Subscribe
Share
Share
Embed
Welcome to The Payment Expert weekly podcast, brought to you by SBC Media. Each week we analyse the news driving the global payments industry forward; the innovation, the infrastructure, and everything that has to happen to make it all possible.
Louis Thompsett (00:00.834)
Hello and welcome back to the Payment Expert podcast, your source for the latest news insights and analysis on the payments industry. I'm Lewis Tompsett, news editor at Payment Expert and with me today, I'm delighted to have Oliver Hannaner, managing director of UK Financial Crime Compliance Advisory at Capgemini. Oliver, with the UK government's new fraud strategy landing this March and I believe you've just come back from the global anti-scam.
Summit which wrapped up in Lisbon. There's plenty of course to get into when you're at the show What was the mood among the people actually? fighting fraud right now anything that surprised you or anything that the wider payment industry perhaps hasn't clocked on to yet
Oliver Hanmer (00:49.1)
No, I was a I think it's a great event actually. Well, firstly, thank you very much for having me on. It's great to be here. So the Global Anti-Scam Summit brings together people from across the world, all with that kind of joint ambition to fight the good fight against fraud. And it's an opportunity to share ideas and to hear about what other countries are doing. And so there's a lot of opportunity that comes from that. And the UK, because of
what it did in relation to APP mandatory reimbursement had been leading the way. And obviously financial institutions in the UK are investing heavily in fraud detection, fraud prevention. So there's a real interest in understanding what impact that's having on volumes of fraud. I think what was very clear was that desire for greater collaboration, intelligence sharing, recognising that fraudsters aren't constrained by geographic
boundaries and are able to operate flexibly and therefore the need for the fight against fraud to be seen as a global issue rather than a national issue was particularly important. And I guess the other thing that always comes up in these conversations is around AI and the use of AI by fraudsters to use increasingly sophisticated ways to defraud people and then how financial institutions
and others are using AI in order to combat that increasingly sophisticated approach to fraud. So they were the kind of common themes that came out.
Louis Thompsett (02:29.848)
Yeah, sure. You mentioned obviously, fraudsters are indiscriminate in their attack vectors and where they approach from. And obviously the need for, I suppose, greater collaboration across industry, not just from payments as well, but things like social media networks, phone networks too. What do you think needs to happen for, I suppose, greater collaboration on that front between different industries?
you know, not just landing on the bank to sort of pick up the bill with APP. What more needs to be done from other sectors, do think?
Oliver Hanmer (03:09.294)
There are a couple of things for me. There's clearly a misalignment of incentives between the regulation that exists for financial services versus telecommunications, social media platforms. And you've seen really positive success in financial services because of the incentives that were created by the liability shift for financial institutions in the UK. There aren't the
types of incentives on telecommunication social media platforms and yet we know that's where the majority of fraud originates and so whilst there is that whilst there is still that misalignment it's you're not going to see the same amount of commitment from social media telecommunication platforms and I think that needs to be addressed the UK national fraud strategy starts to do that by recognising fraud as a national security priority
and therefore place a greater emphasis on the need for all sectors to collaborate in that fight against fraud. So I think that's really important. And I guess the other thing from a telecommunications social media platform perspective is they trade on good customer experience, the ability to engage with their platforms seamlessly. Once you start to introduce fraud financial crime controls,
potentially as in a layer of friction that they are uncomfortable with, you know, you see that trade-off between those two issues happening in banks and other financial institutions, but telecommunication companies, where they really do prioritize the customer experience, they're going to have to find a way of managing adding in fraud control with that desire to maintain the good customer experience. And then the other thing that's happening, I guess, in the
the fraud strategy is the sharing of data across sectors, the online crime centre which is designed to create a mechanism for sharing intelligence information. Telecommunication companies will be engaging with that in the same way that financial institutions are and so I'm positive that that will have a good impact upon how the sectors work together. I think there needs to be some greater rigor, greater regulation to really push telecommunication companies in the
Oliver Hanmer (05:38.854)
right direction. I think that's the only way you're going to see real progress and that's certainly consistent with the way that you see financial institutions responding. But yeah I think that misalignment of incentives is a problem that just needs to be resolved.
Louis Thompsett (05:55.609)
Yeah, sure. Absolutely. I'm just wondering for you personally, obviously, if I'm right in saying this, you spent two decades inside UK regulation. I believe you're at the PSR, so you were in a supervising kind of role. Now you're in more of an advising position. Has your view shifted? Obviously, part of the PSR was to make sure.
you know, people under the PSR's remit were compliant. Has your view kind of shifted to look at these other industries now that you're referencing or have you always kind of had this in your mind, you know, that payments firms, banks can't take the full load of responsibility?
Oliver Hanmer (06:38.488)
Well certainly when I was in the PSR that was a regular message that I would give when speaking about APP fraud was that this was incentivising financial institutions but
we recognize that fraud was originating outside of the financial sector and therefore there was a need for telecommunication companies to do more. And our view was the best way to secure that was either through government intervention or through regulation or a combination of the two. And I think that my view on that still holds true. think since switching to the other side of the table, I guess, and thinking about this from a from a banking perspective and much
more alive to the trade off that they're having to make between introducing financial crime controls, fraud prevention detection mechanisms and maintaining the good quality customer experience and ensuring a sort of frictionless approach to payments. And I think that that is where boards senior management within the banking community are having to think quite hard. You you look at some of the challenge of banks that really emphasis the customer experience and
are able to maintain really great customer experience whilst at the same time delivering class leading approaches to fraud prevention, financial crime controls. And I think that their ability to demonstrate how that works is a good way to demonstrate good practice for the rest of the industry to follow. And so certainly the conversations I have with banks is around that trade off and helping them understand where they need to invest in good quality
financial client controls, but also do so in a way that doesn't compromise the customer experience.
Louis Thompsett (08:29.464)
Sure. So if you say a firm operating in the mobile space or social media, obviously they want to keep that good customer experience. Do you think it's a case of new regulation needed to make them sort of more compliant when it comes to fraud to sort of push them to innovate those, I suppose, new layers where you can still maintain that customer experience while also mitigating the fraud as we've seen across
the payments for it, do think that's something that would sort of help push the needle for them?
Oliver Hanmer (09:05.657)
Yeah.
it certainly shifted the dial for financial services institutions. I, and there are different ways in which you can do this. Either you introduce a similar reimbursement regime or you, as the PSR did, make publicly available performance data for each of the, in the banking community for each of the banks. And I know that banks looked hard at that
data and the league table that the PSR released. And if they were at the bottom of the table, then they were concerned about that because it would have an impact upon their competitiveness. And therefore, they would look to find ways in which they could improve the rate at which they were reimbursing or reducing the volume of fraud. So that public sharing of performance data for telecommunications social media platform seems to me to be enough.
other way of incentivizing firms to invest in financial crime because they, they're kind of the core of public opinion is really important in the social media world. And so if you were publicizing how effective a particular social media platform is doing in relation to fraud or financial crime, and they were, they were below others, I think inevitably that would have an impact upon their willingness to introduce greater fraud.
controls.
Louis Thompsett (10:37.378)
Yeah, absolutely. By having that regulation in place can help push them towards achieving that for their own public image, I suppose. Let's come back to payment a bit. Instant payments has obviously been a great innovation, but it also arguably has been the fraudsters' best friends. When money moves quicker and there are new rails and the need for interoperability is there between those rails. That obviously creates gaps for fraudsters.
come in. Are they a gift for fraudsters in your view and how does the interoperability angle impact that?
Oliver Hanmer (11:20.196)
Well, is it a gift? I think I'm not sure I would describe it as a gift. It's certainly an opportunity for fraudsters, for criminals to take advantage of.
But you balance that against the huge benefit that comes for customers and for financial institutions of having instant payments as a facility. And it goes back, I think, to how you then design your fraud controls to minimise any kind of disruption to the standard payment process where there are concerns about a particular payment. And, you know, you look at the technology that the majority of
financial institutions now use to detect fraud, manage financial crime, it raises flags where there are concerns about a particular transaction because it's out of the norm of the behaviour of a particular customer or it flags something differently that suggests there may be a risk and there are mechanisms to be able to deal with that very, very quickly and only to introduce human intervention and slow that process
sits down where there's a real need to do so. So whilst I think it creates an opportunity for fraudsters to be able to take advantage, equally the instant payment and the desire for instant payments as a facility to provide to customers means that banks are having to think very carefully about where they introduce those kind of financial crime controls. So I mean it all goes back to that point about trade-offs really and you minimise
the friction whilst maintaining the security of your banking system. But obviously if there wasn't instant payment then it would be more difficult for fraudsters to take advantage of that immediateness of the payment process that now exists. And you're not going to step back from that. Now you've got instant payment, that's the way it's going to go isn't it? You look at what the Bank of England is going to do in relation to faster
Oliver Hanmer (13:34.608)
payments, they're going to build upon that, they're going to develop interoperability across rails and they'll build in fraud, financial crime expectations to reduce the gap, the opportunity that exists for fraudsters.
Louis Thompsett (13:48.619)
Yeah, there always is that existing tension, I suppose, between the innovation and where fraud can come in. And also, I suppose, regulation, new government mandates. Obviously, they launched the fraud strategy back in March with a new online crime center and obligations, I believe, from, is it 2027, on big online platforms with fraudulent ads, et cetera. I mean, does that spread?
Oliver Hanmer (14:09.454)
Yeah.
Louis Thompsett (14:17.158)
that shift in the new strategy finally sort of shift responsibility beyond the banks? I know sort of it extends to PSPs or I guess the PSPs, does it not really have an impact until it goes back to those sort of the tech firms, the social media firms, the telecoms companies that we were talking about earlier? Is that where it needs to stretch to? Has it done enough?
Oliver Hanmer (14:45.038)
So think it's a good start. It's obviously great to have a national fraud strategy that recognizes the need for all of the relevant sectors to collaborate in that fight against fraud. So that's a positive.
The fact that the UK government recognises fraud as a national security priority and elevating that level of risk I think is also welcome and will add greater pressure across the sectors to do something about that. The Online Crime Centre is a positive step forward in improving mechanisms for sharing intelligence and information.
But the UK doesn't have a particularly good track record of turning strategy into meaningful positive outcomes quickly and that I think is the challenge for the UK is you know fraudsters move super fast. If it's not working they'll try something else. They're not constrained by governance or decision making or processes. They do what they want when they want.
and all the while that the UK works out how they're to share information and put in place MOUs.
the longer it will take to really resolve the challenge that we face in relation to fraud. And so whilst I think it's a positive step, it's how you turn those words on a page into a impact, positive impact. And I think regulation plays its part there.
Louis Thompsett (16:29.485)
Yeah, sure. Easier said than done, maybe some would say. I want to pick up a bit on what you said earlier, obviously around when you were over in Lisbon, talking about, suppose, the accelerating threats of AI, things like synthetic identity fraud, deep fakes, and the likes. How worrying is that? I mean, I know the UK finance released a report earlier this week.
talking about how scams are essentially becoming way more personal. A lot of institutions have got the protections in place and they seem to be broadly working. Obviously fraudsters shift their targets toward people, the everyday people, and AI is playing a big part in that. mean, are the KYC and AML models that firms have spent fortunes building over the last few years, are they kind of
fighting a war from before? Has the fraud landscape shifted on a little bit from that? Obviously they work and they function, but does the industry need to meet fraud essentially where the fraud is happening?
Oliver Hanmer (17:38.853)
Yeah, I mean, you need to fight AI with AI, I think, you know, so, for all's desire, using AI to develop synthetic identities.
to access fake documentation. And so I think in order to keep pace with fraudsters, firms need to be making better use of AI, agentic AI, in order to respond quickly to that emerging threat landscape. For me,
What's really interesting is how you close the gap between what's happening in the threat landscape to how quickly a financial institution responds to it. It goes back to that point I was making about governance, is fraudsters are constrained by governance. Banks tend to take longer because they've got more complex governance processes and decision making processes. And the gap that exists between how quickly a bank
responds to a shifting threat landscape is where the fraudster makes hay. And so the quicker you can identify what is creating that gap and closing that gap, the more difficult it will be for fraudsters to be able to take advantage of that. And I think AI is critically important therefore in keeping an eye on what's happening in the outside world and enabling financial institutions to respond more quickly. And certainly the conversation
that we're having with people is around how you can close that gap.
Louis Thompsett (19:23.629)
Yeah, totally, absolutely. But we're nearly out of time, Oliver, but before we go, I'll leave you this open-ended question. If there was one thing you could change from tomorrow, and only one thing, one rule, one incentive, one behavior across the whole ecosystem, what would that one thing be?
Oliver Hanmer (19:47.368)
I sound like a little bit of a broken record, but I think it is that misalignment of incentives with telecommunication social media platforms. It's quite hard to argue against it. The evidence points to the vast majority of fraud originating on social media platforms. And yet it's the banks that are on the hook when it comes to reimbursing victims of fraud. And I think therefore that
some greater level of regulation similar to the approach that's taken to financial institutions is going to be really will be really helpful and I think if I could change one thing it would be that.
Louis Thompsett (20:31.119)
Sure, well thank you very much Oliver for joining me today. If you've been watching and you're not already subscribed to the Payment Expert podcast, make sure to subscribe wherever you do get your podcasts with plenty more insights and analysis coming over the weeks and months ahead. And for the latest news as it happens, head over to paymentexpert.com. We'll see you all next time.
Oliver Hanmer (20:54.927)
Thank you.