Payment Security Predictions for 2021
Bevan Smith, Head of Risk: Visa Sub-Saharan Africa
In parallel to this pandemic-stricken year in which time often seemed to stand still, global economies moved quickly in ways that accelerated change, bringing lasting impact to consumer behavior, fraud patterns and risk mitigation needs.
This year, Visa has focused our expertise and resources in ways to help financial institutions, merchant partners, governments and consumers navigate these seismic shifts. Looking ahead to next year, I believe many of the changes in digital payments will carryover. More importantly, the experiences of this year will accelerate innovation and force companies to learn from their mistakes to ensure they are not repeated in 2021.
A few predictions for the upcoming year include:
1. Consumer habits born from the pandemic will become the new normal, requiring updated fraud prevention strategies by merchants.
According to Visa’s Back to Business Study, 78 percent of global consumer respondents have adjusted the way they pay for items due to intensified safety concerns and nearly half (48 percent) would not shop at a store that only offers payment methods that require contact with a cashier or a shared machine like a card reader. I believe these consumer preferences are not temporary and are here to stay.
These consumer behaviors will further drive merchants to innovate in order to grow and meet customer preference. Investments by merchants in new ways to onboard customers and new ways to pay such as online, in-app, contactless, and IoT (wearables, in-car, smart speakers, smart appliances, etc.) will be rewarded through new customer acquisitions, existing customer retention and growth in sales.
But as merchants move online, so are fraudsters – some of which have resources backed by nation-states. Payment security is difficult and not everyone in payments has the expertise to do it well. Merchants will need to update their fraud prevention strategies to support omnichannel commerce and if in-house expertise is not available, merchants should turn to proven, reputable partners that can produce outcomes aligned to their business goals and interests.
2. The Strong Customer Authentication requirement will help bolster payment security outside of the EEA and UK.
The requirement for Strong Customer Authentication (SCA) and enforcement for e-commerce starts Jan. 1, 2021 for most of the European Economic Area (EEA) with some local variations among countries. Despite this being a requirement for the EEA and the UK, efforts to strengthen and meet SCA requirements will reverberate in other regions. With the increase in fraud activities in card-not-present channels, some multinational corporations will likely extend the strengthened security measures to other markets where fraud activity is high.
3. Modernizing payment infrastructures will reveal new potential vulnerabilities.
A growing number of Central Banks and fintechs are challenging tradition and exploring new and faster ways to send money, settle payments and share information. Real time payments, digital currency and Open Banking supports innovation that matches the expectations of digitally savvy consumers and will help drive digital commerce for decades to come. But faster payments open up opportunities for faster fraud and sharing of customer information must have data privacy in mind.
Fintechs and Central Banks need to have mechanisms in place to spot atypical patterns that can be an indicator of fraud. It is also important that the principles of Open Banking and the sharing of data is used responsibly and ethically across all products, services and technology. 2021 will see payment volumes in real time payments continue to grow, digital currencies continue to become mainstream, consumer and data privacy at the forefront of many discussions, and industry players working together to resolve new vulnerabilities that are revealed.
4. Government agencies will implement stronger authentication measures due to fraud losses in 2020.
Fraud activities spiked during the first phase of the pandemic in the U.S. Government benefits meant for vulnerable citizens affected by the pandemic were targeted by fraudsters by using stolen identities to apply for benefits – effectively siphoning away the funds making fewer funds available to individuals who needed them the most. The potential loss could be more than $26 billion nationwide.
Government agencies will want to avoid further losses if additional government stimulus is made available in 2021 and will do so by revisiting their processes and technologies used to support the verification of eligibility and distribution of benefits. Strengthening authentication capabilities to better assess government benefit eligibility must be a priority next year. This is a call to action to all government agencies that play a role in the disbursement of benefits.
If agencies do not have the expertise to do this in-house, they should turn to trusted partners in payments. Financial institutions, payment networks and processors globally need to prepare now to ensure adequate fraud prevention layers and strategies are in place so government benefits reach their intended recipients – not fraudsters.
5. Momentum behind digital identity will continue to build led by a shift to strong customer authentication solutions
The move away from passwords and knowledge-based authentication will accelerate with adoption of strong customer authentication standards like FIDO, which is now available in all major browsers and mobile devices.
Plans for government and bank-led electronic identity schemes (e-ID) will advance along with trust frameworks and regulation to inform how the various parties can interact. Accelerated by Covid-19, demand for solutions that help banks and merchants digitally verify consumer identity will grow. Relying parties who are unable to manage identity effectively will become targets for fraud.
The concept that digital identity is one of the building blocks required for a sovereignty to function in the digital age (along with open data, consumer privacy and consent management, and payments) will gain further traction. All eyes will be on Europe as adoption of the SCA mandate comes into effect next year since digital identity is among the options to choose from for stronger authentication before payment.