Deep Dive: Why Data Protection Is The Next Great Open Banking Battleground

Fraudsters took immediate advantage of the COVID-19 pandemic, banking on overwhelmed servers, staff and consumer vulnerability to target everything from eCommerce purchases to government-supported relief programs. A recent study found that 32 percent of U.S. online customers have been targeted by COVID-19-related fraud, with phishing scams emerging as the top way these bad actors are attempting to gain access to their victims’ personal data. Fraudsters perpetrate their schemes by pretending to be brands or trusted officials to get vulnerable customers to give up sensitive details such as their email addresses and passwords or their bank account and credit card numbers.

The jump in online fraud represents a growing problem for both merchants and banks as well as the regulators tasked with monitoring digital transactions. Many financial authorities — notably in the U.K. and the U.S. — are still debating how these rules should be designed to authenticate both customers and digital payments. The following Deep Dive examines not only how fraud is rising and why changing customer needs are impacting this but also how regulators must factor in these changes to make sure their proposed data protection regulations can safeguard consumers and merchants.

New Payment Trends And The Growing Costs Of Fraud 

Examining why crafting robust authentication and data protection rules has become more essential during the pandemic means taking a broader look at how fraud has evolved. Both fraudsters and regulators are responding to consumers’ and merchants’ payment needs, which dramatically shifted nearly overnight. In the U.K., eCommerce purchases steadily increased from March through May, for example, and many of these customers also changed how and where they were making these transactions, leaving merchants to have to keep pace. Consumers translated their worries about traditional payment methods like cash and cards into an increased use of contactless payments and mobile wallets, even in markets like the U.S., where these methods have struggled to gain ground. One study found that 38 percent of consumers now view contactless as a key feature for making payments — an increase from the 30 percent who felt the same in 2019.

Moves to newer payment methods and an increased reliance on digital shopping channels also came with a rush of fraud as merchants and their payment providers attempted to satisfy these new consumer needs, however. One March report noted consumers were spending between 10 percent and 30 percent more online than they did prior to the pandemic. The number of scams and fraud attempts on online channels has grown during the crisis, with fraudsters trying everything from identity theft to faking insurance paperwork to trumping up false products proclaiming to cure or ease the symptoms of the COVID-19 virus — and online merchants are stuck bearing the cost. One study found that 21 percent of COVID-19-related fraud schemes involve bad actors pretending to be third-party sellers on digital marketplaces, for example, driving up costs in both lost revenue and security measures to keep these fraudsters out. Another report found that U.S. eCommerce merchants are now fending off an average of 344 fraud attempts each month, compared to an average of 277 monthly attempts in 2019. The average cost of fraud for these merchants has grown 7.3 percent from last year as well.

This represents a pressing problem in many markets as merchants are already struggling to keep customers loyal and to hit target revenues while the pandemic creates financial difficulties. These fraud figures also come at a time when the financial authorities in the EU, the U.K. and the U.S. are all contemplating changes to the way they treat online payments and open banking. This includes the upcoming SCA rule in the EU and the U.K. as well as the expansion of security regulations in California, among other U.S. states. Making sure that the rules enacted in these areas to regulate online transactions and customer authentication are responsive to recent fraud trends is critical to the continued spread of open banking as well as to the safety of both consumers and merchants.

The Open Banking Challenge And Solution 

The conversation surrounding online security and data privacy has ramped up in recent years, reaching new heights as the pandemic drives more consumers to digital payments. Online security and privacy concerns have led to intense discussions in the U.S. Senate, for example, and resulted in recent recommendations from U.K. Finance on how to best implement SCA in that market.

Regulators in both markets have taken steps to respond to the pandemic’s impact on their businesses and customers. The U.K. has pushed its deadline for SCA implementation to Sept. 14, 2021, trailing behind the Dec. 31, 2020, deadline for EU merchants as both markets contemplate pandemic-induced changes to the financial industry. U.S. Senate members proposed an online privacy bill in May that is still making the regulatory rounds as well. These initial moves show that regulators are taking the shifts to online shopping and online privacy threats seriously, but they also show that more work is needed. U.S. lawmakers have yet to decide on passing the May bill, for example, and U.K. banks and merchants still have lingering questions on exactly how SCA requirements will work and if they will truly protect against the fraud that is steadily growing in their online channels.

Regulators and financial industry players, therefore, have both a challenge and an opportunity ahead of them when it comes to open banking and privacy rules. It is clear that online payments will come to represent a larger share of consumer and merchant transactions over the coming years, and it is equally apparent that online privacy is paramount to that growth. How regulators respond to ensure merchants and consumers can transact quickly and easily on these channels is thus crucial to the future of open banking.

Join the Discussion

Your email address will not be published. Required fields are marked *

Back to top