Machine Learning – Changing Payments Security Landscape

V Sharma on December 1, 2019

Payments Security Landscape – The risk of info security on data, application logic, and financial value losses are continually growing fast. For this reason, Artificial Intelligence and machine learning-based infosec tools for banking and mobile payments are getting huge attention. Starting from risk underwriting to credit rating & scoring to digital security and loan underwriting are few strong contenders. It aims at detecting anomaly, alert and block. Any abnormal pattern is a sign of worry to it. Sadly we should not forget that hackers are also using artificial intelligence in cyber attacks that are more advanced and harder to detect. This blog post focuses on mobile financial services security and questions around digital payments.


Mobile Payments – Speed & Security

Against escalating security threats on mobile and digital payments, the need of the hour is to empower the whole ecosystem. The empowerment of merchants, acquirers, and service providers with new commerce opportunities backed with machine learning, edge analytics and blockchain. The customer experiences of in-store and data protection should be the highest priority for any digital payments system. Banks may not be able to keep up with the need for speed as they lack the ‘culture or mindset’ of on the fly innovation thus not so open for new technologies. Secondly, money needs to follow consumers and not the other way round like the traditional brick and mortar channels.

ML For Payment Security

Ministry of innovation adding lots of excitement and innovation thus increase in a fire about the security & privacy of transactions. Subscriber normally doesn’t ask too much in the low-value transaction but as it happens on a daily basis subscriber do get nervous and freak out more when they add their card or bank details on provided channels i.e mobile app and web portal etc. Sadly data privacy is still at back seat for many many providers.

As digital payments evolve, technology providers and financial institutions are working on ways to enhance security, privacy and boost customer trust. Strategies that include adding new layers for fraud protection, such as tokenisations, where transactions can be completed without sharing sensitive data capsule (credit card number, CVV and expiration date etc).


Innovations in Banking, Payments and Customer Service

In the Digital Banking industry this year, the leaders who are creating state-of-the-art apps, chatbots, authentication, and internet-of-things applications will throw on what they do but why and how answers may not come out. The issues will be debated, like how and with whom to share account data and whether or not to try to compete with top-rated mobile wallet apps. The brightest minds in the industry should lend hands to share ideas, network and collaborate.

Applying Robotic Process Automation in Banking, FinTech or any financial services business can bring significant savings and reduction in negative impacts. Robotics is quickly gaining traction in banks to automate their everyday finance and risk processes. The Royal Bank of Scotland is rolling out a customer service “hybrid bot” from vendor LivePerson that hands over to a human colleague if questions flummox its artificial intelligence. With this tool, customers can message for their day to day with queries.

A variety of techniques exist for fortifying them in today’s time but AI would be much more effective compared to the tools at hand. 

  • Distributing query processing by combining hosted and on-premises DNS services, deploying recursive servers to the network edge and creating redundant DNS architectures
  • Using response policy zones to cut off botnets and create whitelists for legitimate traffic
  • Rate-limiting noncompliant devices
  • Sharing threat intelligence to stay ahead of attackers and create a unified front

Arguably, the most destructive cyberattack is a distributed denial-of-service attack (DDoS). Other attacks cause great harm—steal computing power, exfiltrate sensitive information, hold files and devices for ransom. But DDoS attacks are brute destruction of critical services. As the Dyn attack demonstrated, they can extend far beyond single organizations. Use of AI-based (ML logics) application servers with logics which been learned over time DNS is essential, so they are a primary DDoS target—but they are preventable or defensible.


Mobile Payments Security Will Play a Key Role

In the case of digital payments, payment velocity check is a key component to detect and stop fraudulent cases. If not checked then it can result in a brutal wave of chargebacks. Velocity detection might seem like some complicated tools to launch space shuttle or tools to use at the theme park on a broken roller coaster. But in reality velocity detection is defined as checking the historical shopping patterns of an individual and matching that record against their current purchases to detect if the number of orders by the cardholder match up or if there appears to be an irregularity. Artificial neural networks are a big help in this particular space and in the near future, it will be much more strong.

Mobile Payments #AILabPage

A successful attack on the software-based mobile payment application could consist of decompiling the source code, where the attacker obtains access to all assets hidden in the application (such as tokens and cryptographic keys). The integrity of an application can also be compromised by data tampering and cloned applications intercepting sensitive data. Another point of vulnerability is a merchant’s mobile POS, as a fraudulent merchant could tamper with the mobile application controlling the mobile POS. With these methods, an attacker can obtain assets such as user and card details, card verification method values, and use keys.

Security mechanisms, such as white-box cryptography, reduce the likelihood of cloning and decompiling payment applications. Provisioning of secure data to the SE or delivery of a payment token is a point of vulnerability in mobile payment applications. 


Emerging Technologies – AI, ML and DL

As per Sir Andrew NG – AI is the new electricity to power up any business of today with the ability to kill the business if ignored. Machine Learning and Deep learning are part of the AI domain as a subdomain.

  • Artificial Intelligence – An umbrella that gives synthetic thinking approach to all technologies take shade under this umbrella. AI solves problems in a heuristic way with being explicit or meta-heuristic.
  • Machine Learning Machine Learning is a subset of artificial intelligence where computer algorithms are used to autonomously learn from data and information. Machine Learning is; where business and experience meet emerging technology and decides to work together.
  • Deep Learning – Subset of Machine Learning. It is an algorithm that has no theoretical limitations of what it can learn; the more data you give and the more computational time you give, the better it is – Sir Geoffrey Hinton (Google).

Artificial intelligence is set to transform the financial services industry. How AI will be transforming the future of FinTech to elaborate items from the above list in African markets and opportunities are even more dramatic in just the past five years.


Digital Transformation

In today’s time, Digital Transformation without machine learning, data science and blockchain techniques is a kind of loud melodious whistle in an empty vessel. Lots of customer education, mindset change drive, as well as behaviour change, is needed. Financial capability is the internal capacity to act in one’s best financial interest, given socioeconomic environmental conditions. A few golden rules to get quick wins are as follows.

  • Needs to focus outside “digital and social media channel” i.e focus on radio, roadshow with village communities, focus on groups within local language and style
  • Trust local people to act as brand ambassadors for increasing customer loyalty and trust
  • Focus on creating a cost-effective and efficient operating model is the golden key
  • Carefully thought-through branch expansion versus setting up an agent network
  • Managing risk, security, compliance and bringing it up to the global standard
  • Leveraging mobile as a primary medium for transactions and queries and online banking
  • Technology-enabled customer engagement and continuous innovation
  • A complete set of counter-measures against Money Laundering and the financing of terrorism and proliferation, covering the required legal, regulatory and operational measures through and through knowledge set
  • In-depth knowledge & willingness to attain knowledge on principles for mobile financial services Infrastructures.
  • Understanding and willingness to attain in-depth knowledge and hands-on core banking platform integration with MFS systems, architecture, banking grade switching and rules around the same

AI may turn out destroyer of cybersecurity as well. For example, people who have succeeded in harnessing the power of artificial intelligence to create some sort of program. Combined with existing tools to figure out a quarter of the passwords from a set of more than 43 million profiles is a big breakthrough.


Digital Wallets and Security

If you are excited & passionate about using your digital wallet with any of wallet services providers in India or elsewhere across the globe then this is important to know, digital wallets or e-Money wallets are vulnerable to cyber-attacks as well. Point to note hackers are able to escape with sensitive financial information stored in digital wallets.

As payment technologies progress, thus the need for securing and using safer methods/channels for day to day digital payments. Due to the pressure of accepting the need for digital banking, banks are feeling they need to decide between complying or competing or refusing and loosing out completely as a result. Banks need to explore new technologies that meet the challenges of digitalisation and changing consumer behaviour every day.

While moving to electronic there is a strong need to create a robust electronic payments platform, which is not vulnerable to fraud. Given the change of pace over the last five years, banks and now FinTech’s may feel the need to decide between complying or competing, as they explore new technologies that meet the challenges of digitalisation and changing consumer behaviour. Security controls that can be employed in making a payment handling application more robust can frustrate the breakers at the hardware level before reaching the application level

  • Cards – CNP (Card Not Present) fraud is emerging as a top security challenge due to Increased adoption of online and mobile channels is providing more opportunity for perpetrators of fraud
  • Migration of card payments from magnetic tape to EMV Chip and PIN
  • Demand for leveraging advanced technological solutions by merchants to fight fraud is increasing
  • Demand for real-time analytics to identify transaction routing and detect fraud is increasing.

Security aspect losing out because of a cost factor as wafer-thin profit margins, rapid new innovators and entrants in market focus more issues pertaining to

  • Quality of service (QoS)
  • Quality of experience (QoE)

Equal significant to security (QoSec) & privacy is almost missing. The focus has shifted to ensuring optimal new solutions and experience for subscribers and everything else is being parked at the backyard.


AI-based Hardware for Digital Wallet Systems

What if regulation comes out to enforce a strong artificial intelligence-based hardware security layer along with software. This will decrease the opportunity for hacking. Adding machine learning algorithms to detect velocity and pattern would ensure it gets safer.

In the case of any digital wallet, security checks are key. Global wallet companies like Alipay, WeChat and Apple Pay use a hardware-based security layer, which makes them more secure for online transactions. “You will be surprised because most of the banking or wallet apps around the world don’t use hardware security difficult to digest or understand why.

They actually run completely in open software mode and users password can be stolen with ease; having said that I don’t mean to claim if hardware-level security is not built-in, so the wallet is not secured or should not be used, all matter is what level of transaction volumes, numbers and values we process also matters to ensure cost-effectiveness comes into play. For this to happen effectively, planning and preparation are key for the next stage of the payments revolution.


Information and Data Storage

A key issue for consumers engaging in mobile commerce and payment transactions is information disclosure. The technological constraints of mobile devices, including small screen sizes and limited memory or storage capacity, can limit the amount of information that consumers have access to during a transaction; a small screen, for example, limits the amount of text that can be displayed to a consumer. Today, smartphones are the driving force behind a lot of innovation and changing consumer habits.

Security of subscriber’s data in terms of KYC information, transaction details and sensitive information like a bank account, mobile wallet number, card details are pivotal and the key to any financial system. While making any payment with digital channels information security and data protection are the most critical components. On a second note the kind of payments, amount of payments and velocity detection, etc. under digital payments security; might seem like complicated matters. The potential risk in this is like the one at a theme park on a broken roller coaster.

Failure to secure sensitive information can cause major damage to the service provider’s organization in terms of financial fraud, identity theft, legal regulations, loss of consumer confidence, etc. Security controls that can be employed in making a payment handling application more robust and frustrate the breakers at the hardware level before reaching the application level.


Points to Note:

We have covered all basics around mobile payment security and the importance of mobile payment data. AI is becoming a classifier instrument to put banks in good and best bank category. So banks that want to jump to the best category are jumping to adopt AI, BOTS and machine learning techniques. This is possible only after banks can utilise and understand the data they have. Data to serve and understand customers etc. All credits if any remains on the original contributor only.


Books + Other readings Referred

  • Research through open internet, news portals, white papers, notes made at knowledge sharing sessions and from live conferences & lectures.
  • Lab and hands-on experience of  @AILabPage (Self-taught learners group) members.


Feedback & Further Question

Do you have any questions about AI, Machine Learning, Data billing/charging, Data Science or Big Data Analytics? Leave a question in a comment section or ask via email. I will try best to answer it.


Machine Learning (ML) - Everything You Need To KnowConclusion: There is clearly an opportunity for smart mobile/digital payments. Consumers want to pay quickly, easily and at low costs. An interesting finding is the need to add context to payments, e.g. subject or photo. Privacy and security are flagged as important by the majority of respondents. However, this was expected. With the knowledge of knowledge, we see more lean products focused on a specific group of customers. The idea and concept are not new, however, it is very promising when targeting the right niche and addressing the right issues customers are facing. Now another type of AI which is going around like fire in a jungle; where it’s been said AI will stop all frauds and kill all issues around it. AI will bring behavioural biometrics to stop the gap and remove the vulnerability of payment systems, especially online payments.

====================== About the Author ================================

Read about Author at: About Me

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement.  Remark for more details about posts, subjects, and relevance please read the disclaimer.

FacebookPageTwitter       ContactMe            LinkedinPage   ==========================================================================

Posted by V Sharma

Technology specialist in Financial Technology(FinTech), Photography, Artificial Intelligence. Mobile Financial Services (Cross Border Remittances, Mobile Money, Mobile Banking, Mobile Payments), Data Science, IT Service Management, Machine Learning, Neural Networks and Deep Learning techniques. Mobile Data and Billing & Prepaid Charging Services (IN, OCS & CVBS) with over 15 years experience. Led start ups & new business units successfully at local and international levels with Hands-on Engineering & Business Strategy.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: