The future of payment systems: threats and risks
Season 1 Episode 3
Transcript
Juan José Ríos (host)
Hello, how are you? Welcome to another interesting and exciting Financial Insurance World, the Monitor Plus podcast. I'm Juan José Ríos. Joining this dialogue you will hear from Giovanni Castellanos, Mario Aber and Martha Leuro Villamarin. Thank you for joining this conversation.
This time we will talk about the future of payment methods, their threats and opportunities, the role that cards will play in the era of digital payments, the health crisis and the entry of new players into the ecosystem. And we will learn from the experts how to protect yourself. Well, if you like, let's review a couple of concepts.
Let's define card. It is a means of payment, debit or credit, which allows purchases of goods and services through affiliated merchants in its different channels. This can be face-to-face or non-face-to-face. Recurring payments The debit card is associated with a savings or checking account at a financial institution. The credit card is associated with a credit limit or quota granted by a financial institution, large technology and Fintech companies, retail or private brands.
E-commerce, also known as online sales, is the commercialization of goods and services through electronic means. In this case, the Internet is used as the main medium of exchange.
According to the report on the impact of Covid-19 on online sales prepared by the Mexican Association of Online Sales, five out of ten companies are doubling their growth on the Internet. Likewise, two out of 10 are registering higher growth. Listen to 300% in online business volume. How are you, Giovanni?
Giovanni Castellanos
Hi Juan José, how are you? It's nice to be back here on this Financial World podcast, for sure. Notice that Juan Jose, regarding your introduction, there is an interesting topic about the Covid-19 crisis has unleashed, well obviously worldwide, but specifically in the financial world. This has led to online sales purchases definitely being a great alternative for buyers and sellers. Clearly. There is a study by an institution called We Are Social.
It says that 43% of the world's Internet users spend more time shopping online and that the typical products in demand today are food. Everything, everyone is ordering food online, followed by household products, personal hygiene and fashion. Let's say it's by month any of those listed in this We Are Social study and looking closely at the Latin American Amazon market. Topics such as Mercado Libre, eBay, Rappi have registered a growth, as we have learned about 52% and that 31% globally.
This way of buying goods and services is definitely here to stay. We have evolved and we have adapted this new, this new modality. So it is worth highlighting. I think that in the pandemic has accelerated the increase of digital payments and that for the case of e-commerce, for example, the great protagonist of the debit or credit card. Undoubtedly it is within the means of payment that are made. The great protagonist of this, therefore, the industry as such is not an interesting topic to discuss today.
Juan José Ríos
So it is Giovanny and we have really seen as you mentioned, a big growth of the Marketplace in the last 7 months or so and they will continue to do so in the short term, as they are very useful to hone in on the new demand. The negative and it has to be mentioned is that you don't control your data and then there is also a pro and a con, but there are other brands that have adopted a direct-to-consumer strategy, as Coulter said in a participation in a Retail Day now today is with us from Argentina Mario Aded to talk to him about how he sees the future.
Mario and the transformation of risks and threats of card payment methods. And how to protect yourself? But who is Mario? Mario has a degree in Management, with experience in the financial and payment markets. He has extensive knowledge of transactional and corporate risk management. Applied to new technologies and oriented to mitigate fraud losses, improving management processes with more than 30 years of experience in the payment industry, leading large-scale projects in Argentina, Uruguay, Colombia, Peru, Chile, Panama, among others.
He is currently at T. I.C.N. as Risk Manager, providing consulting services to clients such as banks, Fintech, payment processors, payment aggregators and large retailers throughout the region. We are also joined by Martha Leuro Villamarin, Vice President of Customer Success and Consulting at Plus Technologies, an expert in fraud prevention with more than 25 years of experience in the financial sector. She is a specialist in operational payment processes, risk management, regulatory compliance and implementation of management models and fraud prevention and risk management to address digital transformation, among others.
Speaker at high-level events, sharing best practices internationally, as well as consultant seeking to align strategy, processes and people against financial crime. He was a senior member of the Security Committees of Visa, Colombian Banking Association. So we welcome both Mario. And also Marta. How are you? Welcome.
Mario Aber
Thank you very much. Juan José, for your introduction and presentation. It is a pleasure for me to participate in this meeting and I am very grateful for this invitation.
Martha Leuro Villamarin
Hello, good morning, Juan José, Giovanny, Mario, welcome, it is a pleasure for me to share experiences and on this day with a person of your trajectory and knowledge.
Giovanni Castellanos
Well, I would like to welcome both Marta and Mario. It is a pleasure to have you both here, actually talking a little bit with Juan José. Outside the microphones on the subject of the Covid-19 health crisis, how it accelerated the adoption of digital banking, allowing financial institutions to continue providing their services based on the digitalization they have been working on for years and positioning it as the new banking, the banking of the future. And that leads me to rethink a little bit. And I would like to discuss this with you and it leads me to think a little about the future of cards, which are today the main players in the payment ecosystem.
Given the convenience, there is no doubt that users are involved in this means of payment and well, its different forms that have been derived as mobile payments. This ease of buying goods and services without leaving home is a great advantage for the user and we know that there are great advantages, but with this also come great responsibilities. And undoubtedly threats. So I would like us to share a little bit about Mario, what have you heard? What do you see in the future of cards as a means of payment?
Mario Aber
Well, Giovanni, I fully agree with what you are saying. Cards were the main protagonists of the crisis that has occurred with the confinement and I am convinced that we are going to have them for a long time to come. I am going to share with you some data from the Argentine Chamber of Electronic Commerce. So that you can see what has happened here in Argentina with respect to credit cards. The growth of invoicing grew by 106 %. That is to say, this with respect to the previous year. With respect to the number of units sold, more than 63 % was growth. And this is a very important fact that I am going to tell you now, 8 out of 10 transactions were made from mobile devices. So this is showing us how the customer is migrating and how the customer is looking at the convenience of the mobile device and perhaps leaving behind the PC computers, no.
And with respect to credit cards, 86% of the transactions were made with credit and debit cards. This shows us the importance of the credit card and that it will continue to operate in the market. Now, perhaps we are no longer talking about how we saw it before, its use is going to migrate and change. This is taking us to what is the card not present and we are seeing it in transactions such as virtual wallets, mobile payments.
Although the customer sees a device and through it makes a transaction, what is always behind that device there is a credit card, there is a number that is associated to that device, I can do it from a cell phone, a watch, a bracelet, but it will always be associated to a credit card.
Martha Leuro Villamarin
I agree with you, Mario, I really agree that we are going to have cards for a long time yet. So far this change of digital banking and cards and the way we are making purchases is very evident for cardholders and customers.
We as card users already perceive this change, but what is happening in banking? What is happening in the payments ecosystem? both in banking and in the payments ecosystem. The processes are still the same processes we saw when we started implementing cards. They have not been digitized and even a lot of those processes are still manual. So, what I really think we have to start looking inside the banking and the ecosystems themselves.
If we really want to have this digital banking and this banking of the future and all these types of ecosystems and new truly digital factors, then we have to start by changing even within each of the entities. The BackOffice: How does this BackOffice operate? On the other hand, mobile wallets, transfers and all these types of payment methods. They still do not have interoperability between countries. It is still very local, they even have to go beyond the limits of the same entity.
Today we still see that through the mobile wallet, if I suddenly need to withdraw cash, I have to go to the same bank that issued the wallet. I cannot go to another bank to withdraw cash, let alone in other countries.
So that is one of the issues that we have to start working on. And it is how we can have that global interoperability. On the other hand, the dependence on digital banking today, on the Internet and cellular data in countries, especially in Latin America, which is one of the most challenging issues for banking, and which does not depend on banking, is the infrastructure that each country has. The connectivity issue is there, the topography of many of our countries.
In my own country, Colombia, there are places where, definitely because of the mountain ranges, sometimes you can't get a signal because we need much more infrastructure, more antennas, things, infrastructure so that we can really have that connectivity. When we are in such a situation, we have no choice but to take out the card. So it, even the physical card, for me is still like the contingency when I don't have data. I think all of us at some point in our lives have been forced to use it.
I want to be digital and already make my purchase, but I ran out of battery or I have no data and the only one I have to defend myself is the card.
I think that contactless cards are going to become more and more popular, because indeed, even with the crisis, the isolation in which we have all been, we would not want to touch with our hand something that someone else has touched. Well, physical contactless cards are definitely the ones that are going to start to gain a little more prominence because I no longer want to hand over my card if I don't put it on it and bring it to the point of sale and that's it.
So I think I completely agree with you Mario, and according to what Giovanni mentioned, really the health crisis led us to overcome and online shopping was gaining. A great prominence and growing in numbers as they have been. But even when the crisis has passed, it has not been reversed. Cities where we do not have connectivity problems, will surely continue to gain more prominence, but we must think of all territories and in all areas.
Mario Aber
Yes, yes, I agree with what you say, Marta. And I take this point you indicate, eh.
The process has not yet been solved by digital banking, especially here in Latin America, where there are regulatory and infrastructure issues, as you mentioned. And that they do not allow this transactionality in a secure way and that also in some cases we must depend on that physical card. In Europe, where they are more advanced. Yes, they have implemented PSD2 there. Yes, to solve this interoperability and security issue. But well, here in Latin America we are still in the process and it will take some time.
This indicates that the physical credit card will continue to operate in our market. On the other hand, what I also see with respect to this economic crisis and the confinement, if people are using it, customers are using their credit limit or credit quota to meet their needs. So financial entities also have to focus and be attentive to the behavior of customers, first to prevent them from running out of quota and second, to see if they are exceeding it and not using it and it ends up in a default or in a possible fraud and risk that these entities may have.
Giovanni Castellanos
Note, Mario, that you have touched on one of the points that most concern card users, banks in general. It seems to me that all the payment systems and one of the challenges you mentioned is PSD2, which is one of the regulations that came into force last year in Europe and which is clearly much more advanced in that sense and is precisely to provide greater security when making globalized payments. Because in the end, what PSD2 seeks is precisely that the banking system is open to any type of business, especially because of all this growth of Fintech.
And regardless of the origin of the country, security must be a key and determining factor when making a payment with a card, whether in the present world or the present. Now the question is, is the bank prepared to face the risks given by the exponential growth of the online purchase transaction that this new normality has brought us. What do you think Mario?
Mario Aber
Giovanny, you have mentioned an issue that is of immense concern to the financial system in general. While there are many years of experience in banking, where they are aware of the traditional risks and to a greater or lesser extent are prepared to mitigate it. If the fraud models are based on types of fraud that existed and will surely continue to exist, card theft, forgery of the practical, the theft of information and both the present and non-present environment, for example.
These models take years of learning and analyze customer behavior, build their transactional profile and this was very efficient for this type of fraud. But the big challenge for financial institutions now and going forward are the threats that are going to arise from this exponential growth of digital shopping or online shopping. As you mention, fraud has migrated. If it is as we like to say, those of us who are at risk, yes, and because fraud continually migrates and the fraudster will always be looking elsewhere to try to breach systems.
If the fraudster is going to look to make purchases, he is simulating the customer's behavior and this makes the fraudster's models inefficient. They know that on the other side there is a whole team and all the tools that are monitoring them and that were prepared to detect it. So what they are going to look for is to try to breach, yes, and on the other hand, what we are seeing and what has changed a lot. Fraud is the theft of information that used to be carried out directly from a customer's information in a store or what was called as a point of compromise with a phone call.
Yes, they also got information from phishing and yes this will continue to exist because they do not discard anything.
Yes, but now there are also attacks on the servers of large banking companies, where they obtain large amounts of credit cards, demographic data and even bank accounts that are then sold and used to commit this type of crime. Today, all this is very big and we must be alert to this type of attack. This is what we see from the consulting firm. If with some of the clients we have had the opportunity to provide our service, traditional banks are generally very well prepared to mitigate fraud, since they have the structure and infrastructure and processes, but they do have the challenge of updating their methodologies and tools.
The new reality is precisely what I mentioned above. Now, in the case of new players entering the market such as Fintech, mobile wallets. To give some examples. In general. They set a large part of the risk for later if, and this leads them to have to go out shortly to seek solutions and advice, because they suffered an attack in the first days of going into production with their products. The positive thing about these financial institutions is that they understand and adapt quickly to generate a fraud prevention model.
Juan José Ríos
This is a very interesting conversation, this dialogue with these experts who are with us today, who highlight the risks that cards face today with all this digital transformation, not only to solve, for example, the already known fraud risks, but also to face the risks of digital banking and cyber threats. In this context, what are the recommendations for card issuers' security and fraud leaders?
Martha Leuro Villamarin
Well, actually, I think the recommendation here is that, uh, it is for the organizations, for all those who are part of the payment ecosystem. We are all responsible for fraud prevention, risk mitigation and proper security management of these types of risks.
The big mistake we have always been making is that there is a person in charge, there is a security leader, there is a risk leader, there is a fraud leader, or what is worse, we appoint one for everything. For these three: security, risk and fraud, and that the organization places in them absolutely all the commitment so that they are the ones who come to defend it. And we really need to realize that we are all responsible, including customers and entities responsible for mitigating fraud.
On the other hand, customers are looking for convenient, correct, agile, innovative and innovative financial transactions, but at the same time secure, which means that the customer will be in the entity that generates the most confidence. Fraud and security risk management must involve the entire organization. It is important to involve these areas of security, fraud and risk from the moment the idea is conceived and throughout the product development and production cycle.
This will undoubtedly allow organizations to see the risks to which they may be exposed and begin to mitigate them. There is not going to be an opportunity offered to the offender that he does not take advantage of and, as Mario said. Surely when we start to have these types of losses we act very quickly and we stop and manage to stop the fraud. But customer confidence has already been lost and cannot be regained.
Finally, it is important that we educate customers and end users. They are the weakest link in this chain. Entities, both financial and large technology companies, Fintech and the entire payments ecosystem, invest a lot of money in seeing how to protect themselves. And it is really very sad to see that after this kind of very important investments in organizations. Simply because the customer was deceived by ignorance, many times he/she gives the information and in the same way the fraud happens.
So it is important. We should not be afraid to talk about the risks. Just as nowadays, when someone is going to ask us for a loan, we inform them about the rates, the default rates, how often the payment date is, etc. That kind of information about the product of the benefits that they acquire by having the products. In the same way we should inform them about the risks and how to mitigate them. And for fraud leaders, what would I tell them? Well, to really have a holistic view that allows them to see the source of the fraud.
I cannot think of fighting something if I do not see the origin, if I do not see where it is coming from, so it is important to have an integral vision. On the other hand, to counteract and minimize fraud, we must have technologies, machine learning, automatic learning, cover all the channels, the products and all the dependencies that are part of these channels. And these services must work together so that they can effectively avoid these losses.
Finally, I would say to identify those stakeholders, those areas that have suddenly, more and interaction from the point of view like security, business, human resources, risks and make them part of the fraud strategy.
I believe that organizations need to collectively recognize and understand these perspectives and, of course, if they can work from the point that they have the customer experience in common, they will surely have better results.
Mario Aber
It is interesting what you say, Marta. Yes, because fraud prevention must accompany the business.
It should not be seen as an obstacle within the business, but as an investment that avoids losses. Another important point is the emergence of new payment methods. It will lead to the disuse of the physical card, transforming or materializing in its form and at the same time it will inherit the risks of each of these methods, which is why it is important to have specialized tools for each of these types of fraud or fraud patterns.
A single solution that looks at only one type of fraud or control is no longer sufficient. Why? Because they are oriented to what that physical card was and there to what that entailed. But now other types of fraud are going to appear.
You are not going to stop doing the old fraud or adjust to this new one. These solutions must be integrated into a single tool that allows you to have a 360-degree view and proper management by the fraud prevention team. From these financial institutions we must facilitate the management in an efficient integration of solutions in order to facilitate decision making by fraud engines and analysts who must resolve these alerts that reach them in seconds.
That the league cannot finish two or three or four tools to make a decision. Everything has to reach the same channel and from there make the decision. That's why the tools have to be prepared to receive from different channels and from different sources.
Another aspect that I would also like to mention is that there is no competition in fraud prevention. Or, rather, the competition is the fraudster, not the other entity, but the other bank or finance company. In this sense, organizations must work together to generate links between them. Sharing fraud information is fundamental. It should not be seen as if I am competing with the other, but that I should share. If you must be collaborative in these cases and unite us to attack together.
I will give you an example of what happened here in Argentina a week ago. If the banks issued a joint communication to their customers, warning about virtual scams and giving recommendations to avoid being a victim of fraud, I see this as a great step for the industry. If they want to continue working on sharing fraud information and seeking to mitigate it jointly. Hopefully, hopefully this initiative will continue and allow them to come together to start working together.
This opens up a huge challenge for issuers, acquirers and card processors who have to respond to the digital customer, generating a new experience and at the same time mitigating risks. If it is what Martha was saying a little bit and the whole customer experience, the customer has to have a good experience. I want to close this part by saying that we have to look for a balance between business and risk. That is what success depends on.
Juan José Ríos
Very good. Today we were talking about the future of means of payment, its threats and opportunities. We have reached the point of conclusions and in this space I want to highlight that digital cards are going to overtake plastics in this iconic 2020. Plastics, of course, will still be in use, but they will be displaced in the near future. As we have been hearing in this podcast because of digital cards and the increased use of technologies as a method of payment. Moreover, I want to add that, in two years, about 55% of cashless payments will be made with digital cards.
As Marta and Mario said with the famous Wallets or applications and with the user's bank information preloaded. According to Mastercard data, currently 75% of non-cash payments are made with credit or debit card physically and 25% virtually. Of course we have been watching and in this space the conclusions that we will see still a long life of the physical card, we will believe that it is still very convenient and much safer.
However, the digital transformation and how we interact with service providers or businesses has changed radically. Will you agree with me? The growth curve of card-not-present payments is very accelerated. And I share this by the way because it was said in an interview by Eder Almedras, who is the Director of Product Development and Innovations for Mexico and Central America at Mastercard. This trend is fueled then by the wide adoption of smartphones, as you were saying Mario.
The Internet of things as you were saying Giovanni and Fintech and e-commerce companies and on-demand transportation and food services, which was also pointed out by Marta. So, coming then Giovanni, Martha and Mario in conclusions, I listen to them.
Giovanni Castellanos
Well, thank you, Mr. José. I think a little bit to bring the ideas together. Undoubtedly we know that the means of payment are evolving rapidly. The cell phone today has become practically an extension of our body. Therefore, it makes a lot of sense for us to use it as a means of payment. So, that is what is happening in the physical world. In fact, I remember one European country. I'm not. No, I don't remember if it was Sweden.
By the year 2022, cash as such will no longer be issued, because everything will be through a means of payment, either physical like a card or through a device like a cell phone or a smart phone, or a smartwatch or all the devices of the internet of things. Where I can tell Alexa to reorder my groceries and that I want x or y item and she will do absolutely everything for me and place the order and charge it against my account, whether it's debit or credit.
All that is going to happen. So clearly what we experienced this year accelerated the whole process. Now clearly banks also have to protect that in a way, as Mario mentioned, with an integral vision where it is no longer only the card channel, but I have to see where it moves and have that omnichannel vision of the customer, because clearly omnichannel and omni product. Because clearly the customer has more and more products and transaction in different channels and many that we are not even ready for.
And so they may be transactions that are unusual, but at the end of the day, uh, what the customer expects is that his transaction is secure. That is what the customer expects from the financial institution, to use my means of payment and for it to be executed in a secure manner. And that security is what the bank has to provide to the customers so that their experience is really satisfactory, so that they can trust the product and clearly grow it because we know that it is a mutual with mutual convenience.
So that is where we are going. But it is important and I liked Mario's words when he said that clearly risk does not compete with business. On the contrary, risk, everything that is risk management, everything that is fraud prevention, adds value to the business and that is how it should be seen. I have to look for mechanisms through the media, such as the cell phone, so that the client has the capacity to provide security, because in the end that is part of what we like about the device, to have control of things.
Human beings like to have control over things and even more they like to know what is going to happen next. That's the way we are, it's part of our human nature. Therefore, financial institutions have to think that way and look for the technologies and solutions that will provide that peace of mind to the customer and allow the means of payment to evolve in the way we all want it to evolve. I don't know what Mario and Martha, please. In conclusion.
Mario Aber
Well Giovanni and I fully share what I was saying. The digital transformation accelerated. I think it was expected for a year a few years ahead.
But well, all this confinement and pandemic, made it accelerate, the world evolves, everything evolves. Digital payments also evolve and must accompany this evolution. I also fully share what you were saying about customer experience.
Here the important thing is that the customer has a good experience. Not only from the functional part of the application or the payment they are making, but also they have to feel that it is a secure purchase, that they are entering their card or their data. Be secure and don't have problems. That's why banks must adjust everything related to fraud prevention and be one step ahead. It is essential to be one step ahead. There are many solutions in the market and I think they should always look for them.
Fraud monitoring was done by issuers or acquirers. Well, today that has changed and even evolved because today the monitoring is also done by payment aggregators and merchants.
We are also asking our customers to help us with the education we are giving them, so today we are facing different focuses in order to be able to identify the risk.
And that is how it should be, but we must do it without bothering the customer, but rather making them part of something that they feel secure about. I don't want to say much more, but we are in a very fast process of evolution and innovation and we must act quickly.
Martha Leuro Villamarin
Well, I really agree with Mario and Giovanni. In conclusion, we are talking about the permanence of the use of materialized or even still plastic cards. Actually digital banking is a very aggressive bet of banking demanded even by these new digital natives and accelerated by the isolation of the health crisis.
However, I would like to be like a Pareto with this health crisis us towards the beginning of the year. In January we were looking at what was going on in China and I think we were all looking over the shoulder, but all the countries were looking at how to be the shoulder and what's going on. Look, there was even jokes about, what was going on and how long it took. Really this will come to our countries. It wasn't years, I don't think it was even months. It took as long as a flight of a contaminated person in another country.
When we arrived in our country, the delay was that in March we started to talk about America. Argentina had its first contagion on March 4. Colombia had its first contagion on March 6 and from then on they started and started and started. We do not really learn from what happens with others and I clearly agree with Mario because we do not share the bad things or above all the solutions we put on the bad things, on those events that generate a detriment in this case of health and in the issue of fraud to the detriment of income.
Why don't we share them? Definitely if we started sharing that kind of information, if we would have started from a health standpoint to take action. When it is starting in China, the pandemic would surely have hit us much less hard or would not have hit us at all. And in fraud, exactly the same thing happens to us when something happens to me as a financial entity, nobody knows when it is happening to someone else, or it is happening to the other or it is happening in another country, it is happening in Argentina or it is happening in Guatemala, but we do not think that what is really happening to them is happening to us and how long it lasts, how long it is going to last.
Well, nothing, it is simply that the criminal says that he has already found a vulnerability in this country with this bank and simply attacks us. So I think that definitely for me one of the main conclusions is that, if we want to be successful in fraud prevention issues, we must use the right tools. Experts in that, since they have already worked on this issue, but also to share information, to be able to have that information for the benefit of absolutely everyone and to orchestrate all that series of tools that are available to be able to manage them in a better way.
Thank you very much.
Juan José Ríos
Well we come thus to the end of another interesting and exciting financial world, for sure the Monitor Plus podcast, in conclusions we are at the end of credit cards and cash. How will credit cards be in the future, less plastic, more cloud. The future will undoubtedly be digital and contactless I am Jua José Ríos. See you next time. Thank you for joining this podcast.
