One of the most important aspects of e-commerce is maintaining the security of financial data shared by both users and companies on existing platforms. Fraud is definitely present. According to the newspaper El Economista, “Fraud in electronic consumption has soared to 400% during confinement.” Identity theft and even the theft of bank data are some of the crimes to which consumers are most exposed.
Below, Antuam Traverso, Evertec Fraud Prevention and Risk Management Manager, shares his vision of fraud, its evolution, and possible projections.
What are the main changes in the prevention of transactional fraud seen in recent years?
Antuam Traverso (A.T.):
We have been fighting an all-out-war that continues to evolve. Fraud has moved from the physical environment on to the virtual world, where people become victims of cyber-attacks. It has also become more complex; information can now be so easily disseminated that fraud can occur anywhere in the world. We cannot win the war, but we can win battles by implementing new controls and mechanisms to help us mitigate it. Little by little, we realize that we must evolve to protect not only cards and payment methods, but also the people because their personal information (email, phone number, passwords) is the most important factor in the fraud market. We have to move gradually and faster towards a comprehensive protection for people. Do you own a company and want to know more about our products?
What are the main differences between the types of fraud that affect each industry, issuers / acquirers, and others? What have they been protecting each other from?
A.T: From my perspective, I make a distinction between two types of fraud: the type that affects individuals as well as companies that provide service, and the type that only affects the company providing services. There are 2 differences: the way in which the information is obtained and the amount of data available to commit the crime. What differentiates one event from the other is the magnitude: how much is lost and what kind of information is being obtained. The merchant has to guard against external attacks on its databases, protect customers, and offer them mechanisms to protect themselves, such as verifications via SMS, emails, or phone calls before transactions, as well as the protection and devaluation of the stored information. In the case of individuals, people must learn about the risks and the correct use of tools. There is already a lot of awareness among consumers; they are more educated and more wary of the risks. When you are an issuer, you depend a lot on customer loyalty to use their money and your tools, which is why it is important to give them mechanisms they can trust.
How should companies tackle fraud?
A.T: It is impossible to fight against something you don’t know. Fraud is often seen as something that will never happen to us. Companies must know who their customers are and their buying habits in order to understand where it is going to work. By doing this, they can define what the potential risks are. It is better to be prepared for a situation than to have to pay the consequences for not knowing the risks. Have full knowledge of who you work with, your bank and card issuer. This is the framework that creates a safe environment for everyone. Carefully choose the ally that can help you understand the needs of your customers and how to protect them.
Is it possible to eliminate fraud completely? What would it take?
A.T: Fraud can never be completely eliminated, in the same way that bad credit cannot be eliminated. Social rules would have to be implemented that make it impossible for people to lie. There are people who commit fraud out of necessity and others who do it because they are bad. What we can do is determine the risk tolerance and how much we can bear. This leads us to designing controls and fraud prevention strategies. If I have a business, I need to acknowledge the fraud losses I was unable to manage and prevent. You need to understand your business in order to minimize risk and prevent the potential for fraud. With a good prevention strategy, losses will be minimal enough that you can protect your revenue. This also applies to recognizing risks and knowing how to protect ourselves as individuals. Reducing fraud requires goodwill and social change. Meanwhile, in order to mitigate it, we need to understand the risks and know what strategies can be implemented to prevent and measure it.
What do you recommend so that users are better educated on prevention?
A.T: We still have a long way to go, but we have come far. This has a lot to do with digitization. Latin America has grown a lot, thanks to internet access. Consumers 10 years ago were very different from consumers today. People are learning to react more deftly to events because they are better informed. There are also groups of people who are facing a technological environment and need greater access to information or basic education (primary school level), especially among the elderly (70 years and older). We have evolved; more people are aware of the risks, and we must teach them. Institutions should want to educate their consumers with accessible information through channels other than the internet and accompany that information with calls or printed material. Education is very important to achieve an effective prevention environment. Here, governments must also take responsibility, educate, and protect elderly users and those with disabilities, both of which are vulnerable sectors that are exposed to these risks. We are all responsible for providing guides to entities and consumers regarding the rules so that they can get educated.
What are the main lessons to prevent fraud that you would give to the different institutions, businesses and users that may be involved in this type of scheme?
A.T: My advice can be summarized in 3 very simple principles:
- Understand that fraud can affect anyone. No one is exempt from being a victim.
- It is important to understand how fraud evolves and continue educating ourselves.
- Have the necessary technological elements to protect yourself, as well as tools to prevent it, such as RiskCenter 360.
Can a market / country learn from the best practices or successes of other countries to prevent or fight fraud? Can you mention relevant examples or cases?
The issue of risk exposure has been a big problem for several governments. For example, the UK is doing very well; many prevention rules originate from Europe. Their governments have privacy and information regulations that protect you. Also, the United Kingdom has a law for financial crimes. Consumer protection is a priority. In Mexico, for example, electronic card transactions are highly protected. They require entities to implement several verification steps to minimize risk and give their citizens tools to protect themselves. India also has legislation for managing transactions. Costa Rica was one of the first countries in its region to apply contactless payment.
Final Advice:
Fraud is not static. That’s why you need the flexibility of an ally that fits your fraud strategy. You do not need a static tool but one that adapts to different situations. RiskCenter 360 from Evertec can be the best partner in the search for a secure environment for your customers’ electronic purchases.