The Clearsale Blog

How open banking opens the door for fraud

How open banking opens the door for fraud

Open banking has long been championed by some in the finance industry as a windfall for consumers, but there's another party quietly cheering it on from the shadows: fraudsters.

As a result of the “seismic shift” open banking promises, consumers and third parties will now have greater access to personal banking data — and they won’t be the only ones. Cyber criminals, already making big bucks in Australia, may soon find themselves on the doorstep of a data treasure trove. 

A tantalising prospect 

In all honesty, the launch of the open banking pilot project’s so-called seismic shift would have barely registered on the Richter scale. Within days, the federal government was left scrambling to address the inevitable data privacy risks, which have delayed the legislation’s passing. 

This is deeply concerning. Australia is, unfortunately already a prime target for scamsters. More than half a million was siphoned off local consumers by fraudsters throughout 2017. Meanwhile, a more recent study by KMPG revealed that there were 177,000 scam reports in Australia last year, costing Australians half a billion dollars, compared with 85,000 scam reports in the US and Britain combined.

 

What’s more alarming, according to KMPG, is the exponential increase in the volume of scams in Australia, compared with the rest of the world. Although spurred mainly by Australia’s increasing appetite for the convenience offered by digital payments and online shopping, this should set alarm bells ringing at a time when Australia is preparing to open the floodgates on data sharing.

So how exactly does open banking work? Essentially, banking product data can be shared by way of an application programming interface (API), the method by which apps and websites communicate with one another. In theory, the move will empower consumers to switch providers more easily. Over time, it is expected to encompass all sectors, from telecommunications, internet, and energy.

But as more data flies through the digital ecosystem, inevitably there is a heightened scope for breaches, frauds and scams. With millions of customers’ priceless data going through APIs, cyber criminals are looking at a tantalising new attack surface. The recent attack on Australian property valuer LandMark White, which occurred via an exposed API, demonstrated the need for cyber security vigilance in this relatively up-and-coming area of computing. 

Unauthorised access to that data has the potential to cause unmitigated harm to Australian consumers and businesses, either via large-scale fraud and use in a crippling ransomware attack. These are risks of which all parties need to be aware and prepared. 

Pure scale

Granted, the federal government has taken steps to address the threats it faces, both in terms of fraud and cyber protection. The notifiable data breach scheme now forces organisations to notify individuals and the Office of the Australian Information Commissioner (OAIC) in the event of a significant data cyber breach. A consultation is meanwhile underway to help resolve the epidemic of online transaction fraud. 

But fraud protection in the digital transaction landscape was never going to be an easy task. As payment services are increasingly digitised, it is more natural and more common than ever to use financial service platforms without interacting with another human being. And, as more services become digitalised and fraud becomes more sophisticated, regulation can only go so far, and solutions have to evolve to keep pace. A business needs to be able to go beyond the obvious; spot and flag separate data points, which together may point to fraudulent behaviour. 

Machine learning alone could mark fraudulent transactions as safe if they seem to come from existing or previous customers who may have had their data stolen. That’s why human intuition is also required. But as the number of online payments grows exponentially, machine learning must be brought in to deal with the pure scale of transactions within a modern business.

Nevertheless, while these risks should remain top-of-mind for business leaders, that is not to say they should close the door shut entirely on open banking. When finally rolled out in full on 1 February 2020, it will present a wealth of opportunity and benefits across customer services, visibility, competition and frictionless transacting. 

It has been a long-time coming for Australia. Already overseas markets are well ahead in terms of adoption, through legislation in the UK and organic growth in the US. PSD2 meanwhile opened the floodgates across the European Union. Australia and the business community are in a prime position to learn from overseas examples, lay the foundations correctly now and ultimately embrace a healthy new ecosystem without fear of attack.

 

Original article at: https://www.fintechbusiness.com/blogs/1472-cybercriminals-to-embrace-open-banking

You may also like

ClearSale Wins Comparably Awards for Best Work-Life Balance and Happiest Employees

ClearSale Wins Comparably Awards for Best Work-Life Balance and Happiest Employees

Fraud protection leader recognized by career site for a second time this year

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

ClearSale Becomes Shopify Plus Certified App Program Partner

ClearSale Becomes Shopify Plus Certified App Program Partner

The fraud protection leader has been selected as a premier app provider for the highly regarded commerce platform.

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover fraud is a huge problem, but most US consumers don’t know about it. Only 36% of US consumers say they are familiar with account hijacking fraud, even though it’s one of the..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog