Europol cybercrime

The Second Payments Services Directive (PSD2) is a wide-ranging piece of European legislation that will transform the payments industry. Alternatively referred to as the 'Open Banking' initiative, PSD2 promises to increase consumer choice in the payments sector. It will force banks, who have traditionally held a monopoly over the provision of payments services, to allow new, third party providers to 'build on top of' their existing payments infrastructure and offer their own services.

The directive, incoming in January, is of seismic importance to both banks and payments providers. Banks are sensing the need to move quickly so as not to simply become 'utilities' similar to the water or telephone company, with only a small stable of products to offer.

On the other hand, the newcomers to the payments market are sensing a vast opportunity in providing payment services to consumers. These firms are generally fintech start-ups, but could even be big tech brand names such as Facebook who have stated the intention of providing consumers with payments services.

In the maelstrom of disruption and shifting market players, it will be easy to get caught up the excitement of new offerings and developments in the sector. However, some things in the payments industry will remain the same, no matter how much disruption takes place. Fraud, a major consideration and concern for any actor in the payments space, will likely become a key issue as we move into the post-PSD2 landscape. However, as with all regulatory hurdles, PSD2 can be approached in a way that not only ensures compliance but also significantly improves business processes. In fact, taken in the context that 2018 will be a very hectic year for compliance professionals (GDPR and MIFIDii will also come into force), PSD2 is actually an excellent time to take a step back and analyse how central issues such as fraud prevention are being tackled.

Data and Analytics are key

Fraudsters, back in the non-digital world, took human identities and misrepresented them or sold them on for profit – there was a direct human involvement. However, in the new, data-saturated world of online banking and identities which are in-part or wholly held electronically, it is difficult to get a grip on who is committing fraud and where stolen data or identities are ending up – there is so much digital noise that criminals are finding it easier to hide.

Unfortunately, whilst PSD2 offers many advantages to the consumer in terms of reduced fees and greater choice of provider, the spectre of fraud will remain, and could even be emboldened by the open banking rules.

As more customer data is opened up to third parties, this could increase the risk of more opportunities for malicious actors to access this data.

Although PSD2 comes partly as a response to criticism that large banking institutions have held too much sway over the payments market and charge unjustifiably high fees for transactions, banks have established a robust anti-fraud mechanism that has become even safer over the last ten years. This has been their bread-and-butter since the financial crisis – anyone who has lost a credit card or received a call related to suspicious account activity will have noticed banks tightening up their operations.

The question then, is whether the new payments providers who PSD2 will facilitate will have the means to take on the weight of responsibility placed upon them due to the nature of digital fraud. Whilst this may be of concern to consumers who are wondering whether to take the leap in using a newly established payments provider, in the long term it means that fraud prevention will remain a top priority. In fact, payments providers who fail to meet a baseline level of fraud prevention will be required to integrate more time-consuming identity verification into their interfaces, thus decreasing the usability of their platform – a great disadvantage in a market that will be based on minimal or "frictionless" customer journey.

Beyond January 2018 and into the future of fraud prevention

To followers of developments in data and analytics technology and emergent fields such as AI and machine learning, there remains an optimism that new techniques of fraud-prevention will become viable for widespread use.

As it stands, digital fraud takes place in a tumult of data flows and is often hard to notice without established infrastructures in place. More agile solutions are emerging that will be available to new fintech players as well as large banks – these centre around Machine Learning and AI. We are currently seeing developments in this sector which are facilitating the detection of fraud through the analysis of large datasets – effectively finding the 'needle in the haystack' i.e small pockets of irregular activity in an ocean of legitimate transactions.

In a highly developed form, this could even take place on a predictive basis – catching and correcting fraud before the customer is even aware of it.

Whatever comes of PSD2 in terms of consumer choice and market innovation is likely to overshadow the somewhat grey topic of fraud prevention. However, to those who take an interest in this area, a fortunate by-product of PSD2 will be a far greater spotlight on anti-fraud measures. We will likely see technological innovation alongside new payments services that will tackle the issue in new and inventive ways.