Posts By :

Stuart O'Brien

The UK Online Safety Bill: What service providers need to know
By:

By David Varney, Partner, and Nicole Simpson, Trainee Solicitor, Burges Salmon

After almost four years of significant debate and media discussion in the UK, The Online Safety Act (“OSA”) is now officially law, having received Royal Assent on 26 October. The OSA aims to regulate online safety by placing legal responsibility on online service providers to prevent and remove specified types of harmful content, particularly content deemed harmful to children. 

Ofcom will be the appointed regulator and will be enforcing the OSA. Providers who fail to comply will face significant fines, with Ofcom being able to fine platforms up to £18 million or 10% of their global annual revenue, whichever is higher. 

Who does it apply to?

As well as UK service providers, OSA applies to providers of regulated services based outside the UK, who provide services to UK-based users. The UK Government expects that at least 25,000 companies will be in the scope of OSA, which includes:

  • “User to User Services” – Providers of internet services that allow users to encounter content generated, uploaded, or shared by other users. This is likely to include social media platforms such as Tik Tok and Snapchat, as well as any platform with a user-to-user messaging feature; and
  • Search Services”- Providers of search engines which enable users to search multiple websites and databases.

Companies in scope will be categorised by Ofcom as either “Category 1” services or “Category 2A or 2B” services, with Category 1 services facing the more onerous obligations. 

What does it cover?

OSA imposes new duties of care on services including:

  1. Duties to carry out suitable and sufficient illegal content risk assessments. This will involve providers of online services maintaining a clear understanding of harms that users might face, and implementing an effective risk management processes to mitigate these.
  2. Duties regarding illegal content. Online services will need to take proportionate measures to mitigate and manage risk in relation to illegal content, which importantly will involve preventing users from encountering such content on their services at the outset. This marks a significant change; online service providers were previously only required to act rapidly in removing unlawful content once they were put on notice of the presence of such content. Services must also include provisions in their terms of service to indicate how they are protecting users, and these provisions must be clear and accessible to users. 
  3. Duties in regard to content reporting and complaints. Services will need to allow users methods of easily reporting illegal content, as well as operating an accessible complaints procedure for users. Notably, this complaints procedure will also have scope for the removal of content. 
  4. Duties in regard to user empowerment. This duty involves a responsibility to include features within their service to permit users to control and manage harmful material they see online. Services must also carry out risk assessments in relation to this duty. 
  5. Duties in regard to fraudulent advertising. This duty will require services to prevent individuals from encountering fraudulent advertisements, minimise the length of time for which fraudulent advertisements are visible and swiftly remove fraudulent adverts once reported. 

Further rules apply where services are deemed likely to be accessed by children. The above duties are caveated by a measure of reasonableness for the size and capacity of the online services provider in question.

Photo by John Schnobrich on Unsplash

Proxy Detection: A critical tool in the fight against merchant fraud
By:

Fraudsters are employing ever more sophisticated methods to bypass traditional security measures. One such method is the use of proxies to conceal their true location and identity. This is where proxy detection emerges as a powerful tool for anti-fraud professionals, bolstering their efforts to safeguard online transactions and maintain the integrity of e-commerce operations.

Proxy detection refers to the process of identifying and blocking access from servers that relay internet traffic, concealing a user’s original IP address. These proxies can be used by fraudsters to mask fraudulent activities, making it appear as though transactions are originating from legitimate sources. By effectively detecting and blocking these proxies, businesses can significantly reduce the risk of fraudulent transactions and associated losses.

One of the key advantages of proxy detection is its ability to enhance real-time fraud prevention measures. Advanced proxy detection tools are equipped with dynamic databases that identify not only known proxy servers but also new and emerging ones. This real-time analysis is crucial, as it allows businesses to respond instantly to potential threats, ensuring that fraudulent activities are intercepted before they can cause harm.

In addition to real-time detection, proxy detection tools provide valuable insights into traffic patterns. By analysing data from these tools, anti-fraud professionals can identify suspicious trends and patterns, such as a high volume of transactions originating from a particular proxy server or a sudden spike in activity from a geographical location known for fraud. This data-driven approach enables businesses to proactively adjust their security measures and stay one step ahead of fraudsters.

Proxy detection also plays a significant role in compliance with regulatory standards. In the UK, regulations such as the Payment Services Directive (PSD2) mandate strict security measures for online transactions, including the need to authenticate the user’s identity. By integrating proxy detection into their security protocols, businesses can ensure they are complying with these regulations, avoiding hefty fines and reputational damage.

Another important aspect is the enhancement of customer trust. In an era where data breaches and online fraud are a significant concern, customers are increasingly cautious about where they shop online. By employing robust proxy detection measures, businesses can assure customers that their transactions are secure, thereby fostering trust and loyalty.

However, it’s important to strike a balance between security and user experience. Overly aggressive proxy detection measures can inadvertently block legitimate users, leading to a negative shopping experience and potential loss of sales. Thus, anti-fraud professionals must calibrate their systems to effectively differentiate between malicious and genuine proxy use.

Proxy detection has become an indispensable tool in the arsenal of anti-fraud professionals in the UK. Its ability to provide real-time analysis, insightful data trends, regulatory compliance, and enhanced customer trust makes it a pivotal element in combating merchant fraud. As the landscape of online fraud continues to evolve, the role of sophisticated proxy detection tools will be crucial in safeguarding the digital marketplace against emerging threats.

Are you searching from Proxy Detection solutions for your business? The Merchant Fraud Summit can help!

Photo by Petter Lagson on Unsplash

Do you specialise in POS Verification & Chargeback Solutions? We want to hear from you!
By:

Each month on Merchant Fraud Briefing we’re shining the spotlight on a different part of the market – and in December we’ll be focussing on BPOS Verification & Chargebacks.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in POS Verification or Chargebacks and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Photo by Blake Wisz on Unsplash

Will you be at the Smarter Payments Summit in March?
By:

There’s a guest pass reserved for you at the Smarter Payments Summit, which is taking place on 12th March at the Hilton London Canary Wharf.

This free event provides an opportunity for you to source the solutions you need for your upcoming projects, via a series of 1-2-1 meetings with suppliers.

Your peers who are attending have advised they need suppliers who service the following areas:

Authentication 
Card Payment Systems 
Charge back systems 
Direct Debit Management 
ePayment Solutions 
Fraud Management Systems 
Mobile Payments 
Open Banking 
Payment Networks 
Retail Banking Systems 
Treasury Management Systems
…and more.

Are you interested in these areas too? If so, register for your complimentary place here.

BIOMETRICS MONTH: Balancing privacy and the need to combat fraud
By:

Biometric technology, which measures and analyses human physical and behavioural characteristics for authentication purposes, has become a linchpin in the fight against fraud. Here, we’ll explore the multifaceted applications of biometrics in deterring fraudulent activities, its integration into security systems, and the benefits and challenges it presents…

Traditionally, security measures relied heavily on knowledge-based authentication methods, such as passwords, or token-based methods, like ID cards. However, these systems are vulnerable to various forms of fraud, including phishing, identity theft, and social engineering. Biometrics, by contrast, offers a more robust solution by providing a unique, immutable identifier – the human body itself.

One of the most widespread uses of biometrics for fraud prevention is in the banking and financial sectors. Fingerprint and facial recognition technologies are increasingly integrated into ATMs and mobile banking applications to verify transactions and reduce the incidence of identity fraud. In 2016, HSBC rolled out a biometric banking system in the UK that allowed customers to use fingerprint and voice recognition for account access. This system ensures that only the authorized user can conduct financial operations, significantly lowering the risk of unauthorised access.

Moreover, in retail and e-commerce, biometrics is used to secure payment processes. Apple Pay and Samsung Pay use fingerprint and facial recognition to authenticate payments, making it more difficult for fraudsters to use stolen credit card information. The biometrics tied to these mobile payment systems add a layer of security that is particularly difficult to breach since it requires the physical presence of the individual.

Beyond financial transactions, biometrics is also increasingly crucial in border control and immigration. Airports around the world have started using biometric passports and eye scanning technology to confirm the identity of travelers. This not only speeds up the authentication process but also thwarts attempts to enter a country on fraudulent documents.

Biometric technology also plays a significant role in cybersecurity. By integrating biometric logins into their systems, companies make unauthorized access more challenging. For example, multi-factor authentication systems that include biometrics add an extra security layer that a password alone cannot provide.

Despite its advantages, biometric technology is not without challenges. Concerns regarding privacy and data protection are paramount, as biometric data, if compromised, cannot be replaced like a password. Furthermore, there is a continuous technological arms race between security experts developing more advanced biometric systems and fraudsters finding new ways to spoof these biometric markers.

The use of biometrics in combating fraud has shown considerable promise across various sectors. Its ability to provide secure, user-specific authentication serves as a strong deterrent against fraudulent activities. However, the adoption of biometric technology must be balanced with strict privacy controls and continuous technological advancements to stay ahead of fraudulent schemes. As biometric systems become more sophisticated and widespread, they are set to become a cornerstone in the ongoing battle against fraud.

Are you researching Biometric fraud protection solutions for your organisation? The Merchant Fraud Summit can help!

Photo by Onur Binay on Unsplash

Identified: The five frauds impacting the messaging ecosystem
By:

Five common frauds impacting mobile users in the messaging ecosystem have been identified in new research, highlighting the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem.

The study by Infobip says that with more and more brand-to-consumer interactions moving to digital channels, ensuring the security and privacy of this communication is vital to deliver a great customer experience. But, while the A2P market will grow to $29 billion by 2024, fraud and the revenues lost to fraud are also increasing. So, now more than ever, all organizations in the A2P ecosystem must protect mobile users and consumers by providing secure communication. 

The five critical security challenges MNOs and enterprises need to tackle according to Infobip’s research are:

  • Artificially inflated traffic: Artificial inflation of traffic fraud uses bots to generate one-time PIN requests to generate undue costs and financially benefit the fraudster
  • Flubot: spreading like flu, flubot starts with a fraudulent link leading users to a malicious site to download an app or security update, which infects a phone with malware
  • Smishing: SMS phishing, or smishing, is where fraudsters deceive consumers into revealing sensitive data which is misused. It costs consumers $10.1bn, according to RoboKiller 
  • Grey routes: routes that bypass MNO’s charging systems to deliver messages to end users, costing MNOs revenue and leaving mobile users unprotected from security and privacy risks 
  • Spam: unsolicited messages have been plaguing mobile users and consumers for some time 

Cédric Gonin, VP Global Business Support at Orange International Carriers, said: “As a leading connectivity wholesaler catering to the needs of operators and content providers globally, Orange International Carriers has been securing its customers’ and partners’ international voice and messaging traffic for decades. And we’ve witnessed a steady increase in the number of attacks over the years, with fraudsters getting smarter and new types of fraud emerging, causing financial and reputational losses to telcos and businesses but also emotional distress for the end-user. Orange and Infobip/Anam therefore took advantage of their joint expertise in telecommunications security to develop a robust A2P SMS protect solution, which identifies current and emerging risks, and proactively safeguards telcos, businesses, and end-users on most channels.”

To help protect consumers, Infobip recommends MNOs work with well establish Messaging providers who have direct relationships with the large brands and also introduce technically superior firewall solutions to their networks to protect the A2P ecosystem. Infobip also calls for regulatory change to remove the restrictions on MNOs using particular modules like content analysis to protect the end users from different fraud scenarios, particularly in Europe. Content analysis is crucial for improving security standards while maintaining high privacy norms. For Enterprises, Infobip recommends using Messaging providers who have direct connections with MNO’s, protecting consumers security and privacy  through established communications platforms with global infrastructure.

Matija Ražem, Vice President of Business Development at Infobip, said: “As the largest player in the SMS firewall market, we take our responsibility to protect MNO, enterprises, and consumers seriously. But we are all co-guardians of the A2P messaging ecosystem. While fraudsters are becoming ever more sophisticated, we can reduce AP2 fraud with a combined effort from all involved. The system is only as strong as its weakest link, so MNOs and enterprises should invest in their security and adopt the latest technology to combat fraudsters and protect their customers and business. That is why we have developed features like data anonymization, where our firewall separates sensitive customer data from the content, so customer’s privacy can’t be compromised.” 

Online payment fraud losses to hit $91bn by 2028
By:

Merchant losses from online payment fraud will exceed $362 billion globally between 2023 to 2028, with losses of $91 billion alone in 2028 as new technologies such as AI begin to be felt in the market.

That’s according to a new report for ResearchAndMarkets, which analyses the repercussions of the surge in alternative payment methods, forthcoming challenges in the realm of Open Banking APIs, and an assortment of fraud types across sectors such as banking, remote digital and physical goods, and airlines.

The report says the upswing in eCommerce transactions, especially in emerging markets, is the driving force behind this burgeoning landscape. It details how merchants operating in these markets are grappling with novel threats, prominently the heightened utilisation of artificial intelligence (AI) for perpetrating fraudulent activities.

Online payment fraud encompasses a spectrum of deceptive or illicit online transactions orchestrated by cybercriminals employing diverse fraudulent techniques like phishing, business email compromise, or account takeover.

One of the report’s conclusions is that eCommerce payment providers should extend dashboards and data visualisation tools to cater to smaller SME customers. It asserts that SMEs currently lack access to robust customer analytics, and this data holds the potential to illuminate consumer purchasing patterns and furnish insights into payment method preferences and fraud trends.

Hence, by offering supplementary services to SMEs, eCommerce payment providers can distinguish their offerings in an increasingly cutthroat and commoditised marketplace.

Photo by Jefferson Santos on Unsplash

AI MONTH: AI and Fraud Prevention – A confluence of technology and security
By:

Businesses and financial institutions face a constantly mutating landscape of fraudulent activities. Traditional systems, once hailed as robust, now frequently lag behind in detecting and preventing contemporary fraud schemes. Enter Artificial Intelligence (AI): a transformative force that’s reshaping fraud prevention by providing real-time, predictive, and adaptable solutions. Here we explore the growing influence of AI in combatting fraud and safeguarding assets, based on input from delegates and suppliers at the Merchant Fraud Summit…

  1. Real-time Transaction Analysis: AI can process vast amounts of data at lightning speeds. This allows it to assess each transaction in real-time, comparing it against patterns of normal behaviour. If a transaction looks suspicious (say, an unusually large purchase made in a foreign country late at night), the AI system can flag it instantly for review or even block it until it’s verified.
  2. Deep Learning for Pattern Recognition: Fraudsters are known for their adaptability, constantly changing tactics to evade detection. Deep learning, a subset of AI, empowers systems to ‘learn’ from vast datasets, recognising patterns and anomalies without being explicitly programmed. This means that even if fraudsters alter their tactics, AI systems trained using deep learning can detect these new patterns, keeping businesses one step ahead.
  3. Predictive Fraud Analysis: Beyond merely detecting known fraudulent tactics, AI leverages predictive analytics to forecast potential future threats. By analysing historical fraud data and blending it with current transaction trends, AI can offer predictions about where and when the next potential fraud might occur. This proactive approach allows businesses to bolster security in vulnerable areas before a breach happens.
  4. Enhanced Authentication Protocols: AI has amplified the capabilities of biometric authentication methods like facial recognition, voice analysis, and fingerprint scanning. By continuously learning and updating individual profiles, AI ensures that only the authentic user can access accounts, thereby drastically reducing identity theft or account takeovers.
  5. Natural Language Processing for Phishing Detection: Phishing emails are a common tool in a fraudster’s arsenal. AI, equipped with Natural Language Processing (NLP), can scan emails and detect subtle linguistic cues that might indicate a phishing attempt, protecting users from potential threats.
  6. Automated Reporting and Decision Making: Post-incident reports are crucial for understanding breaches and strengthening defences. AI can automate this process, collating data, suggesting remedial measures, and even implementing certain protective protocols without human intervention.
  7. Adaptable and Self-learning Systems: One of the greatest advantages of AI is its inherent adaptability. As it encounters new types of fraud or even near-miss events, it learns, refines its algorithms, and becomes even more effective in subsequent detections.

AI is not merely a tool but a dynamic shield adapting and evolving in the face of emerging threats. As businesses and transactions continue their inexorable shift online, AI stands as a sentinel, safeguarding assets and instilling trust in systems. The fusion of AI and fraud prevention is an exemplar of how technology can be harnessed to protect, predict, and prevail against malicious intent.

Are you looking for mobile anti-fraud solutions for your business? The Merchant Fraud Summit can help!

Photo by Possessed Photography on Unsplash

Do you specialise in Biometrics for Fraud Detection or IP Intelligence/Proxy Detection Solutions? We want to hear from you!
By:

Each month on Merchant Fraud Briefing we’re shining the spotlight on a different part of the market – and in November we’ll be focussing on Biometrics for Fraud Detection & IP Intelligence/Proxy Detection.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in Biometrics for Fraud Detection or IP Intelligence/Proxy Detection and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Here’s our 2023 Features List in full:-

November – Biometrics for Fraud Detection & IP Intelligence/Proxy Detection

December – POS Verification & Chargebacks

For more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

MOBILE MONTH: Selecting mobile fraud prevention solutions
By:

Mobile phones, as personal devices frequently used for financial transactions, communications, and data storage, have become a prominent target for fraudsters. In the UK, mobile phone-based fraud prevention is a growing concern for many businesses. As anti-fraud professionals look to tackle this challenge, selecting the right supplier and solution is pivotal. Here are the principal considerations to bear in mind, based on input from delegates and suppliers at the Merchant Fraud Summit…

  1. Understanding the Threat Landscape:
    • Diverse Threats: Ensure your chosen supplier has expertise in diverse mobile threats, from SIM swapping to malicious apps.
    • Continuous Monitoring: The solution should proactively monitor and predict threats, evolving in real-time as new mobile-based fraud methods emerge.
  2. Integration and Compatibility:
    • Cross-platform Support: The solution should be compatible across various mobile operating systems, notably Android and iOS.
    • Integration with Current Systems: It’s crucial that the chosen solution integrates smoothly with your existing IT infrastructure and security protocols.
  3. Real-time Protection:
    • Immediate Alerts: Given the personal and immediate nature of mobile phones, real-time alerts for suspicious activities are essential.
    • User Verification: Implement multi-factor authentication (MFA) that leverages mobile capabilities, like biometrics or SMS codes.
  4. User Experience:
    • Balancing Security with Usability: While fortifying security, the solution should not overburden legitimate users with cumbersome processes.
    • Adaptive Security: Consider solutions that adapt based on user behaviour, raising security measures for unfamiliar patterns but easing them for recognised behaviours.
  5. Comprehensive Reporting:
    • Insightful Dashboards: Solutions should provide detailed reports, highlighting vulnerabilities, attempted fraud incidents, and successful interventions.
    • Predictive Analysis: Leveraging AI and machine learning, the system should predict potential future threats.
  6. Regulatory Adherence:
    • Data Protection: Ensure the solution is compliant with UK and EU regulations, especially GDPR, ensuring user data’s privacy and security.
    • Industry Standards: For mobile payments or financial services, ensure compliance with relevant industry security standards.
  7. Supplier’s Reputation:
    • Proven Expertise: Prioritise suppliers with a strong track record in mobile security and fraud prevention.
    • Client Feedback: Reviews and testimonials can provide a genuine sense of the solution’s efficacy and reliability.
  8. Cost Considerations:
    • Value Proposition: Evaluate the potential financial losses from mobile fraud against the cost of the solution, ensuring a favourable return on investment.
    • Flexible Pricing Models: Some suppliers may offer tiered or scalable pricing, allowing you to choose based on your specific needs.
  9. Support and Training:
    • Initial Setup: Comprehensive onboarding will ensure your team maximises the solution’s potential from day one.
    • 24/7 Support: Given the always-on nature of mobile devices, round-the-clock support is crucial.
  10. Future Preparedness:
  • Ongoing Updates: With mobile technology rapidly evolving, the chosen solution should receive frequent updates to counter emerging threats.
  • Scalability: As your organisation grows and mobile usage patterns change, the solution should adapt accordingly.

In the dynamic landscape of mobile phone-based fraud, UK anti-fraud professionals must be diligent and forward-thinking in their choice of prevention solutions. A strategic approach, underpinned by these considerations, will pave the way for robust mobile security.

Are you looking for mobile anti-fraud solutions for your business? The Merchant Fraud Summit can help!

Image by Pexels from Pixabay