Despite the mobile channel being an increasingly lucrative one for fraudsters to exploit, efforts to implement watertight authentication are being stymied by a lack of clarity around which party is liable in the event of sensitive data being compromised by hackers. It is time that mobile network operators (MNOs) and banks made a concerted effort to clear up this confusion and enable a positive customer experience to come first.
The battle against fraud is one that is still being fought fiercely, especially as cybercriminals become more savvy in the way they conduct their activities. According to the Information Security Media Group’s 2017 Faces of Fraud survey, 52 per cent of businesses polled stated that today’s fraud schemes are too sophisticated and evolve too quickly for their organisation to keep pace.
For the mobile channel in particular, incidents of ‘SIM Swap’ fraud – which sees criminals steal money from bank accounts by digitally duplicating SIM cards via social engineering – accounted for 11.5 per cent of total mobile fraud in the past year.
These figures underline the importance of multifactor authentication in getting the upper hand in the fight against fraudsters. However, many organisations remain bogged down in debates over liability, which is slowing down the pace of adoption and risking compromising the trust of their customers.
The issue of liability regarding fraud can be something of a minefield. When working with third-party authentication providers to secure the mobile channel for mobile or telephone banking, it can be a challenge to establish clear, consistent lines of accountability in this area. This lack of direction and transparency can hinder the adoption of high-quality authentication which, crucially, creates a greater risk of customer trust being damaged if a data breach strikes.
MNOs and payment services providers, including banks, need to work towards re-evaluating the relationship they have with third-party authentication providers, to a point where a clear understanding is reached on the subject of liability. This means firmly establishing the authentication provider as a partner who provides an essential service along with recommendations on how the company can further improve its security practices, while final liability rests with the company that holds the data.
It is vital that businesses do not lose sight of what is most important when it comes to fraud prevention: maintaining a positive customer experience. This can only be effectively delivered if the organisation in question maintains strong relationships with its authentication partners, and ensures that the boundaries regarding liability are clearly defined. Key to cultivating lasting customer trust is being able to confidently communicate what is being done to keep data safe. If these internal relationships can be effectively managed, this assertive outward persona will come to the fore naturally.