The surge in cross-border payments, driven by the adoption of fast payment systems, particularly in Southeast Asia, has introduced significant security challenges. This article explores these challenges, including the management of real-time transactions, outdated protocols and discusses potential solutions and future trends in payment security.
Cross-border payments have been on the rise in recent years. In fact, in Southeast Asia, most countries have implemented fast payment systems, with multiple bilateral links established in the last five years. While this increase indicates progress, it has also led to new security challenges.
Maxim Neshcheret, Regional Director APAC at CMA Small Systems, has over 20 years of experience with the company, focused on building core financial market infrastructures. According to Neshcheret, challenges include managing the rise in real-time cross-border transactions, outdated protocols, and weaknesses in middleware.
The threat landscape
The increase in real-time cross-border payments means that financial institutions now need access to real-time data and monitoring to make decisions regarding transactions. Threats can include fraud or other criminal activity, such as money laundering.
In the past, commercial banks were required to check every transaction and client, but the implementation of new centralized infrastructure can make it more challenging as the banks may not have access to enough data on the counterparties. Additionally, new standards such as ISO 20022 can potentially open new vectors for attack because a lot of infrastructure, including the solutions for commercial banks are not ready to fully adopt it. Instead, many implement a middleware solution to integrate their core systems with national or global rails. But there could be potential weaknesses between legacy banking systems and the middleware, such as outdated protocols for data exchange, that can make them vulnerable to attack. This was the case in the Bangladesh Bank Heist of 2016.
Other issues include a lack of real-time monitoring and the growing use of AI to execute deepfake attacks on employees.
Developed vs. developing countries
When it comes to security challenges in cross-border payments, there are some differences between developed and developing countries.
Developed countries were earlier adopters of fast payment systems, with the UK implementing them around 17 years ago, and Singapore a decade ago. Today these countries are a bit behind developing countries when it comes to the age of the technology implemented and are focused on improving their systems, including security.
Developing countries, on the other hand, might be more advanced, having implemented their technology more recently, but they often lag behind regarding regulations, operational rules, and practices to ensure the security of their systems.
According to Neshcheret, both groups face similar security challenges, but the increased use of centralized infrastructure in developing countries means the profile of the organizations that might be attacked differs .
Solutions
There are several technologies that can help combat fraud in cross-border payments.
AI is one of the most promising technologies, with real-life implementations already being seen. It can analyze huge amounts of data in close to real-time and help combat attacks. The National Payment Corporation of Kazakhstan and networks like Visa and Mastercard have implemented AI to help prevent fraud.
While there was a lot of hype around blockchain a few years ago, it has not been widely adopted within core infrastructure, and we are not seeing it change much. It is resilient to attacks on a technical level, but there have been cases where people have been tricked into transferring money to the wrong place. Also, if funds are stolen, it is difficult to get them back.
“Blockchain gives us the possibility to build infrastructure that cannot be hacked on the technical level, but fraudsters have still been able to trick people. And, as it’s decentralized, there are no regulations,” said Neshcheret.
However, blockchain could be used to build a second ledger that is un-penetrable, that could be used to compare and reconcile all transactions against the original ledger to ensure nothing was hacked.
There’s a lot of talk about quantum computing these days and the implications for security. If there’s a breakthrough, then we’ll face a situation where even blockchain solutions will be threatened by this technology. But I remain cautious.
Recommendations
To improve payment security, financial institutions should invest in continuously improving their technology and security components. They should be open and agile, as the world is changing, and cross-border payments are coming to their door.
“They need to be ready for that. They cannot rely on only updating their core financial systems every 10-15 years. Technology and security challenges should be addressed regularly every day. They need to evolve all the time,” said Neshcheret.
It is also important to have standards for secure APIs. Regional cooperation can help achieve this. An example of this is Project Nexus, a collaboration between BIS Innovation Hub and the central banks of Indonesia, Malaysia, the Philippines, Singapore and Thailand to deliver seamless cross border payments in the region.
Similarly, collaboration is also important when it comes to addressing the huge rise of fraud and payment scams. Sometimes it’s about using simple tools to freeze accounts, but there are also initiatives at a government or financial sector level. For example, regulation is progressing in countries like Singapore and Australia, with the implementation of AI and centralized fraud management. Malaysia has a national fraud portal that it claims can locate and retrieve funds, or lock them down within 30 minutes, providing the funds are still in the country.
The future
In the future, AI and machine learning will be game changers when it comes to payment security. AI can analyze data and detect fraud. It can also help people identify and avoid deepfake attacks received via phone calls, and SMS.
Neshcheret believes that the banking industry needs to update its legacy technology as a priority, and greater cooperation with fintechs can help with this.
“I have a feeling that more than half of commercial banks are very much behind in terms of updating their legacy technology,” said Neshcheret.
He also believes it is important for the industry and technology companies to share information more effectively. For example, fintech companies do not always understand in detail how central bank or national payment infrastructure work. They may see regulation as a barrier, when in fact greater collaboration can help in accelerating innovation and in combatting fraud.
Watch the full interview on YouTube
