Skip to content

Race against Payment Fraud: Exclusive interview between Ilyas Berraja and The Rapid Show during APIDE 2024

Kate Pelikh Oct 14, 2024 9:15:34 PM

With the rapid expansion of digital payments, cybersecurity has become a critical concern in the financial sector. In an exclusive interview during APIDE 2024, Ilyas Berrajaa, Managing Director Africa at BPC, spoken with Mélanie Benard-Crozat on The Rapid Show about combating payment fraud and the evolving strategies banks are adopting to protect customers and businesses.

We welcome you to read the transcription of the video interview below.

Mélanie Benard-Crozat: Welcome, everyone! I'm delighted to be with you live here in Marrakech at our TV studio for the Rapid Show, which is taking place over two days. Since yesterday, you've been following us as we explore themes like payments, identity, identification, and cybersecurity—extremely important topics. Our various guests are helping us to better understand these current issues on the African continent.

This afternoon, I'd like to discuss the fight against payment fraud—a type of fraud that can threaten not only company finances but also the privacy of citizens and clients. This scourge, manifesting notably through phishing and skimming, amounts to a cost of over $1 billion each year, not to mention identity theft. Combating this requires tools, resources, and, of course, strategies from banks.

To better understand this phenomenon, the tools being implemented, and the strategies adopted by banking institutions, I have the pleasure of welcoming our guest this afternoon, Ilyas Béraja. Thank you, Ilyas, for being with us.

Ilyas Berrajaa: Hello, Mélanie. Thank you for the invitation.

Mélanie Benard-Crozat: We're thrilled to have you with us. You'll help us better understand what's happening in terms of banking fraud and especially the fight against it. I should remind our viewers that you are the Managing Director Africa of BPC.

Perhaps we can start by helping our audience better understand what we mean when we talk about payment fraud and banking fraud. Do we have current figures to grasp the extent of this issue?

Ilyas Berrajaa: Yes, we have some statistics. Today, it's estimated that there are over $34 billion in annual losses worldwide due to payment fraud. And when we talk about payment fraud, it's not just fraud affecting individuals but also companies. Unfortunately, we see that this figure is increasing year by year by 20 to 30%, which is very concerning.

This affects the banking sector, which is quite sensitive. Statistics show that when a financial institution is hit by a fraud case, one out of two bank customers no longer trusts the institution as they did before. Today, fraud cases are no longer just carried out by ill-intentioned individuals but are automated through software that launches attacks.

For example, 80% of bank card frauds are due to phishing. Phishing involves a fake page that looks like your bank's website, asking you to enter your banking details, which are then captured. These attacks are so automated and launched by robots that it's estimated there are 1.5 billion phishing attacks per day targeting bank cards. It's quite a worrying figure.

Mélanie Benard-Crozat : Do these figures concern the global landscape or specifically the African continent?

Ilyas Berrajaa: For Africa, we don't have precise figures yet, unfortunately. Even when fraud occurs, financial institutions often don't disclose the amounts involved, so it's difficult to have accurate data on this matter.

Mélanie: You mentioned automation. Is that what explains the increasing figures? You spoke of this worrying rise—is it precisely this automation that enables it, or are there other factors?

Ilyas: The first factor is the democratization of payment instruments on the African continent. You know, the population isn't very banked, but mobile money is exploding. With mobile money, the number of transactions increases considerably.

Banks were more or less equipped initially to fight against fraud, but as you know, they were prepared to combat fraud related to traditional payment instruments like cards. On mobile platforms, it was a good opportunity for financial inclusion, bringing in unbanked individuals. But at the same time, it was a boon for fraudsters to impersonate people's identities, appropriate their payment instruments, and try to retrieve their tokens or confidential codes to conduct fraudulent transactions.

Mélanie: Digitalization indeed increases the attack surface, which cyber-attackers have fully grasped. Obviously, we need to combat this. To face this automation, you need tools that also improve in power and efficiency to respond to increasingly sophisticated threats.

Ilyas: Absolutely. There's the technological aspect, which we'll detail, but there are other equally important facets surrounding this technological pivot. First, there's awareness—both internal awareness within the bank among employees and external awareness among customers.

We see many phishing attacks that come through social engineering. Customers receive phone calls pretending to be from their bank, asking them to provide confidential information. So, we must educate customers not to share such information, how to use their payment instruments safely, how to protect them, and so on.

Following that, there's the technological aspect. Today, we have highly advanced technologies—enterprise solutions that can consume all transaction flows and score them to identify if transactions are fraudulent.

To simplify, today's bank operates on an omnichannel basis. You have the branch, ATMs, POS terminals, payment instruments like wallets and cards, etc. You need a 360-degree view across all channels. If fraud occurs on one channel, an alert should be generated across all channels.

You must have fraud rules or controls per channel because the way fraud occurs on the mobile channel is very different from how it happens on physical channels like ATMs or POS terminals. So, you need a fraud solution or technology that allows for this flexibility of configuration in an omnichannel environment.

Mélanie: In addition to awareness and technology, what else is essential in combating fraud?

Ilyas: There's also the expertise within the bank. Fraudsters evolve, fraud cases develop, and methodologies differ. So today, we must also develop internal expertise to manage these highly advanced tools.

When I say expertise, I mean that each banking product is susceptible to fraud. We need to assess the risk associated with each product and, based on that, determine our risk appetite—deciding how much risk we're willing to take when offering a product, to what extent we can go, and so on. Then, we configure the information system to counteract this fraud.

Mélanie: With the rise in payment fraud, what strategies are banks implementing or should they implement?

Ilyas: The first challenge is indeed technological. Delivery channels are accelerating rapidly, and users are increasing exponentially. Meanwhile, banks' internal systems remain traditional. Over the years, multiple systems have been layered on top of each other, becoming heavy and less agile, making them difficult to transform and integrate with fraud solutions.

Therefore, we need a flexible technological architecture that can incorporate a layer to counter fraud across different channels. When we talk about fraud, we often focus on external fraud against the bank. But statistics show that whenever there's external fraud, there's often internal complicity from bank employees.

We need a 360-degree solution that can also detect what's called "Know Your Employee" (KYE)—monitoring what employees are doing, the types of transactions. There are certain types of internal fraud, like daily micro-transactions, dormant accounts, or banking transactions between different bank employees.

Of course, we're not suggesting that all employees are involved, but this fraud solution allows us to monitor all these aspects. So, it's a global approach that's absolutely necessary—transversal, to address all dimensions and actors.

Mélanie: The regulatory framework is obviously important. Is this framework at the national level, or are there international standards that allow for harmonization?

Ilyas: Exactly. In terms of regulation, the local regulator—the central bank of each country or regional central banks—generally mandates having information systems to combat fraud. There are also international standards being implemented, not specifically linked to fraud but to the payment domain, which enhance the effectiveness of fighting fraud.

We've discussed during several panels here about ISO 20022. It's an international standard towards which all payment methods are converging. We're migrating from traditional systems to these new systems. ISO 20022 allows for the transmission of information we didn't have before, so we can use these parameters to effectively combat fraud.

Mélanie: In this fight, you have another asset: artificial intelligence. We can't ignore it. How are you using it? How can it strengthen the fight against payment fraud and thus protect both companies and customers?

Ilyas: Artificial intelligence (AI) is indeed a hot topic today. At BPC, we integrated AI into our fraud solution very early on—about seven or eight years ago. It's a very mature technology. AI allows us to detect anomalies or consume data flows that humans aren't capable of handling. We can't manage quantities of data involving millions of pieces of information.

AI helps us find patterns in fraudulent transactions to counter such fraud in the future. This is what's called behavioral fraud detection. There are merchants who suddenly change their behavior; AI can detect this kind of anomaly. Customers, too—their behaviors can be monitored.

We've now moved to an even higher level. Generally, fraud management systems have rules set by humans on the platform. If I receive a transaction with certain parameters, I might suspect it's fraudulent and take action to reject or block the transaction.

But humans setting these rules might miss certain patterns, or fraudsters might move to the next level, rendering existing rules ineffective. AI allows us to analyze data and even generate or propose new rules to counter such fraud cases in the future.

Mélanie: Well, Ilyas Béraja, thank you for being with us. It's a pleasure to have you on our show.

Ilyas: Thank you for the invitation.

Mélanie: Thank you very much for helping us better understand and decipher how to fight banking fraud. You've concluded our discussion with insights on artificial intelligence, which I believe is almost the central theme of this edition.

I invite all our viewers to stay with us, continue following us, and explore the opportunities that artificial intelligence presents in serving governments. That's our next debate here, live in Marrakech, on Rapid TV. Thank you for watching. Stay connected; I'll be right back.

 

Learn more about Payment Fraud and who are the Fraudsters of 2024 by reading our fresh guide.

Guide - The Anatomy of the New Fraudster - BPC - 2024_cover