An Interview with Deborah Wood, Head of Fraud Risk Management, OFX
“Peer-to-peer (P2P) payments is emerging as the biggest innovator for digital payments. We’re witnessing technology in this space evolving rapidly to suit the exact ways in which users are connecting with technology ... this means it’s not just about mobile, it’s now about social platforms accessed via mobile.”
For nearly 15 years, Deborah Wood has stood as a bulwark against the rising tide of cybercriminal threats that have long plagued financial services industry.
In her current role as Head of Fraud Risk Management for OFX, one of Australia’s leading online-based payments and foreign exchange companies, Wood is responsible for developing and implementing the organisation’s long-term fraud risk strategy, a role which seeks not only to protect consumers on the ground, but to also instil confidence in the global aspirations of the OFX brand.
We spoke with Deborah Wood about the prevailing digital security challenges facing financial services institutions the world over, and the future prospects for the payments industry in an environment of persistent disruption.
FST Media: How do you see the ‘threatscape’ evolving for financial services in the latter half of 2017? How should the payments industry respond?
Wood: I believe that the latter half of 2017 will likely bring increased reporting of data breaches. In early 2018 we will see the implementation of mandatory data breach notifications as the Privacy Amendment (Notifiable Data Breaches) Bill 2016 comes into effect. Under the terms of this legislation, organisations that determine they have been breached or have lost data will be obligated to report the incident to the Privacy Commissioner, and notify affected customers as soon as they become aware of a breach. The notification must include a description of the data breach, the kind of information involved, and how customers should respond to the security incident.
Increased visibility around reporting effectively raises the stakes for cyber criminals, and this is likely to evolve the threat landscape for Australian organisations. In terms of response, we can learn much from the situation in the EU and the US – these are valuable test case geographies in terms of the regulatory impact of government-driven reporting. What we’ve seen in these markets is a sharpened focus on data security and an overhaul of critical infrastructure. With the new regulations comes a steep change in accountability, which will drive wide-scale upgrades across the industry.
FST Media: What technology is proving to be the biggest technological ‘game changer’ for digital payments?
Wood: Peer-to-peer (P2P) payments is emerging as the biggest innovator for digital payments. We’re witnessing technology in this space evolving rapidly to suit the exact ways in which users are connecting with technology. Specifically, this means it’s not just about mobile, it’s now about social platforms accessed via mobile.
Product teams are rethinking the customer experience to look at where customers are online and the most convenient places for them to transact; inevitably this currently tends to involve Facebook. As social media evolves into a platform for payments, we are seeing developments in data capabilities, driven in part by the increased legislation and compliance, that goes hand in hand with the emergence of social as a payments platform.
FST Media: How is OFX responding to the challenges of digital disruption?
Wood: Historically, OFX had been a disruptive presence in the international payments category. Now, with the rise of multiple fintech start-ups, we are one of many in operation. As our business evolves, technology remains at the heart of our offering; but we’re focusing on innovating in areas where we can improve our customer experience. That means a smoother customer journey through digital, higher levels of security around data, faster load times for our website and quicker transaction processing timeframes, among other things.
We’re also segmenting our audiences, which enables us to provide specialist service for each niche group tailored around their individual priorities. Our online seller businesses, for example, require a very different client-handling experience from our consumer clients whose main reason for transfer might be property investment.
FST Media: Where do you predict established financial institutions will be in five years’ time?
Wood: The big banks are currently observing how other financial services companies in international markets are responding to the record keeping technology represented by blockchain. In the UK, we’re seeing Barclays and UBS trailblazing on this front. Both banks have blockchain labs and are involved as founding members in the R3 blockchain partnership group, whose plan is to build the “fabric” of blockchain technology for banking, as well as develop commercial applications for banks and financial firms. NAB was involved in R3 for a time, but opted out to pursue their own blockchain interests, while Commonwealth Bank of Australia is still involved.
Australian banks can’t afford to be left behind with technological innovations; the difficulty is knowing whether they will succeed in going mainstream. Generally, the US and the UK provide accurate test markets for Australia, and this is likely to continue to provide something of a safety net for Australian banks.
FST Media: What fintech initiatives stand out for you as particularly promising for the payments industry?
Wood: The UK is already building some great tech products using open data initiatives. In Australia, the financial services industry has been heavily regulated, but the budget just handed down did outline plans for an open banking regime in 2018. This would facilitate an open data approach and could really change the status quo for the category, enabling greater evolution.
The standout payments innovations include technologies that seek to replace credit cards, such as Apple Pay and Android Pay. The technology is great, but most digital wallets work using near field communication (NFC) and not all retailers have this technology, so there are barriers to daily use. There are also issues with ID verification. Some products try to go even further; a recent example is ‘Token’, a ring that can be activated by a fingerprint scan. The hardware has the capability to remember your credit card information, your passwords and even unlock your front door (providing you have the matching lock).
FST Media: Where do you see the innovation in mobile payments heading in 2018?
Wood: The key innovations are likely to be with organisational use and understanding of data. With mobile payments, it’s likely that we’ll see improved security and less friction as API feeds become better optimised for operation with smartphones. The technology that’s being developed will likely align more closely with user behaviour – there is a focus on reducing lengthy manual processes as consumers now expect an instant payment experience. Social is already opening up as a mobile payments channel, and it’s likely that this will continue to evolve rapidly.
FST Media: How has OFX sought to mitigate fraud risks and boost customer confidence?
Wood: At OFX we undertake a very thorough interrogation of our customer data. 18 years of experience in Financial Services puts us in a good position to understand and identify suspect user behaviour; we are able to model the typical customer journey based on our analytics data and can spot when something is amiss. This can include a user moving through the registration form too quickly, skipping information or taking an unusual navigation route. We use a number of indicators to identify risks and flag when we may need to take a closer look at a registration or transaction attempt.
As a global brand, we need to respond to fraud threats across six different countries and time zones – there is a local and a global aspect to our approach. We are also conscious of the responsibility that accompanies working in the international transfer space; we are tasked with keeping our customer’s money and data safe, and also protecting our own corporate assets.
FST Media: What impact do you believe blockchain or IoT technologies will have on the payments space over the next 12 months?
Wood: IoT represents an army of household technology that currently has the potential to be easily infiltrated by malware inherent on the internet. Electronic devices, such as smart TVs, fridges, cars, pacemakers, insulin pumps, lights, and thermostats, are able to collect and exchange data via embedded sensors that connect to the internet. It’s been something of an oversight that these heavily used high-tech domestic devices have been designed without base level security being programmed into them, and until this changes, we’re unlikely to see IoT devices viewed as a secure enough vehicle for payments.
The focus has been on driving innovation in technology, but the security credentials have fallen by the wayside as organisations evaluate success by practical utility. Over the next 12 months we may see increased responsiveness from the manufacturers of these devices, with a major pivot in security capability at the design stage, and a willingness to catch up on the security front by reprogramming existing devices.
FST Media: How will insight from analytics change risk management by 2018?
Wood: Greater insights data will provide companies with increased knowledge of typical customer behaviours, enabling more automation in the risk management process. We are likely to see the development of more algorithms that help meet legal and compliance regulations in financial services, while still allowing personalisation of the customer experience.
FST Media: How do you like to spend your free time?
Wood: I like to enjoy the beach and the great outdoors, making the most of the Australian coastal lifestyle – spending time in the ocean and at the beach, walking in the bush and catching up with friends over good food and wine.