Part of the job of a good product manager is not only listening to current needs but also looking ahead. And it’s a fascinating time to be looking ahead, especially working in payments – fast innovation and growth – but the speed of change in society seems particularly breathtaking at the moment.
So what are the macro trends at the moment?
Automation – most notably driverless cars, an automated vicar called X
Cybersecurity threats - Crime shifting online – anonymity breeds crime
The constantly connected self – Only 20 years ago even the most devoted techie had to go to the internet, but it is increasingly all around us. From the modem to ubiquitous WIFI – from default ‘off’ to default ‘on’ and we’ve barely noticed.
How does this apply to our merchants?
Access not ownership – innovation has led to mass disruption in many industries: uber, airbnb and spotify all provide access instead of ownership. Sharing economy. New world for businesses.
Quest for consumer attention - Constantly connected means lots of competing demands for attention, so fight to stand out, often with personalisation
Tension between security and convenience – if online crime is up, but consumer experience is paramount, then that means a tension between the two
Next: Data proliferation
Source: HH & Frost & Sullivan Visionary Innovation Group Mega-Trends Report 2016
https://www.forbes.com/sites/sarwantsingh/2015/12/16/top-16-trends-for-2016/#71f054c52fc3
1880 – vouchers
1914 – metal cards
1950 – Diners club charge cards
1994 – 1st online payment
70% Indian ecommerce is via mobile
92% Australian payments are contactless
2020 - 720 Billion non cash payments (55 Billion from LATM). Brazil expected to be strongest in non–cash
Let’s focus on data
We are more switched on and generating more data. Massive amts of data generated daily:
90% of the data in the world was created in the last two years
Only 0.5% of the world’s data is analysed
The average smartphone contains as much computing power as was available to the whole of MIT in the 1950’s
Anyone slightly worried about their emails while they’re at this conference? I bet they’re racking up.
So, I recently read an amazing book called Quiet, about introverts. Too much data thrown at me is bad for me, and I want to go and lie down in a quietened room. Yet I challenge the biggest extrovert not to get overwhelmed.
Our hyper-connected world feeds us with as much news and content as we can consume. A generation of twitchy people who can’t put their phones down. IPhones are cited in divorces.
Our brains don’t deal very well with all this data.
i) You can’t get through it all, so there’s data left un-absorbed. A few things happen:
ii) Bias towards the negative: a person watching the news gains an exaggerated feeling of doom and risk. No wonder we all want to stay home and bolt the door. But my husband, who works in statistics and research, always reminds me it’s actually not proportionate to the risk you actually face.
Trouble is, for problems like account takeover, it is increasingly hard for fraud analysts to string together all the data points. Is this behaviour normal for person X?
Remember data proliferation and the problems it can bring for the human brain?
Data overload is good for machines
It provides the ideal conditions for the growth of algorithmic prediction – or solving problems using machine intelligence.
Say the 19th century was powered by steam, the 20th by oil, and the 21st by data.
Machine learning 101:
AI is the broadest term, applying to any technique that enables computers to mimic human intelligence
Machine learning is an application of artificial intelligence (AI) that provides systems the ability to automatically learn and improve from experience without being explicitly programmed.
Now, machine learning [easy definition – eg: previously, software would obey rules laid down in code. Now, with deep-learning algorithms, there are still rules but these are based on patterns extracted from reams of data. The more data, the better.
Supervised/unsupervised – classified according to how they learn
Supervised – most used. It’s similar to the way a child might learn arithmetic from a teacher. Supervised learning requires that the algorithm’s possible outputs are already known and that the data used to train the algorithm is already labeled with correct answers. For example, a classification algorithm will learn to identify animals after being trained on a dataset of images that are properly labeled with the species of the animal and some identifying characteristics.
Unsupervised –where a lot of the excitement over the future of AI stems from. When people talk about computers learning to “teach themselves”, rather than us having to teach them (one of the principles of machine learning), they are often alluding to unsupervised learning processes.looks at inherent similarities between the images and separate them into groups accordingly, assigning its own new label to each group. In a practical example, this type of algorithm is useful for customer segmentation because it will return groups based on parameters that a human may not consider due to pre-existing biases about the company’s demographic.
A neural network is asked to look for patterns in unlabelled data
Goes beyond that into different techniques such as decision trees (simple) and random forests (build lots of decision trees and training time and output the class that is the mode of the classes (classification) or the mean prediction (regression) of the individual trees. Random forests correct the decision tree’s habit of overfitting to their training set.
Supervised and unsupervised learning describe two ways in which machines - algorithms - can be set loose on a data set and expected to learn something useful from it.
Today, supervised machine learning is by far the more common across a wide range of industry use cases. The fundamental difference is that with supervised learning, the output of your algorithm is already known – just like when a student is learning from an instructor. All that needs to be done is work out the process necessary to get from your input, to your output. This is usually the case when an algorithm is being “taught” from a training data set. If the algorithms are coming up with results which are widely different from those which the training data says should be expected, the instructor can step in to guide them back to the right path.
The increase in data along with cheap processing and storage for it has brought about the most intense period of innovation since the last industrial revolution. We can learn at an unprecedented scale.
Machine learning can be applied to many of society’s problems and also automate routine tasks.
For fraud, account takeover risk is ripe for Automated Anomaly detection – monitor standard behaviour of standard (device, IP) or advanced (behavioural pattern) metrics
We are living in the most intense period of innovation since the industrial revolution – in fact this period has been described as a second industrial revolution. Do we fear or welcome AI?
We accept innovation that until 10 years ago would have been unthinkable: Douglas Adams’ ‘Babel Fish’ has been surpassed by apps that give an instant visual translation (show image) Google Translate now renders spoken sentences in one language into spoken sentences in another for 32 pairs of languages, while offering text translations for 103 tongues including Zulu.
Practice of medicine currently has more in common with 19th century than 21st. Doctors rely on training and their experience to diagnose. This is ridiculous. Should rely on computers for diagnosis.IBM’s cognitive computing platform, Watson, is already ingesting medical information in the hope of diagnosing illness.
Cons: it’s not just blue collar jobs that will go, but also professional roles – accountancy, surgery for example. Also the more society automates, the more vulnerable we are to cybercrime/ransomware for example. (friend in NHS was affected by ransomware and said, it was lucky I still had a paper diary.) Perhaps mention well-known AI bloopers: Google translate led astray by user input, the neural network-driven Microsoft Twitter feed/chatbot “Tay”, 2016, that was taught to swear on Twitter that learned to spout obscenities. Withdrawn 16 hours later.
More importantly, a machine properly weights negative information – a machine wouldn’t absorb the news and then panic because it would balance that negative information against all the positive information out there.
Also doesn’t have a personal bias. Humans love to see patterns, and they suffer from confirmation bias, where [...]. so, even the best fraud analysts can make errors of judgement.
Amazon is planning to launch 3000 grab and go stores. Now these shops have invisible payments – how may we help …..
What can invisible payments be?
May be replace physical cards with consumer mobile
May be we use face as id by either making face only payments where instead of card we recognise face in the terminal to accept payments or use user mobile as way to authenticate payments
Same with finger print – may be using AIRprint’s distant finger print scanner ( which takes away the need to touch some surface. Let’s face it we all know how dirty those finger print scanners can be). Hence Imagine walking into your regular coffee shop smiling or waving to pay and walking out with ur coffee . This can be especially useful in countries like India where govt has biometric information for entire population.
Or using voice
Or even better walking into shop pre authorisation of your presence and then on purchase u can pay by combination of any of the above methods.
Best of all brain wave to authenticate ( https://findbiometrics.com/introducing-brainwave-authentication-25213/ )C0 to create a ‘connected self’
All these can make customer experience seamless. At the same time creates a challenge for all us here to make sure we are extra vigilant with information and use it ethically for customers benefit.
https://www.wired.com/2011/05/camera-reads-fingerprints-from-a-distance-in-seconds/
Shared experience – to help share payment experience across mobile and online . Very similar to watsapp web experience. It will help ensure we have are complaint with SCA regulations along with making shopping experience smoother
Which creates challenge for all us seated here around to innovate make it more easier but also make sure we keep the faith alive and ensure transactions are secure, data which customers entrust to us is safe and used ethically.
https://www.cnbc.com/2018/09/19/amazon-is-reportedly-planning-up-to-3000-cashierless-stores-by-2021.html
This type of fraud occurs when the chargeback process is used dishonestly to secure a refund from a merchant. Because the fraud comes from the actual consumer and not a stolen payment method it has earned the name ‘friendly’ fraud, but the truth is that it is a form of theft.
Swamped with comments!
41% feel it has increased, only 6% say not significantly affected
Does vary by product – eg: annual travel insurance in the travel sector, or minibreaks. Anything non-refundable.
“We used to see the use of many reason codes, such as quality of goods, or item not as described,” reported one merchant. “Today, people will just call and claim it was fraud, trying to instantly get their money back.”
Our qualitative research revealed friendly fraud to be a very emotive subject for merchants. Many merchants lose significant sums of money and even those who successfully defend these chargebacks are required to invest significant manual resources into providing compelling defence materials.
Friendly fraud is complicated for merchants by the fact that each customer is hard won. Given the cost of acquiring a new customer - and the risk of reputational loss from one angry consumer on social media – disputing a chargeback for suspected friendly fraud often leaves merchants in what feels like a Catch 22 situation.
Occasionally the friendly fraud is actually second party fraud, where a family member has used the individual’s card to make a purchase, often for a surprise gift. Thus a legitimate transaction may be disputed by the cardholder. In these cases, it is usually sufficient to contact the cardholder and explain who has actually made the order.
Why is account takeover becoming so prevalent?
Data breach > dark web > card on file for swift checkout = perfect storm of factors.
Phishing
Dark web = [clear definition. Also explain Onion router (not a Lakeland accessory) and Tor networks, and how get to the dark web.] Shadowy underworld: like the world beyond in Stranger Things, just without Winona Ryder. Its own functioning economy.
The data required to do this is gained in a number of illicit ways, such as hacking databases (breach) or phishing. Often, third parties obtain the data and then place it for sale on the dark web for purchase by the fraudster him/herself. Once this data is obtained, fraudsters can use the information to make high-value transactions – or, even, a series of small, apparently inconsequential transactions that may increase in value over time. Frequently, the crime is not detected until the victim notices unauthorised purchases on a bank or card statements.
The dark web is the World Wide Web content that exists on darknets; overlay networks which use the Internet but require specific software, configurations or authorization to access.[1][2] The dark web forms a small part of the deep web, the part of the Web not indexed by search engines, although sometimes the term "deep web" is mistakenly used to refer specifically to the dark web.[3][4][5][6][7]
The darknets which constitute the dark web include small, friend-to-friend peer-to-peer networks, as well as large, popular networks like Tor, Freenet, and I2P, operated by public organizations and individuals. Users of the dark web refer to the regular web as Clearnet due to its unencrypted nature.[8] The Tor dark web may be referred to as onionland,[9] a reference to the network's top level domain suffix .onion and the traffic anonymization technique of onion routing.
Did you know there is more breached data there than there are fraudsters to exploit it? (maybe they too are overloaded with data!)
There are hackers that perform data breaches for different reasons: to expose shady practices (eg: Ashley Madison, others), those that do it for kicks (similar to the boasting Facebook user – show mockup of ‘look at me in first class lounge / at Rethink!’), others that do it for financial gain: ransomware to release information for a fee, or exploiting card information to purchase tradeable goods online. The hacker from X was a 12-year old in his bedroom. [show visual of recent data breaches and motivation].
Irrespective of motivation, your data is out there.
DARK WEB
the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.
Drivers – mention those in addition to data breach:
Increase in card on file
Difficulty of standard third party card fraud
More phishing
It was the conjunction of the dark web and bitcoin that enabled this trade because otherwise legitimate means of payment would be so difficult!
Despite high profile closures such as Silk road (drugs) and Alphabay (identity info), there are still plenty of sites.
Customer service? Same on dark web. Buy 3 stolen card numbers, if they don’t work, you get the next one free. That said, one of the most prevalent trends is away from the stolen card number and towards the stolen identity.
Stolen identity – what do people know and how much does it cost? Whatever they find out they can mine social media for more information. And because people re-use passwords, they can run bots (?) to find your password for other sites. [read about account takeover/data available on dark web]
Easy to navigate
Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors (“cheap and good A+”), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. There are no special codewords to learn, no back-channels that must be sussed out. On the AlphaBay market, for example, one can just click on the button marked “Fraud,” then into subsections like “Personal Information & Scans” or “CVV & Cards.”
Sources: RSA
https://qz.com/460482/heres-what-your-stolen-identity-goes-for-on-the-internets-black-market/
https://www.cnbc.com/2014/10/03/hackers-selling-stolen-card-info-online-thats-the-least-of-it.html
Should I do this?
Am I allowed to do this?
What will people think?
We asked about machine learning in our survey too, particularly around the line between automation and human input.
Do merchants feel 100% automation is the way forward?
Interesting – everyone keen but no-one thinks human input will be eliminated.
Quite right too – human input is a key part of enabling a predictive model to learn whether it was right or wrong.
One interesting trend is that fraudsters themselves are now harnessing the power of machine learning and AI. Eg; for ever more sophisticated phishing attempts.
Install a machine learning driven system on an infected device to monitor emails, then after a period of time, tailor a convincing email with the same message style to convince the victim to click on a malicious link. [Spear phishing]