Posts By :

Stuart O'Brien

New guidelines for Secure AI System Development unveiled

Th UK has published the first global guidelines to ensure the secure development of AI technology as part of an initiative encompassing agencies from 17 other countries that have confirmed they will endorse and co-seal the new guidelines.

The guidelines aim to raise the cyber security levels of artificial intelligence and help ensure that it is designed, developed, and deployed securely.

The Guidelines for Secure AI System Development have been developed by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ, and the US’s Cybersecurity and Infrastructure Security Agency (CISA) in cooperation with industry experts and 21 other international agencies and ministries from across the world – including those from all members of the G7 group of nations and from the Global South.

The new UK-led guidelines are the first of their kind to be agreed globally. They will help developers of any systems that use AI make informed cyber security decisions at every stage of the development process – whether those systems have been created from scratch or built on top of tools and service provided by others.

The guidelines help developers ensure that cyber security is both an essential pre-condition of AI system safety and integral to the development process from the outset and throughout, known as a ‘secure by design’ approach.

SAVE THE DATE: Merchant Fraud Summit 2024

Registration is now open for the second annual Merchant Fraud Summit, which is taking place on November 6th 2024 at the Hilton London Canary Wharf.

Your complimentary guest pass includes:

– An itinerary, designed by you, of pre-qualified one-to-one meetings with solution providers

– A seat at the industry seminar sessions

– Lunch and refreshments throughout

– Networking breaks to optimise your opportunity to make new connections

Areas covered at the event include: Anti-fraud software, Charge back protection, Data analysis, Digital identity verification, Fraud management, Risk prevention solutions, Security software and much more.

Click Here To Register

Delegates can contact Jake Healy on 01992 374067 | j.healy@forumevents.co.uk to book your place or to find out more.

Alternatively, if you’re an industry supplier contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Open Finance and GenAI set to dominate FinTech and payments landscape in 2024

A Juniper Research whitepaper has revealed the 10 trends it believes are set to radically impact the fintech and payments landscape in 2024.

The whitepaper found that the fintech market is undergoing a rapid shift, with the rise of new technologies, such as Open Finance, generative AI and A2A (account-to-account) payments having a major impact on business models. This is combined with unprecedented competition to be ‘top of wallet’ for customers, making the market more competitive and uncertain than ever.

Top 10 Fintech & Payments Trends 2024

The trends are as follows:

1. A2A Payments to Challenge Cards in eCommerce and for Funding Wallets
2. CBDC Use Cases to Emerge in Practice
3. Generative AI in Banking to Transform Spending Insights
4. Digital Identity Adoption to Be Catalysed by Digital Wallet Integration
5. AML Tools to Increasingly Leverage AI as Alternative Payments Complicate Compliance
6. Sustainable Fintech Solutions to Emerge, as ESG Compliance Moves to Top of Agenda
7. FedNow to Fail to Match Instant Payments Success, but Value-added Services Will Flourish
8. Mobile Financial Services to Accelerate Transition to Banking Tech Services
9. Biometric In-store Payments to Surge, as Checkout Innovation Rises
10. B2B BNPL to Provide Critical Financing for SMEs

Juniper Research’s VP of Fintech Market Research, Nick Maynard, said: “The fintech and payments market is undergoing fundamental changes, with new payment methods and different business models threatening to completely uproot existing operations. Stakeholders must fundamentally reassess the viability of their offerings, and build ambitious roadmaps for future developments, or they will be left behind by more agile competitors.”

These trends were compiled by Juniper Research’s expert team of financial markets analysts; cross-referencing their detailed industry knowledge against the online data platform harvest, comprising over 2.1 million fintech market statistics.

Photo by Nathan Dumlao on Unsplash

The UK Online Safety Bill: What service providers need to know

By David Varney, Partner, and Nicole Simpson, Trainee Solicitor, Burges Salmon

After almost four years of significant debate and media discussion in the UK, The Online Safety Act (“OSA”) is now officially law, having received Royal Assent on 26 October. The OSA aims to regulate online safety by placing legal responsibility on online service providers to prevent and remove specified types of harmful content, particularly content deemed harmful to children. 

Ofcom will be the appointed regulator and will be enforcing the OSA. Providers who fail to comply will face significant fines, with Ofcom being able to fine platforms up to £18 million or 10% of their global annual revenue, whichever is higher. 

Who does it apply to?

As well as UK service providers, OSA applies to providers of regulated services based outside the UK, who provide services to UK-based users. The UK Government expects that at least 25,000 companies will be in the scope of OSA, which includes:

  • “User to User Services” – Providers of internet services that allow users to encounter content generated, uploaded, or shared by other users. This is likely to include social media platforms such as Tik Tok and Snapchat, as well as any platform with a user-to-user messaging feature; and
  • Search Services”- Providers of search engines which enable users to search multiple websites and databases.

Companies in scope will be categorised by Ofcom as either “Category 1” services or “Category 2A or 2B” services, with Category 1 services facing the more onerous obligations. 

What does it cover?

OSA imposes new duties of care on services including:

  1. Duties to carry out suitable and sufficient illegal content risk assessments. This will involve providers of online services maintaining a clear understanding of harms that users might face, and implementing an effective risk management processes to mitigate these.
  2. Duties regarding illegal content. Online services will need to take proportionate measures to mitigate and manage risk in relation to illegal content, which importantly will involve preventing users from encountering such content on their services at the outset. This marks a significant change; online service providers were previously only required to act rapidly in removing unlawful content once they were put on notice of the presence of such content. Services must also include provisions in their terms of service to indicate how they are protecting users, and these provisions must be clear and accessible to users. 
  3. Duties in regard to content reporting and complaints. Services will need to allow users methods of easily reporting illegal content, as well as operating an accessible complaints procedure for users. Notably, this complaints procedure will also have scope for the removal of content. 
  4. Duties in regard to user empowerment. This duty involves a responsibility to include features within their service to permit users to control and manage harmful material they see online. Services must also carry out risk assessments in relation to this duty. 
  5. Duties in regard to fraudulent advertising. This duty will require services to prevent individuals from encountering fraudulent advertisements, minimise the length of time for which fraudulent advertisements are visible and swiftly remove fraudulent adverts once reported. 

Further rules apply where services are deemed likely to be accessed by children. The above duties are caveated by a measure of reasonableness for the size and capacity of the online services provider in question.

Photo by John Schnobrich on Unsplash

Proxy Detection: A critical tool in the fight against merchant fraud

Fraudsters are employing ever more sophisticated methods to bypass traditional security measures. One such method is the use of proxies to conceal their true location and identity. This is where proxy detection emerges as a powerful tool for anti-fraud professionals, bolstering their efforts to safeguard online transactions and maintain the integrity of e-commerce operations.

Proxy detection refers to the process of identifying and blocking access from servers that relay internet traffic, concealing a user’s original IP address. These proxies can be used by fraudsters to mask fraudulent activities, making it appear as though transactions are originating from legitimate sources. By effectively detecting and blocking these proxies, businesses can significantly reduce the risk of fraudulent transactions and associated losses.

One of the key advantages of proxy detection is its ability to enhance real-time fraud prevention measures. Advanced proxy detection tools are equipped with dynamic databases that identify not only known proxy servers but also new and emerging ones. This real-time analysis is crucial, as it allows businesses to respond instantly to potential threats, ensuring that fraudulent activities are intercepted before they can cause harm.

In addition to real-time detection, proxy detection tools provide valuable insights into traffic patterns. By analysing data from these tools, anti-fraud professionals can identify suspicious trends and patterns, such as a high volume of transactions originating from a particular proxy server or a sudden spike in activity from a geographical location known for fraud. This data-driven approach enables businesses to proactively adjust their security measures and stay one step ahead of fraudsters.

Proxy detection also plays a significant role in compliance with regulatory standards. In the UK, regulations such as the Payment Services Directive (PSD2) mandate strict security measures for online transactions, including the need to authenticate the user’s identity. By integrating proxy detection into their security protocols, businesses can ensure they are complying with these regulations, avoiding hefty fines and reputational damage.

Another important aspect is the enhancement of customer trust. In an era where data breaches and online fraud are a significant concern, customers are increasingly cautious about where they shop online. By employing robust proxy detection measures, businesses can assure customers that their transactions are secure, thereby fostering trust and loyalty.

However, it’s important to strike a balance between security and user experience. Overly aggressive proxy detection measures can inadvertently block legitimate users, leading to a negative shopping experience and potential loss of sales. Thus, anti-fraud professionals must calibrate their systems to effectively differentiate between malicious and genuine proxy use.

Proxy detection has become an indispensable tool in the arsenal of anti-fraud professionals in the UK. Its ability to provide real-time analysis, insightful data trends, regulatory compliance, and enhanced customer trust makes it a pivotal element in combating merchant fraud. As the landscape of online fraud continues to evolve, the role of sophisticated proxy detection tools will be crucial in safeguarding the digital marketplace against emerging threats.

Are you searching from Proxy Detection solutions for your business? The Merchant Fraud Summit can help!

Photo by Petter Lagson on Unsplash

Do you specialise in POS Verification & Chargeback Solutions? We want to hear from you!

Each month on Merchant Fraud Briefing we’re shining the spotlight on a different part of the market – and in December we’ll be focussing on BPOS Verification & Chargebacks.

It’s all part of our ‘Recommended’ editorial feature, designed to help industry buyers find the best products and services available today.

So, if you specialise in POS Verification or Chargebacks and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jennie Lane on 01992 374 098 | j.lane@forumevents.co.uk.

Photo by Blake Wisz on Unsplash

Will you be at the Smarter Payments Summit in March?

There’s a guest pass reserved for you at the Smarter Payments Summit, which is taking place on 12th March at the Hilton London Canary Wharf.

This free event provides an opportunity for you to source the solutions you need for your upcoming projects, via a series of 1-2-1 meetings with suppliers.

Your peers who are attending have advised they need suppliers who service the following areas:

Authentication 
Card Payment Systems 
Charge back systems 
Direct Debit Management 
ePayment Solutions 
Fraud Management Systems 
Mobile Payments 
Open Banking 
Payment Networks 
Retail Banking Systems 
Treasury Management Systems
…and more.

Are you interested in these areas too? If so, register for your complimentary place here.

BIOMETRICS MONTH: Balancing privacy and the need to combat fraud

Biometric technology, which measures and analyses human physical and behavioural characteristics for authentication purposes, has become a linchpin in the fight against fraud. Here, we’ll explore the multifaceted applications of biometrics in deterring fraudulent activities, its integration into security systems, and the benefits and challenges it presents…

Traditionally, security measures relied heavily on knowledge-based authentication methods, such as passwords, or token-based methods, like ID cards. However, these systems are vulnerable to various forms of fraud, including phishing, identity theft, and social engineering. Biometrics, by contrast, offers a more robust solution by providing a unique, immutable identifier – the human body itself.

One of the most widespread uses of biometrics for fraud prevention is in the banking and financial sectors. Fingerprint and facial recognition technologies are increasingly integrated into ATMs and mobile banking applications to verify transactions and reduce the incidence of identity fraud. In 2016, HSBC rolled out a biometric banking system in the UK that allowed customers to use fingerprint and voice recognition for account access. This system ensures that only the authorized user can conduct financial operations, significantly lowering the risk of unauthorised access.

Moreover, in retail and e-commerce, biometrics is used to secure payment processes. Apple Pay and Samsung Pay use fingerprint and facial recognition to authenticate payments, making it more difficult for fraudsters to use stolen credit card information. The biometrics tied to these mobile payment systems add a layer of security that is particularly difficult to breach since it requires the physical presence of the individual.

Beyond financial transactions, biometrics is also increasingly crucial in border control and immigration. Airports around the world have started using biometric passports and eye scanning technology to confirm the identity of travelers. This not only speeds up the authentication process but also thwarts attempts to enter a country on fraudulent documents.

Biometric technology also plays a significant role in cybersecurity. By integrating biometric logins into their systems, companies make unauthorized access more challenging. For example, multi-factor authentication systems that include biometrics add an extra security layer that a password alone cannot provide.

Despite its advantages, biometric technology is not without challenges. Concerns regarding privacy and data protection are paramount, as biometric data, if compromised, cannot be replaced like a password. Furthermore, there is a continuous technological arms race between security experts developing more advanced biometric systems and fraudsters finding new ways to spoof these biometric markers.

The use of biometrics in combating fraud has shown considerable promise across various sectors. Its ability to provide secure, user-specific authentication serves as a strong deterrent against fraudulent activities. However, the adoption of biometric technology must be balanced with strict privacy controls and continuous technological advancements to stay ahead of fraudulent schemes. As biometric systems become more sophisticated and widespread, they are set to become a cornerstone in the ongoing battle against fraud.

Are you researching Biometric fraud protection solutions for your organisation? The Merchant Fraud Summit can help!

Photo by Onur Binay on Unsplash

Identified: The five frauds impacting the messaging ecosystem

Five common frauds impacting mobile users in the messaging ecosystem have been identified in new research, highlighting the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem.

The study by Infobip says that with more and more brand-to-consumer interactions moving to digital channels, ensuring the security and privacy of this communication is vital to deliver a great customer experience. But, while the A2P market will grow to $29 billion by 2024, fraud and the revenues lost to fraud are also increasing. So, now more than ever, all organizations in the A2P ecosystem must protect mobile users and consumers by providing secure communication. 

The five critical security challenges MNOs and enterprises need to tackle according to Infobip’s research are:

  • Artificially inflated traffic: Artificial inflation of traffic fraud uses bots to generate one-time PIN requests to generate undue costs and financially benefit the fraudster
  • Flubot: spreading like flu, flubot starts with a fraudulent link leading users to a malicious site to download an app or security update, which infects a phone with malware
  • Smishing: SMS phishing, or smishing, is where fraudsters deceive consumers into revealing sensitive data which is misused. It costs consumers $10.1bn, according to RoboKiller 
  • Grey routes: routes that bypass MNO’s charging systems to deliver messages to end users, costing MNOs revenue and leaving mobile users unprotected from security and privacy risks 
  • Spam: unsolicited messages have been plaguing mobile users and consumers for some time 

Cédric Gonin, VP Global Business Support at Orange International Carriers, said: “As a leading connectivity wholesaler catering to the needs of operators and content providers globally, Orange International Carriers has been securing its customers’ and partners’ international voice and messaging traffic for decades. And we’ve witnessed a steady increase in the number of attacks over the years, with fraudsters getting smarter and new types of fraud emerging, causing financial and reputational losses to telcos and businesses but also emotional distress for the end-user. Orange and Infobip/Anam therefore took advantage of their joint expertise in telecommunications security to develop a robust A2P SMS protect solution, which identifies current and emerging risks, and proactively safeguards telcos, businesses, and end-users on most channels.”

To help protect consumers, Infobip recommends MNOs work with well establish Messaging providers who have direct relationships with the large brands and also introduce technically superior firewall solutions to their networks to protect the A2P ecosystem. Infobip also calls for regulatory change to remove the restrictions on MNOs using particular modules like content analysis to protect the end users from different fraud scenarios, particularly in Europe. Content analysis is crucial for improving security standards while maintaining high privacy norms. For Enterprises, Infobip recommends using Messaging providers who have direct connections with MNO’s, protecting consumers security and privacy  through established communications platforms with global infrastructure.

Matija Ražem, Vice President of Business Development at Infobip, said: “As the largest player in the SMS firewall market, we take our responsibility to protect MNO, enterprises, and consumers seriously. But we are all co-guardians of the A2P messaging ecosystem. While fraudsters are becoming ever more sophisticated, we can reduce AP2 fraud with a combined effort from all involved. The system is only as strong as its weakest link, so MNOs and enterprises should invest in their security and adopt the latest technology to combat fraudsters and protect their customers and business. That is why we have developed features like data anonymization, where our firewall separates sensitive customer data from the content, so customer’s privacy can’t be compromised.” 

Online payment fraud losses to hit $91bn by 2028

Merchant losses from online payment fraud will exceed $362 billion globally between 2023 to 2028, with losses of $91 billion alone in 2028 as new technologies such as AI begin to be felt in the market.

That’s according to a new report for ResearchAndMarkets, which analyses the repercussions of the surge in alternative payment methods, forthcoming challenges in the realm of Open Banking APIs, and an assortment of fraud types across sectors such as banking, remote digital and physical goods, and airlines.

The report says the upswing in eCommerce transactions, especially in emerging markets, is the driving force behind this burgeoning landscape. It details how merchants operating in these markets are grappling with novel threats, prominently the heightened utilisation of artificial intelligence (AI) for perpetrating fraudulent activities.

Online payment fraud encompasses a spectrum of deceptive or illicit online transactions orchestrated by cybercriminals employing diverse fraudulent techniques like phishing, business email compromise, or account takeover.

One of the report’s conclusions is that eCommerce payment providers should extend dashboards and data visualisation tools to cater to smaller SME customers. It asserts that SMEs currently lack access to robust customer analytics, and this data holds the potential to illuminate consumer purchasing patterns and furnish insights into payment method preferences and fraud trends.

Hence, by offering supplementary services to SMEs, eCommerce payment providers can distinguish their offerings in an increasingly cutthroat and commoditised marketplace.

Photo by Jefferson Santos on Unsplash