and personal information to use a victim’s online wallet and bank account. Phishing links are another way victims fall prey to and grant the attacker access to their devices, such as payment links.
Criminals are already using sophisticated technologies like deepfakes, which are too complicated to comprise users’ accounts. But can eventually become widespread and accessible enough to put the FinTech sector and users at grave risk.
According to OneSpan, 85% of financial institutions experienced fraud in the process of account opening. OneSpan enables financial institutions and other organisations to succeed by making bold advances in their digital transformation. From digital onboarding to fraud mitigation to workflow management, OneSpan’s unified, open platform reduces costs, accelerates customer acquisition, and increases customer satisfaction.
As the year comes to an end, Benoit Grangé, OneSpan’s Chief Technology Evangelist, shares predictions and trends that will shape the fraud and security landscape in 2022.
- Digital identity initiatives will increase for governments, states, and private sectors
Governments around the globe are launching digital identity initiatives that enable users to access a range of services via online or mobile applications. Singapore, UAE, and Australia have already issued a digital identity scheme. The EU is also moving in that direction with the revision of eIDAS and the announcement of the European Digital Identity. The availability of digital identities on mobile devices will facilitate the onboarding and authentication of digital applications. Once a consumer is verified, they can use their digital identity anywhere, at any time online, to onboard or authenticate to any application. The consumer has complete control of the information they are sharing online. Examples include energy suppliers, banks, postal services, and telco providers. Any application dealing with digital identities will need to adapt and support the new governmental digital identity schemes to be relevant in the market. Furthermore, the usage of qualified electronic signatures will become more relevant: citizens can use their digital identities to sign contracts online legally.
- Security top concern for embedded finance offerings
Non-financial enterprises can offer tailored financial products to their community, such as payday loans that employees can benefit from to get easy and reliable access to credit. Or specialised digital platforms, for example targeting truckers that offer credit they can use for fuel financing or vehicle insurance. Analyst firm Juniper Research expects that the value of the embedded finance market will exceed $138 billion in 2026, from just $43 billion in 2021. Both consumers and organisations have become more open to working with non-financial institutions. These companies have better access to consumer data, which helps in providing an optimal user experience, leading to increased brand loyalty. Since those apps are frequently used and generally include payment transactions, they will become even more interesting for hackers. Only the players that combine a frictionless user journey and accommodating offerings like “buy now, pay later” with a secure environment will stand out in the crowd. Organisations that fail to protect their websites and mobile apps will quickly lose their brand reputation, and hence their customer base.
- Privacy by design becomes imperative for organisations to remain competitive
Privacy by design refers to the idea that the future of privacy cannot be assured solely by compliance with regulatory frameworks. Instead, privacy assurance must ideally become an organisation’s default mode of operation, and should protect personal information from the start at the design phase. Although this concept was put in the spotlight when the GDPR was released, it has already existed since the ’90s. At that time, Ann Cavoukian, former Canadian Information & Privacy Commissioner, defined seven principles that are considered the foundation of privacy by design — from enabling privacy settings by default and being proactive to being transparent about the motives for data collection. Those principles remain valid even today. In today’s age of constant data breaches, companies will revisit how they approach privacy. Privacy will differentiate from the competition and create a business advantage. It will be critical for companies to demonstrate they understand the principles and integrate them at all levels of their organisation to offer their employees, partners, and customers the warranty they are taking privacy seriously. Companies that cannot demonstrate that they apply security by design will lose market share. According to Cognizant, 57% of consumers will stop doing business with a company that has broken their trust because of a lack of transparency or breach of their personal data. Consumers are becoming more privacy-conscious. They request to have a clear understanding of their data security and privacy. If not, they will move to a solution that offers such transparency. Recently, even Google started to provide more transparency about using data.
- Cryptocurrency fraud will skyrocket
Crypto exchange platforms have been developed rapidly from open source without taking security seriously. Since the platforms are unregulated and not secure, there’s no guarantee that customers get their money back after a hack. According to Crypto Head, at least 32 incidents of hacks and fraud have already taken place in 2021, for a total value of almost $3 billion. Undoubtedly, the number of cryptocurrency hack incidents will break records in 2022. The most common types of crypto hacking are phishing and social engineering attacks, even though the technology to protect customers against those attacks has existed for years. It has been in use by traditional banks. Push notifications instead of one-time passwords sent via SMS can prevent SIM Swap attacks. Also, application shielding can protect wallet applications from cloning and secret extraction. The only way to mitigate these attacks is to bring in more regulations and rules, like PSD2 and Strong Customer Authentication requirements. On the other hand, customers must select a stock exchange platform that offers premium security capabilities.
- Artificial Intelligence will lead the regulatory agenda in 2022
The use of artificial intelligence in finance has expanded massively in 2021, and it will only increase in the coming years. According to a recent OneSpan survey, 32% of FIs are already putting AI to comply with regulations. Jurisdictions worldwide are eagerly looking to develop AI-based solutions while also considering the ethical implications of its use, such as addressing racial bias that creeps into facial recognition algorithms. Policies and legislation pertaining to the use of artificial intelligence will lead to regulations in 2022 and beyond. In March, U.S. Financial Regulators issued a Request for Information to get input from financial institutions on their use of AI. The regulators wanted to understand how AI is used to provide services to customers and for other business and operational purposes. These insights will likely lead to a Notice of Proposed Rulemaking, a precursor to regulation. We expect these to be published in 2022. Federal regulatory action should not surprise financial institutions based on our recent research conducted by Arizent: 43% of US FIs noted that anticipated federal AI regulations are a top concern. The European Commission’s proposed Artificial Intelligence Regulation seeks to encourage the development of AI while classifying and regulating AI solutions according to risk. The regulation is currently progressing through the legislative process. If the legislation passes, it won’t occur until late 2022 or 2023. We expect the first regulations to be published in 2023 to go into effect in 2024.
ALSO READ: Cybersecurity in Financial Services Report 2021
IBSi Daily News Analysis
March 22, 2023
Cyber risks surge with Indonesia’s evolving payments landscapeRead More
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage