The Southern African Development Community’s (SADC) financial landscape has undergone remarkable transformation, especially in South Africa, the region’s economic powerhouse. From 2019 to 2021, the use of digital wallets doubled, matching the transaction volume of traditional payment methods like credit and debit cards. This digital transformation offers multiple benefits, including streamlined transactions, greater financial inclusion, and real-time payment capabilities. However, with growing digital banking services also comes the risk of increased fraud.
The rise of online payment fraud
South Africa recently ranked sixth globally for countries most affected by cybercrime. According to a recent report, fraud-related losses shot up by 45% from 2020 to 2021 in the digital banking sector alone. 42% of these fraudulent activities occurred on banking apps, which saw a 13% spike in reported fraud incidents over the past year.
Amplifying the urgency of this matter, a recent scam involving near-field communication technology (NFC) has emerged in South Africa, where fraudsters bypass OTP verifications using stolen bank card details to make unauthorised digital wallet purchases, with one major bank recording over 6,000 complaints and losses exceeding R6.5m in just 18 months. Furthermore, vishing, a scam where fraudsters impersonate bank officials using voice or telephone-based communication, has become prevalent, with estimates that it accounts for about 99% of fraud cases in the country.
In light of these alarming trends, it finds that the most fraud-prone customer journey segment occurs at the stage of purchase transactions or the distribution of funds, This underscores the urgent need to implement Strong Customer Authentication (SCA) in online payments to fortify against escalating threats of fraud.
SCA as part of a multi-layered security strategy
With the advancements in fraud, single-point protection methods have become outdated. They lack the ability to cross-verify user identities, rendering them susceptible to sophisticated cyberattacks. A more comprehensive, multi-layered defence mechanism is therefore essential for the evolving cyber landscape, with SCA serving as its cornerstone. SCA requires a minimum of two verification methods: something the user knows (a password), something the user has (a mobile device), and ideally, something the user is (a biometric feature like a fingerprint or facial scan).
It should be noted here that while many devices offer in-built biometric technology (such as Face ID on Apple devices), these are not valid SCA elements (as recently clarified by the European Banking Authority). This is because the biometric data is not controlled by the financial institution and is ultimately only as secure as its weakest method of authentication: a simple PIN code (more about this here). Instead, it’s recommended that organisations use biometric identity verification solutions that capture, encrypt, and transmit biometric credentials to a remote server.
Robust biometric technology for SCA
In spite of the surge in fraud, 22% of South African financial institutions and vendors still have not implemented fraud prevention programs. Even among those that have, fraudsters are finding new ways to thwart existing security protocols. Approximately 18% of all fraud cases were linked to visual deception during liveness checks, emphasising the need for more advanced, robust solutions.
Biometric systems with passive liveness checks offer an ideal blend of enhanced security and a superior user experience, mitigating the friction commonly associated with more active forms of liveness verification, and therefore make for an ideal element of SCA.
To learn more about trusted biometric authentication and passive liveness technology, click here.