Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. ID Systems & Services in Fraud Prevention

Industry roundup: 21 January

Federal Reserve studies the digital dollar but makes no commitments.

The Federal Reserve released the digital dollar survey, which investigated the details of controversial topics and solicited public comments. The 40-page report, Money and Payments: The U.S. Dollar in the Age of Digital Transformation - January 2022, described as the first step in the public debate between the Federal Reserve and interested parties on central bank digital currencies (CBDC), avoids conclusions about CBDCs. The report was originally scheduled for the summer of 2021 but was postponed.

The report provides a comprehensive overview of benefits such as accelerating electronic payment systems when financial transactions around the world are already highly digitized. Some of the shortcomings described in the report are risks to financial stability and privacy protection while protecting against fraud and other illegal issues. In addition, CBDC could radically change the structure of the US financial system and change the roles and responsibilities of the private sector and central banks, according to the report.

The main difference between the Fed’s dollar and other digital transactions is that the current digital money is a liability of commercial banks, while the CBDC would be a liability of the Fed. In particular, this means that the Fed will not pay interest on the money it saves, but some depositors may prefer to deposit money in a central bank because there is no risk.

The Federal Reserve states that the report is the first step in a long process, but there is no timeline as to when it will be completed. The checklist contains twenty-two different items seeking public feedback, a 120-day comment period. The Fed's first analysis suggests that a potential U.S. CBDC would best meet the U.S. needs by “being privacy-protected, intermediated, widely transferable, and identity-verified.” However, according to the report, there is no intention to advance certain policy outcomes, and it does not take a definitive position on the interest of the digital dollar.

The Fed recognized some notable benefits: the speed of a Fed-managed system and providing financial services to the unbanked. The pandemic is an example where stimulus payments can be sent to individuals quickly. However, the Fed is in the development stages of building a “24/7 payment and settlement service" called FedNow, which will be online in 2023. According to the report, the introduction of the CBDC will represent a highly significant change in US currency. Therefore, extensive consultation between the general public and key stakeholders is vital.

The Federal Reserve paper states that all comments from all stakeholders are welcomed. Additionally, the Federal Reserve will also conduct targeted outreach and convene public forums to foster a broad dialogue about CBDC. The Federal Reserve requests responses to questions by May 20, 2022, using this form at Federal Reserve Board - Central Bank Digital Currency (CBDC) Feedback Form.

HSBC announces the first multi-currency digital wallet for small businesses in Malaysia

HSBC Malaysia launched the first multi-currency digital wallet, the HSBC Global Wallet, in Malaysia. This enables small and medium-sized enterprises (SMEs) to easily and securely make and receive international payments from a single global account. Fully integrated with HSBC's existing business banking platform, HSBCnet, the Global Wallet leverages the bank's global payments network to enable SMEs to pay and receive locally. Global Wallet significantly reduces the time it takes to send money to international recipients, eliminating the need for companies to use third-party providers for international transactions. By establishing a sole banking relationship with HSBC Malaysia, SMEs can send, receive and manage funds in ten currencies.

According to the press release, the restoration of world trade will bring new opportunities for international expansion and growth by further involvement of Malaysian SMEs in the global market. SMEs have been able to broadly expand their base due to the speedy digitization of financial services and growth of e-commerce. However, international payments are complex and costly for SMEs. Shayan Hazir, Head of Global Liquidity and Cash Management, HSBC Malaysia, commented that the Global Wallet solves these problems and challenges of SMEs by enabling quick, secure and seamless trade transactions with suppliers and customers globally in the beneficiary’s currency. At this point, this solution supports ten different currencies including USD, Yen, RMB, SGD and Euro. Additionally, these payment transactions are considered local and are finalized on the same day or the next day.

Below are some of HSBC’s Global Wallet main highlights:

  • Multiple currencies in one place: Ability to save time and effort by viewing, holding and managing different currencies in one location.
  • Trade faster: HSBC Global Wallet enables customers to pay and receive in ten currencies (HKD, USD, JPY, CNY, CHF, AUD, CAD, GBP, EUR, SGD) within the same or next day. Gradually, more currencies will become available.
  • Cost reduction: By minimizing communication charges, SMEs can use HSBC's global payment network to initiate more cost-effective and rapid payments.
  • Strong international operations: HSBC Global Wallet enables customers to view exchange rates and make any needed modifications prior to making a payment and ensuring the correct amount is credited to the recipient's account.

The launch of HSBC Global Wallet solidifies the commitment to expand SMEs' banking capabilities in Malaysia and their potential for international expansion, commented Andrew Sill, MBE Country Head of Commercial Banking, HSBC Malaysia. Leveraging HSBC's deep digital expertise and extensive global network, SMEs will build resilience and trust in the global supply chain while simplifying day-to-day banking operations. Sill further stated that they expect Global Wallet to increase the SME customer base by 25% in the first year.

The press release stated that HSBC Global Wallet is backed by the trust and security of HSBC's global network of more than 1.3 million commercial banking customers in 53 countries and territories. Additionally, Global Wallets are available in Singapore, United Kingdom and the United States. Furthermore, banks have plans to expand into other markets and new currencies. Sill commented that HSBC will leverage innovation, a combination of human collaboration and new technologies, as the payments environment continues to evolve.

The surge in fraud will force the financial industry to evaluate authentication in 2022

As businesses continue to rely on digital financial services, more security parameters, such as authentication, are critical as financial fraud intensifies at a rapid pace. Financial organizations, new financial technology start-up companies, and third-party providers have debated on better ways to protect sensitive passwords and integrate an expedient multi-factor authentication (MFA) system. Additionally, they expect employees and customers to protect their data and systems against potentially fraudulent activities. However, the sudden transitions to working and banking (such as investment, purchase and financial advice) from home, combined with the pervasive pandemic stress, have led to unexpected tension on digital financial networks, corporate financial systems and individuals using those systems.

According to financial cyber experts, the financial industry seems to be embracing the “new digital finance” by preparing to reduce fraud risk and help improve employee and customer identity management. André Ferraz, founder and CEO, Incognia, a zero-factor authentication provider, commented that authentication factors that rely on users to enter personal information are more vulnerable to social engineering attacks. According to Javelin Strategy and Research, 80% of the losses from U.S. fraud in 2020 were still due to overly effective social engineering fraud, which was further heightened by new fraud automation tools.

Ferraz further added that authentication factors such as passwords, biometrics and SMS-based one-time passwords are extremely vulnerable. According to Incognia's Mobile FinTech Report, 17 of the top 20 financial applications in the United States rely on short message service (SMS) as a secondary element of authentication, and many still rely on passwords as a primary element of authentication. Organizations need to adopt technology that can proactively detect fraud rather than relying on end-user behaviour, according to Ferraz.

Ido Safruti, Co-founder and Chief Technology Officer, PerimiterX, commented that legacy security solutions are intended to prevent account takeover (ATO) attacks by primarily focusing on the login. Additionally, the login process requests credentials, provides CAPTCHAs, and uses multi-factor authentication (MFA) whenever possible to ensure that the correct credentials are used. Account fraud is not that simple, according to Safruti.

These traditional authentication methods have been hampered because validated credentials and account access can be obtained in a way that is not detected by credential protection services, added Safruti. Furthermore, there are many methods used by fraudsters, such as malware that uses access tokens and keystrokes, social engineering, phishing, PII harvesting, or simply buying a list of verified usernames and passwords on the dark web.

With regards to bypassing MFA, Safruti suggested that if the fraudster has the proper credentials, they can often disable the security checks on the MFA login and circumvent that security with malware that steals access tokens. Safruti further commented that once fraudsters gained access to an account, they can misuse it in a variety of ways, such as gaining access to credit card information, changing account details, including shipping information, and using points or credits accumulated in the account.

Jerome Becquart, COO and advisor to financial institutions on identity and access management, Axiad, stated that the financial industry should look deeper into MFA solutions as fraud and security breaches continue to increase. As MFA adoption grows across the financial industry, the next level attack will be account recovery, according to Becquart. These usually rely on weak authentication methods such as passwords and knowledge-based authentication (KBA), such as "What is your mother's maiden's name?

Furthermore, Becquart stated that progressively more financial institutions are considering the implementation of password-less authentication for diverse user populations and all use cases. This method would reduce the complexity and cost of maintaining a variety of authentication solutions for internal user needs, partners and customers.

As financial organizations continue to integrate their MFA and PKI requirements and adopt an authentication platform to meet their specific needs, their financial data will be more secure while reducing fraudulent activities. Additionally, Becquart concluded that financial organizations should leverage new standards, such as Fast Identity Online (FIDO2) and use legacy MFA for the remainder of functions. “Real security will only come once all passwords are retired”, stated Becquart.

Digital technology services gain traction in the Nordic region

Information Services Group (ISG), a global technology research firm, reported that banks in the Nordic region aim to streamline and digitize their financial services, a result from emerging competition from fintechs and the pandemic. The 2021 ISG Provider Lens Digital Banking Services Report for the Nordic region evaluates the capabilities of 22 providers across four quadrants: Core Modernization and Integration Services; Banking Governance, Risk and Compliance Services; Transformational and Digital Banking Services; and Payment and Card Processing Services.

According to the report, banks in the Nordic region are using outsourcing services to upgrade their IT systems and turning to digital technology. Owen Wheatley, lead partner, banking and financial services, ISG, commented that traditional banks are trying to protect their territory by reinventing or transforming their digital model. 90% of the population use cashless transactions and about 95% of households in the Nordic region have internet access, enabling online competitors to gain easy access to banking customers according to the report. As fintechs continue to adopt cashless payment models, many traditional banks, unprepared to transition to digital technologies, are losing revenue at a rapid pace. Additionally, the report shows an increase in demand from banks for third-party integrated services. Nordic banks are looking for IT service providers to offer both off-the-shelf and customizable commercial products. Banks are searching for providers to implement newer technologies such as artificial intelligence (AI), machine learning (ML) and blockchain.

Highlights from the report also indicate that banks desire to use AI and related technologies to provide their customers with hyper-personalized services to increase sales and reduce costs. Due to highly digitized government services, banks in the region realize that their customers are familiar with digital services.

In addition, Nordic banks are in the process of replacing their core legacy platforms, some of which are running on mainframes from the 1980s or 1990s. These mainframe platforms are becoming more complex, with banks layering technologies to incorporate new products and features. The mainframes are migrating towards software-as-a-service platforms and the cloud, as noted in the report. The cloud-native platform supports real-time processing and is offered in a pay-per-use subscription model, making it very cost-effective. Providers are also offering a new approach to core modernization, such as low-code platforms. This development is gaining attention because they enable employees to perform complex tasks and integrations by a point and click instead of writing code. The low-code platform is also integrated with AI and ML capabilities.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.