CONTACTLESS payment is growing in popularity, with up to 74 per cent of Malaysian consumers choosing to go cashless and more than two-thirds of Southeast Asian consumers carrying less cash.
Despite the advantages that this method offers, it also opens the door for cybercriminals to steal the consumers' credentials or hack into their electronic devices to commit fraud.
And as the world heads towards a cashless future, this begs the question of how business organisations and financial institutions can safeguard their clients' details and money, besides maintaining their confidence in the system.
SNEAKY TACTICS
There are many ways for cybercriminals to steal data. Hence, the existence of companies and organisations like Jumio Corporation, Tookitaki and the Fido Alliance to keep the menace at bay with their intelligence-gathering, identity and website verification services.
According to Jumio Corporation vice-president of Asia Pacific, Frederic Ho, the common cybercrime tactics are phishing, vishing (voice phishing) and smishing (SMS phishing)
And Tookitaki co-founder and chief operating officer Jeeta Bandopadhyay added social engineering fraud, authorised push payment (APP) fraud, and account and identity theft to the list of threats.
"In social engineering fraud, fraudsters often manipulate individuals into divulging confidential information, and APP fraud happens when fraudsters deceive individuals into sending them a payment under false pretences," said Bandopadhyay.
Fido Alliance executive director Andrew Shikiar said social engineering techniques are normally used in phishing scams to manipulate individuals into doing a certain action on digital payment platforms.
"Even the savviest users can be tricked in a well-designed phishing scam since humans are practically hardwired to fall for such tactics. Once fraudsters break into their victims' accounts, this can lead to identity theft, online fraud, ransomware and many more," he said.
Furthermore, since many companies are adopting biometric approaches like facial recognition, cybercriminals have gotten one step ahead by trying to manipulate the users' photos to access their accounts.
Ho added that the hackers may use photos and videos produced using deepfake technology to spoof the "liveness" detection feature in a facial recognition software.
They may also use synthetic or "Frankenstein" fraud to combine their photos with the victim's personal data to create a fake profile.
"Once they've infiltrated a user's account, the hackers may change the password to completely take over the account or make small money transactions to other accounts without the victim noticing. They can also apply for credit cards for fraudulent purchases and obtain loans with their victims' details," he added.
Now with more consumers preferring to use digital payments and hackers becoming more sophisticated, industries are facing a huge challenge to combat cybercrime.
FIGHTING THE THREAT
To effectively combat identity theft, both businesses and financial institutions must pick the right mix of technologies that provide a simple, yet robust real-time identity verification solution.
According to Ho, businesses and financial institutions can check for suspicious Internet Protocol (IP) addresses, verify their customers' e-mails and addresses, as well as monitor and confirm their identity in real time.
"Organisations must take an end-to-end approach — from the time customers first log in to the business website, to the time they do transactions. This can strengthen the fraud detection process," he said.
Biometric solutions also enable organisations to improve security and customer experience.
Thanks to a better "liveness" detection feature, cybercriminals will be forced to abort their crime as soon as they are required to take selfies on the spot.
Consumers do not need to remember their passwords to access accounts as individual (biometric) uniqueness cannot be easily stolen in a data breach or phishing attack.
Shikiar said that instead of relying on knowledge-based authentication, businesses and financial institutions should opt for cryptographically secured, possession-based authentication methods.
"They should shift away from authorising transactions with two-factor authentications that were once deemed safe, such as SMS OTP or push-device prompts," he said.
Bandopadhyay has a different point of view. She said financial institutions should understand how cybercriminals operate to scrutinise and disrupt their cycle.
She added that financial institutions have to reflect on criminal convergence literacy with new technologies to fight financial crime and terrorism.
"Of course, this collective mission requires a strong network of world-class financial crime experts and innovative technologies that can showcase scenarios to help detect a crime," she said.
FUTURE OF TECHNOLOGY
Cashless payments will continue to grow, with nearly four in five Southeast Asian consumers planning to adopt this method.
According to Visa, a United States financial and credit card company, 52 per cent of its customers are using mobile wallets and 44 per cent preferred contactless card payments. For new methods like the "Buy Now, Pay Later" scheme, the figure is as high as 63 per cent.
Ho believed that the digital banking landscape in Malaysia will continue to see huge growth of cashless payments, which may help provide the country's underserved populations in rural areas with financial services.
Another key trend to look out for are cross-border payments and overseas fund transfers. Cross-border payments using mobile phones through QR codes had been enabled between Malaysia and Indonesia earlier this year.
"These developments point to an exciting time for Malaysia's cashless future. But as our online infrastructure opens up and interconnects with the world, cyberattacks can multiply rapidly and extensively.
"Therefore, organisations must be well-equipped with the right technology to regulate and enable secure digital payments," he said.