Security Risks With Digital Payment Options – Techstrong TV
‘Buy Now, Pay Later’ fraud — Services such as Afterpay, Klarna, and Affirm have rocketed in popularity as the leaders in helping people buy things right now with a major appeal to millennials and Gen Z, however with new digital payment options, comes new security risks for consumers.
Charlene O’Hanlon: Hey everybody. Welcome back to Techstrong TV. I’m Charlene O’Hanlon. And I’m here now with Jimmy Fong, who is the chief commercial officer at a company called SEON. Jimmy, thank you so much for being on the zoom with me today. Really do appreciate it.
Jimmy Fong: Yeah. Pleasure. Pleasure to be speaking, Charlene happy to have this connection.
O’Hanlon: Yes, yes. Me too. Tell me a little bit about SEON I’m not familiar with your company.
Fong: Yeah, sure. So we’re a relatively young startup just come up four years old. We are series A funded back earlier this year and we originate out of Europe. So kind of twinned between Budapest, Hungary, and also London where I sit in the UK. But, yeah, we’re excited. We ha we have offices open in Austin, Texas and then over in Jakarta APAC region as well there. And what we focus in on doing is we provide micro services for the kind of online business community, in terms of fraud detection. So we do kind of two things, really. One end we provide what’s known as data enrichment over data point, like an email address or phone number. And we purport back on what we call a social footprint of that data point. So we’re looking if Charlene you’re on Instagram, Facebook, Twitter, LinkedIn, et cetera. And then the other side of what we do is we provide end-to-end risk platform for online business that needs to automate, accept to reject decision there.
O’Hanlon: Well, very, very cool. And, I imagine that your service is well in demand with the rise of the, these alternative payment methods that that have come up, you know, services like Klarna and Afterpay, and God, what’s the other one Affirm, I think it is and there are other services out there as well. You know, a, a lot of retailers have kind of added those services to their sites, online sites. And being as we are coming upon the holiday season that, you know, there’s got to be that potential for consumer or not even consumer fraud, but just fraud in general. And so I’m interested in finding out what you guys are seeing in the space right now. And really how these alternative payment methods actually are kind of, I don’t want to say a catalyst, but you know, how they can actually kind of foment fraud within the online retail space.
Fong: Yeah. A couple of names you mentioned are they are indeed customers of our technology there. So, they are and I think kind of the big trend we’re seeing kind of pre pandemic sadly online fraud levels were always rising and then events like the pandemic just acted as like a big accelerant to it. And mainly because, you know, I think comes down to fraudsters are very aware that so many businesses were kind of forced online digitally than they were ready for. And then you’ve got this phenomenon, as you really mentioned around retailers also trying to make the buying experience so simple that before, you know, it you’ve made the purchase and you’re good to go. So hence being able to automate the split up into like, you know, 12 payments interest free very easy to do.
And, so I think we’ve always seen like a balance. So retailers are trying to make this super simple with these buy now pay later companies. And then on the flip side of it is simplicity sometimes leads to I guess fraudsters being aware of this and taking advantage of that as well. And so it’s always a balance between applying a bit of friction for security purposes, but then not actually leading to marketing churn right. Or check out churn in that sense. So it’s a constant, constant kind of balance there.
You mentioned kind of like what we’ve seen also in the pandemic. So buy now pay later, we are all completely aware. It’s kind of really blown up in the last 18 months and some, yeah, kind of some fantastic kind of FinTech growth stories, not just the traditional ones you mentioned there, but lots of like regional niche players as well, all around the world. And I think what we’ve seen there is like a growth of people taking over identities with account takeover fraud. And so technology like ours, I think it’s come at a time where, what these merchants are wanting is they’re asking so little to be able to allow a smooth, seamless kind of credit process for that customer. But at the same time they’re lacking traditional data points to be able to make like a secure transaction as well. So any technology that’s around where it doesn’t impose on the consumer to do extra stuff basically is like a good thing, because you’re kind of playing into that magical transaction experience where you’re not when you’re just not inconveniencing the end consumer.
O’Hanlon: Right. Yeah. And, I got to tell you, I’ve seen those, you know, pay $9 a month with, you know, Afterpay or something like that. I’m like, yeah, I you’re right. I mean, they’re just kind of exploded on the scene over the last I would say year and a half or so. You know, maybe at the beginning of the pandemic, I started to see them here and there, but it just like over the last year, definitely seeing a lot more of those services. So, you know, how different are these from, you know, say credit card transactions, where you’ve got you know, you’ve got the ability to pay via credit card and then you know, obviously break those the cost into multiple payments. So, you know, what is different about these alternative payment methods that make it a completely different kind of threat factor?
Fong: Yeah. So I think mechanically it’s the same concept for sure. But these are FinTech. And so the extra data that these by now pay later companies are being able to process is their asset and kind of how they’re looking at it is they’re looking at essentially alternative forms of data to make a better credit risk decision. So for us, the two kind of like if you like threat vectors that come in play are just when someone signs up for the service. So what’s known as on registration. So typically when you sign up for that, you know, you see that advert for, you know, split out to, you know, 12, $9 payments. It’s very, it’s very alluring. And, the other thing to mention about this to also say is the other reason behind why these are kind of blowing up is they’re very, it is tapping into the zeitgeist stuff and gen Z kind of behavior as well. It’s, you know, allowing folk to keep on consuming and be able to afford certain lifestyle items without kind of inconvenience in them, by, you know, having to pay upfront. So that they’re enabling in that sense.
And I would say that’s the first attack factor is around sign up. And again, it’s back to that concept that it only works if it’s so easy for that person to one click, two clicks and very short form fill on the information there. That’s the first thing. So behind the scenes, what, what are the BNPL companies look at? Ideally they’re asking for the least amount of information, but they’re definitely enriching that data. So, that’s kind of where for our startup it’s really helped because we’re typically focused in, on literally an email address we’re purporting back on a ton more data points around, oh, actually this Charlene O’Hanlon at gmail.com is on Facebook or is on LinkedIn, is on Insta. And, that’s what most people look like in 2021, especially gen Z. It’s very social. It’s very it’s a good modern proxy for somebody existing as a digital footprint.
The flip side of that is frauds and multi accounters and people take advantage of these BNPL kind of technologies when they it’s easy to create a temporary email address, but not so easy to recreate a digital footprint. So it’s technically possible, of course. So, we’re operating in that kind of technology space, but it’s not economically feasible typically for like criminal organized groups to do so on mass. So that’s the first attack vectors was known as registration risk.
The second one, which is more interesting. And, but going back to your question, Hey, how are these different systemically from say the card industries that have been around, you know, 40, 50 odd years? The difference here is that to make the BNPL companies work and succeed, they’re looking at alternative forms of data. And what they’re doing with the alternative forms of data is trying to build a good credit risk decision off those so that they can see that there’s some positive correlation to that Charlene is a good customer for that BNPL company. She’s more likely to repay. And those alternative forms of data are along the same vein. You’re looking at things like our social kind of checks.
So, a silly example we always talk about is we have many BNPL companies look at things like, oh this person has a GitHub account. Now, that may kind of, you know, lightly suggest they are an engineer in that space. And thus they may have a bit more disposable income to use a silly example there. So that’s kind of why they’re different, they’re able to leverage tech much better than I would say the kind of classic credit card industry.
O’Hanlon: Okay. All right. Great. So, you know, , from a developer point of view, especially developers working at online retail companies are there certain things that they need to consider when they’re looking to integrate some of these buy now pay later technologies into their sites to kind of lock them down and make them more secure and you know, not even more user friendly, but just, you know, just secure overall.
Fong: Yeah. I guess no surprise. I think looking at tech stacks that are API driven, so it’s all backend to backend coms is like, kind of just critical. The other side from it as well is because you have online security technologies and we can talk about a bunch of them. Right. You’ve got your captchas which have been around for a while, but they cause yeah, they’re just frustrating to the end consumer. Right. But they do stop bots. So, that’s kind of the primary purpose of it. But it’s frustrating. You’ve got things like device fingerprint technology, which is able to without is able to invisibly say, Hey, this is the same iPhone X we’ve seen before or iPad or something like that. And then you’ve got kind of stack like ourselves where it’s all about we give you much more information about that interaction, and then you’re able to make a kind of a much better decision off it because yeah. We’re able to tell you yeah. Kind of essentially a lot more about that instance and interaction.
By default APIs should be seamless, should be invisible. Shouldn’t really ideally be asking anything off that consumer. It should just sit invisibly behind the scenes. So I’d say developers are kind of spoiled kind of payment services like Stripe which I’ve done an incredible job. And in the same way, what we’re trying to do as a startup is build out like that. So it’s all publicly exposed API references. You can check it out, you know, 24/7, no need to sign up, no need to speak to human. It’s all just out there, just like stripes documentation. And then secondly, it’s all testable, like, so more importantly for that developers working on that project at 2:00 AM, wherever they are in the world, there is no live interaction needed. They can just go test the tech and they’re able to run with it.
O’Hanlon: Very cool. Very cool. So since we are coming upon the holidays from a consumer perspective, you know, are there any things in particular that they need to kind of keep in mind to avoid becoming a victim of identity theft as the result of these kind of buy now pay later applications or technologies or you know, is it you know, are there different considerations from a when shopping online and using these alternative payment methods?
Fong: Yeah, absolutely. I think that’s the key right. Is their successes they’re so easy to use and so convenient. Right. So I think it’s basic hygiene, at least from a consumer point of view on passwords and accounts created have to be individual and unique instead of reuse. I think that’s a classic on we see from consumers that are reusing the password and then potentially if that organization hasn’t been the most careful there’s a good chance that a data breach might be affected and that’s okay as long as you’re able to change that password, but it’s a big problem if you’re kind of using the same online password across sites, right. And that’s what hackers kind of understand and tap into is the human element of being a little bit mentally lazy, shall we say? So, definitely number one is kind of making sure as you’re sign up for these services, which, you know, are really good. They make shopping easy seamless. But the flip side is making sure you’re maintaining good password hygiene with unique, strong passwords for each of these buy now pay later services.
O’Hanlon: Awesome. Awesome. Well it’s going to be an interesting holiday season on a number of levels and I think supply chain shortages certainly are going to factor well into the holiday season and people’s gift buying decisions. And I think we’re going to hear a lot more about cyber threats and fraud and you know, all of the bad parts of the holiday season and shopping online. So I think, you know, I think we’ll have lots to talk in the months to come regarding this this holiday season. But it’s good to hear that that you guys are, you know, kind of helping lead the charge to make sure that consumers are protected. So thanks very much. And thanks for coming on Tech Strong TV. I appreciate it.
Fong: All right, thanks Charlene. Great speaking to you.
O’Hanlon: All right, everybody. Please stick around. We’ve got lots more Techstrong TV coming up. So stay tuned.
[End of Audio]
