NextBillion - An Initiative of the William Davidson Institute at the University of Michigan

The world has progressed a long way down the path to global digital and financial inclusion. Access to cell phones is almost universal, even in remote villages, and access to mobile money is spreading rapidly.

The next logical step is payment interoperability, in which different financial services providers’ payment networks are connected to allow for transactions to take place between users of different systems. Without interoperability, you have “closed” systems, where users can only transact with others who have an account on the same system.

However, there are huge risks involved in connecting one financial system to others, and these risks have the potential to be so damaging that the companies involved may not survive. I am talking specifically about payment fraud, and the sheer scale of damage that can result from a major fraud attack.

Financial inclusion is far too important to allow it to falter from lack of preparedness. As a technical expert in payment infrastructure, I understand the risks involved, and the steps necessary to minimize payment fraud and make it manageable for all concerned. In this article, I’ll discuss some of those risks, and describe some ways the industry can guard against them.

The Payment Infrastructure Industry is Unique

First, some background: Just over 30 years ago, I started working in the credit/debit card payment industry. I immediately discovered that its priorities and expectations were completely different from any other industry. One of the first projects I worked on was to enable a bank to have two production data centers running in parallel. I built an interface between their two data centers that would duplicate transactions in real-time. That meant that, even if one data center was completely destroyed, the other would be able to run everything without interruption, and no transactions would be lost. Having two parallel data centers in the ‘80s was staggeringly expensive to achieve, opening my eyes to the priorities the bank placed on protecting their specific system.

My understanding of the uniqueness of payment processing grew as I worked for different types of organizations in the payment industry, each with their own priorities and challenges –from big banks and major retailers, to payment hubs and payment software vendors.

I founded Clear Purchase with the intent of making a range of financial services available to the poorest people on the planet. One crucial element of this work is understanding and minimizing the risk of fraud. Let’s explore some of the reasons it’s such a high priority for Clear Purchase, and why it needs to be a much bigger concern among the broader industry.

Why the Focus on Payment Fraud?

There are many challenges involved in offering financial services, especially when payment interoperability is involved.

For almost all of these challenges, the problems are well-known beforehand. The costs involved in mitigating a problem are easily determined, and a logical decision can be made as to when it’s time to address that particular problem.

The difference with payment fraud is that by the time it happens, it’s already too late.

It is impossible to build perfect systems, so there will always be “holes” that allow for fraud. And we generally cannot know about a hole until the systems are already running in production, and the hole has been discovered by others and exploited. At that point, it’s impossible to shut down the relevant systems, as so many people are relying on them. And I know from experience that few holes can be fixed easily, while some cannot be fixed at all. A financial services company and its customers may all be stuck with ongoing fraud for a long time.

That’s why fraud must be considered before a system goes live, and every effort made to avoid potential vulnerabilities – and minimize the scale if it happens.

Payment Fraud is Huge

There are two types of fraud: The first is committed by individuals when they see an opportunity, and usually involves a few transactions here and there until it is stopped or the perpetrators are caught. This is important and must be prevented and minimized as soon as possible. However, unless it is ignored, this type of fraud will not destroy companies.

The second type of fraud is the one to be afraid of: It is committed by major international crime organizations that have been successfully attacking well-established financial systems, despite the vast amounts spent on protecting them. This is “big business” for these criminal enterprises, amounting to over $20 billion in fraud committed every year – a number that’s steadily growing. The two sides have been in an ongoing battle for decades, with the criminal organizations finding/creating new security holes, forcing the payment systems to continually address them.

When a new vulnerable target appears, once it has grown big enough, these criminal organizations will pounce.

Interoperability Creates a Major Target

For the criminal organizations, a closed system is of little interest. Closed systems are relatively easy to protect: A breach can generally be identified and fixed fairly quickly, and the fraud can often be reversed.

But everything changes the moment these systems become part of a network. A single intrusion anywhere in the network could affect every system in it, so the network as a whole becomes a huge target. With the entire network to target, criminal organizations will target the weakest link in the transaction chain. A major attack at one point can lead to customers throughout the network suffering the consequences.

When they attack, these organizations will not target a small number of accounts: An attack could easily result in 1 million fraudulent transactions happening all at once. This may sound like a ridiculous number, but it is not. When the Target retail chain here in the U.S. got their system hacked in 2013, 40 million credit/debit card numbers were stolen.

But the situation can get even worse: It may take several months or even years for a security hole to be fully fixed, as the hole must be found, a fix developed, and then a coordinated upgrade conducted by every single system in the network. Meanwhile, the criminal organizations will happily continue taking advantage of the security hole in the network, while they are also looking for the next one (or creating it).

This reality should terrify those banks and mobile money operators in developing countries that are considering – or already implementing – interoperability.

However, they can also be comforted by the knowledge that the current targets of this type of fraud here in the West have been able to manage it sufficiently to remain extremely profitable, and will continue to do so into the future. This suggests that mobile money operators and conventional banks in developing countries can move toward interoperability safely, if they’re sufficiently prepared.

The Real Cost of Payment Fraud

Perhaps surprisingly, the real cost of payment fraud to a provider is not the fraud itself.

By far the biggest cost is fraud management. That’s because companies have to employ lots of people to answer unhappy customers’ calls, and then involve all the other parties in the transaction chain to figure out the cause of the fraud, and either reverse the transaction or figure out who is going to take the hit.

The need for this type of fraud management is important for emerging or newly interoperable payments providers to consider. Let’s consider a major fraud attack, where 1 million people have had their accounts affected, all on the same day. Are companies in developing countries prepared to handle that scale of fraud, with that many unhappy customers calling up at the same time demanding to know where their money has gone? Would these companies be able to survive a single major fraud attack like this?

The Dangers of Open Source

With the stakes this high, and the cost of failure this potentially catastrophic, it’s essential for payments providers in emerging markets to act with extreme caution when implementing interoperability. And this can impact the decisions they make throughout the process.

For instance, there are incredible benefits to using “open source” code. The sharing of technology reduces the cost of adoption, and the sharing of experiences, enhancements and fixes reduces the individual costs of maintaining systems.

However, financial payment processing is not the right industry for open source approaches, especially if it involves interoperability. It encourages those with insufficient applicable experience to enter an industry they do not fully understand.

Think like a criminal organization that has been involved in large-scale payment fraud for decades. With their years of experience, having access to the core code makes it easy for them to identify existing security holes. In addition, the very nature of open source software allows them to introduce new security holes disguised as enhancements or fixes, with the intention of exploiting those holes several years in the future with massive attacks.

The Trouble with Mojaloop

That’s the reason I’m worried about the emergence of Mojaloop.

Mojaloop is an open source payment interface intended to help financial services companies, government regulators and others address the challenges of interoperability in their digital financial inclusion efforts. Launched by the Bill & Melinda Gates Foundation in 2017, the software aims to provide “a reference model for payment interoperability between banks and other providers across a country’s economy” – in other words, it’s basically building the interface code to process financial transactions between separate systems. It’s available free-of-cost for software developers to adapt, and for banks and other financial service providers and companies to implement.

The idea of building a Mojaloop interface is fantastic: to create a standard means for every financial system to talk to any other financial system. This is incredibly valuable – many of the huge organizations I have worked for in the past have had 10 or more connections to other financial system, each one with a different communication method, as well as a different message structure. I know how much work it is to manage this level of variety, and how much easier it would be if they were all the same.

In addition, the Gates Foundation has done very well with the Mojaloop interface module, with its integration into the internal processes of each system: The interface development has been provided by several extremely proficient companies.

Unfortunately, the decision to make Mojaloop open source is of grave concern – especially because it seems to encourage users to view it as a full payment system when in fact, Mojaloop is a partial product. What is missing is a sophisticated payment hub (for routing transactions to the correct destination), and extensive payment-specific security.

These oversights are understandable, since the Gates Foundation did not, to my knowledge, utilize a technical expert in payment interoperability to guide their development of the software. But they’re also a grave mistake. It would be a tragedy if their excellent work on Mojaloop, which has the potential to massively accelerate the financial inclusion movement, instead ended up causing massive harm.

A major fraud attack on Mojaloop could do substantial and long-lasting damage – not only to the providers and customers who are using it, but to the entire financial inclusion industry, whose success depends on gaining the trust of new digital finance users around the world. Other countries that want interoperable systems are watching what’s happening with platforms like Mojaloop – if a massive fraud attack were to bring down a major payments player through security weaknesses in that platform, it could scare away other governments and companies that are currently working toward interoperability.

Proceed with Caution

The financial inclusion movement is at a vulnerable point. We have come so far, and the biggest steps have already been taken – from cell phone penetration to the spread and adoption of mobile money.

The next logical step is payment interoperability – which is already starting to happen. But if it’s taken carelessly, this step could result in major payment fraud attacks, and potentially the destruction of multiple mobile money operators. This could stall the entire movement for years to come.

It’s essential for the industry and its key stakeholders to take this treacherous step safely, leveraging both security best practices and the advice of payment infrastructure experts. If we can navigate the transition to interoperability in digital finance, universal financial inclusion will finally be within our grasp.

Nick Brown is the founder of Clear Purchase, Inc.

Photo courtesy of ICT4D.at.