2 ways to use technology against banking fraud in Asia
By Cyril VilleminBank fraud costs financial institutions in Asia a combined total of $1 billion annually – a figure that was quoted as recently as last year. But the costs of fraud go beyond just that of monetary losses. Banks have to also consider the shadow costs – such as the possible damage to their reputations, and loss or decrease of trust between them and their existing customers.
Some banks are already aware of these implications and as a result are investing in developing an environment for their customers to transact safely. The two main areas which banks these days are looking into are the migration of banking cards, from magnetic stripe technology to chip-based technology and securing their eBanking services.
Here are some simple and cost-effective steps which banks are currently putting in place:
Migrate to chip-based cards to eliminate fraud
Unlike magnetic stripe cards where the information is static and easily copied with a skimming device, the data stored in chip-based cards is encrypted, making the card impossible to clone. Switching credit, debit and ATM plastic cards to chip-based cards also allows banks to leverage on the Europay, Mastercard and Visa (EMV) standard, which is a global standard for the inter-operation of integrated circuit cards and for authenticating payment card transactions. The EMV standard is also adopted by all the major payment brands, such as MasterCard, Visa, American Express, JCB, and Discover/ Diners Club. With card payments on the rise across Asia, a corresponding rise in fraud incidences can be prevented through EMV migration.
In the world of physical points of sale including ATMs, the EMV card’s microprocessor chip securely stores information and security credentials in an encoded format. This provides greater protection vis-à-vis magnetic stripe technology. When payment is made in an offline environment, a transaction-unique digital seal or signature in the chip proves the card’s authenticity and prevents criminals from using fraudulent or copied cards. For online payments, the EMV card is able to generate a transaction-unique online cryptogram that protects against fraud.
In the long term, EMV cards also allow banks to introduce other forms of payments such as multi-function cards for transportation, contactless payments that bring speed and convenience to users for low value payments, or even a virtual card in a mobile device via mobile near field communication (NFC). These create new revenue streams for banks and ensure that their brand remains top of wallet.
As the industry leader in EMV migration projects globally, Gemalto strongly advocates that financial institutions around the world push for the migration of their banking card security onto the EMV chip.
Securing eBanking
At the same time, banks are also deploying internet based banking services – also known as eBanking – as it brings value to both their customers and themselves. eBanking allows access to banking services in a more convenient manner – they no longer have to find a physical branch or ATM. eBanking also cuts down on the operational costs for banks due to its paperless and automated system.
eBanking’s convenience is making it an increasingly popular service amongst bank customers. It comes as no surprise then, that as the user numbers grow, so do fraud attempts. Common techniques deployed include phishing, pharming, keylogging, man-in-the-middle and man-in-the-browser attacks.
In today’s dynamic landscape, advanced solutions such as two-factor authentication and one-time-password (OTP) offer protection from criminals who want to gain unauthorized access. OTP systems provide a mechanism for logging onto a network or service using a unique password for every transaction.
At the same time, eBanking tokens are also being deployed in a variety of form factors that can meet the varied needs of customers. An example of the innovation in this space is the display card – which looks and functions like a regular credit, debit or ATM card but also includes features like EMV payment, One-time Password (OTP) generation and transaction signing for e-banking. There is also the possibility of using it for contactless payments.
As banks invest in improving the security of their customers, they also need to protect this investment for the long term. It makes sense to select a security provider that is able to work with any existing legacy systems that the bank has in place, and yet is able to scale, future-proofing the security system to adapt to any new standards which may emerge in the future.
At Gemalto, our experience of working with financial institutions has helped the company design solutions that comply with the highest level of security, and at the same time integrate with most requirements and standards worldwide.
Conclusion
In the end, banking is all about trust. With trust, banks can not only protect the assets of their existing customers but also increase their customer base and create new revenue streams by growing alternative banking channels.