Marketing & Media trends
5 banking and payment security threats and trends to watch in 2023
People were so bullish about the digital spend in the Covid years that the retraction hitting large parts of the tech industry will take some by surprise – banks and credit unions included. Many of the important, but often delayed-due-to-Covid priorities will be put back on the 2023 to-do lists and we may also see many of the ‘technical debt’ and longer-term projects that were pushed out during the crisis, get their rightful place on this year’s agenda.
In my view, it will be a year where we’re going to see lots of different movements and initiatives get attention, as the ‘digitise everything’ focus that highlighted the past few years begins to wane.
However, as we continue through our crypto winter and tech crunch, security leaders should make use of the opportunity to snap up available skills. Because the one thing we know is that when things get harder, criminals also become more desperate. We must prepare for more breaches as the year progresses.
Here are five trends that will impact tech and security leaders in 2023.
These advancements offer organisations a huge opportunity when it comes to deploying chat technology as part of their self-service and broader omni-channel communication efforts.
Having a bot that is better able to interpret and easily respond to queries will put customers at ease and could rapidly improve automation efforts. This should attract particular interest from banks and other financial institutions and is likely to add some momentum to chat banking initiatives.
But as attractive as the additional automation may seem, security leaders will also need to gear up to deal with the darker side of the technology – or rather of the humans who use it for their nefarious ends.
One example is that some AI programmes can generate basic programmes which could help bad actors write code to bypass poorly secured websites. Another is that it is feasible to use these machines to simulate a voice (with just a small sample), which could then be used to bypass voice recognition or in payer manipulation fraud.
And, of course, the art generators are ideally positioned to help generate synthetic IDs with face images, voices and back-stories that don’t actually exist, but look incredibly real. Fraudsters could even get advice on how to break security systems by just asking these AI systems to make recommendations.
While it’s clear this technology has tremendous potential to improve the customer experience, it also offers fraudsters a host of new opportunities. Expect significant strides to be made on both sides during the year ahead.
This type of fraud often has a fraudster calling a customer and convincing them they are about to have their money stolen, fast-talking them into transferring their cash into a mule account controlled by the criminal ring. Using the customer as the ‘insider’ that helps steal money has now been established as the most effective way to access funds.
Expect lots of new schemes emerging that will try to exploit this, and lots of marketing campaigns to educate and warn customers. We also expect a good deal more new technology firms emerging in this space with new innovation to prevent this kind of attack.
Widely regarded as a success in protecting customers, Payment Services Directive Two (PSD2) will be extended with PSD3 in the EU in 2024. It’s expected that more focus will be placed on improving user experience and, wherever possible, removing them from the authentication process in order to reduce friction.
In addition, Europe has published their eIDAS 2 regulations requiring governments to start issuing digital identities, with the first pilot kicking off in March 2023. This will be driving digital identity in the region over the coming years.
Overall, we’re also seeing a lot more organisations, such as EMVCo, Visa, Mastercard and The National Institute of Standards and Technology (Nist), increase their security requirements and include Fido authentication into their standards and regulations.
With this regulatory backing and support from Apple, Google and Microsoft, Fido authentication will receive a lot of attention. The US government, meanwhile, has committed to Zero Trust architecture and has placed significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA).
Many vendors are jumping on the bandwagon and security leaders will be hearing a good deal more about this during the year.
The US has also dabbled with it in a few states and Apple is co-ordinating with travel agents to load drivers licences as part of its wallet offering.
With the first pilot in the EU underway, many private and public organisations will likely begin factoring digital ID into their thinking.
The European approach is based on emerging standards from the self sovereign world such as the W3C’s verifiable credentials, while Apple has chosen NFC standards from the ISO. It will be really interesting to see if these two diverging standards will find a way to work interoperably, or if one will dominate.
Finally, we know that predictions can be foolhardy in a world as mercurial as the one in which we find ourselves. However, when we asked ChatGPT what its top five predictions for digital fraud in 2023 were, its number one concern was ironic, but perhaps indicative of just how ‘self-aware’ AI is becoming. It’s answer? “Increased use of deepfake technology to create convincing impersonations of real individuals for fraudulent purposes.”
And so, I remain confident of my 2023 list.