Fintech News: Stopping Payment Fraud with ACI Worldwide (CxOTalk #352)

We all use credit cards, we all go to the
bank, and today we are exploring the payment system. First, Mike Braatz, who is with ACI worldwide. First and foremost, we’re a software company,
so we provide technology to the payments industry, the people who want to pay, whether it’s a
consumer in a store looking to buy something or online or a business looking to pay another
business with the sources of those funds which are most of the time in bank accounts but,
with some of the new payment methods, those funds can sit in other places. We basically allow that money to move from
where it needs to be to where it needs to go. We serve all of the participants in the payments
business so, whether you’re a merchant, whether you’re a bank, whether you’re a processor,
or whether you’re a utility which we would call them a biller looking to help consumers
pay their bills online, we serve all of those participants in the payments ecosystem. Our second guest is Dr. David Bray. In addition to different hats that I wear,
I’m with what’s called the People-Centered Internet Coalition. I serve as Executive Director. Vint Cerf one of the co-creators of the Internet,
plus Mei Lin Fung are our co-founders, and we seek to do demonstration projects that
are community-led and measurably improve people’s lives using the Internet. As a first question, could you tell us a little
bit about what are those sources and what are the data volumes we’re talking about here
when you’re trying to help with the transactions and make sense of what’s occurring? Yeah, when we talk about the payments industry,
first of all, it should be noted that there are really, at the simplest level, two types
of payments, right? There’s a cash payment and then there’s everything
else, which we consider to be digital payments. Whether you’re using a credit card, whether
you’re using Apple Pay or some other means of payment, the vast majority of those payments
are digital payments, and that’s a growing percentage of payments around the world. To put some scale to it, in this year, in
2019, globally—let’s just use round numbers—1.8 trillion electronic payment transactions will
occur around the world. To put some scale to that, you divide that
by the roughly 7.5 billion folks on earth. That is, for every person on earth, about
250 transactions a year. It’s not quite one a day, but we’re getting
close, so it’s big and it’s growing quickly. Payments are how commerce happens, right? No matter whether you’re a consumer looking
to buy a good or service, whether you’re a business looking to pay for supplies, or whether
you’re just trying to pay your friends for the dinner out the other night, that’s payments. It’s happening all the time, every day, and
the volumes are massive, so there’s a lot of innovation. There’s a lot of innovation around security
as well, which is, I know, one of the topics we’re going to get into. The threats to the payment infrastructure
are growing and so is the innovation around protecting that infrastructure, those systems,
and that movement of money. Even the cloud; the cloud has become a big
source of innovation where you have participants in the ecosystem, whether it’s a bank or a
merchant who, in the past, wanted to operate their own payment systems for a variety of
reasons, are saying, “You know what? No, we can let some other trusted third party
run that for us in the cloud so that we can focus on what it is we do.” I would say there’s innovation happening all
over. Can you give us a sense? When you talk about the challenges with security,
fraud protection, or things such as that, just how fast do you have to be to make a
go/no-go decision on a transaction and what are some of the approaches you apply to the
data that you can talk about that help inform whether something is suspicious, needs to
be held up, or warrant further examination? Yeah, well, one of the things I like to always
start out when we have this kind of conversation is, the bad guys can try a lot and they only
have to be right once to be successful. The good guys have to be right every time. Of course, no matter how hard we try, that’s
impossible. You talked about the speed of the decisions. One of the things that’s become really important
in the modern payment system is the ability to do real-time threat detection and prevention. In our world, that means for a credit card
payment, just take your typical credit card payment with a consumer standing at the grocery
store. They insert their card. We’ve got about 100 milliseconds to make that
decision. The vast majority of those decisions are truly
go or no-go within that 100-millisecond window. There’s a small percentage of those transactions,
and maybe you as consumers have experienced this, that do get deferred to manual review. We put a bit of a closer microscope on those. That may cause some issues and cause some
friction, which we try to avoid, but it’s fast. If you think about, you’ve got 100 milliseconds
to do it and we’re talking about billions of transactions daily that are happening,
it’s a massively scaled problem. What are the skills internally, when you think
about talent management, that’s required on your side in order to build these kinds of
systems? Yeah, the old way of doing fraud prevention
was heavily reliant on static rules, right? If this happens, then say no. If that doesn’t happen, then let it go. Blacklists and whitelists were common kind
of forms of rules. Given the scale and the speed, we’re much
more reliant on advanced analytics, whether that’s machine learning, whether that’s AI. In order to keep up, for those of us in the
payments business who are the good guys, we have had to invest heavily in data science,
professionals joining our ranks and helping beef up our fraud prevention systems. There are computer science skills that are
very good at building the scale and the security we need to protect those systems. I would say there is definitely a war for
that kind of talent out in the industry and these folks can be very hard to come by. The people can work just about anywhere as
long as they have the skills and the talent necessary to provide their lens, and so it’s
good to hear Mike commenting about data science and machine learning as being something they’re
trying to incorporate. I guess I would just say, are there different
parts of the world where you’re looking for your talent or do you have thoughts about
how you can bring on people of all ages that, if they have the skills, can help with your
efforts? Yeah, I would say, if you have the skills
and the desire, we’re open to it. We’re not necessarily looking for it in specific
regions. We have technology professionals around the
globe. We have offices in 40 countries. I think, if you look at other participants
in the payments ecosystem, not just us, I would say it’s probably similar. They’re just looking for good talent. There’s a shortage of that talent. I love your idea of training up other communities
to help build that talent base. I think it would be a welcome thing not only
in the payments industry but probably just in the technology industry as a whole. Can you classify the kinds of threats that
your systems face on a regular basis? Are there a few different categories? Yeah, I think I would put it in three categories. I think the first is probably what most people
traditionally think of as cyber threats and that’s really either attacks on and thefts
of data or disruptions of the system itself so that the system can’t operate the way it’s
supposed to. Those are traditional cyber threats. The second category is theft of goods or money,
just outright fraud and payments fraud, whether you’re stealing money or stealing goods using
somebody else’s credentials. Then the third area that’s also really important
is anti-money laundering. The bad guys trying to hide the movement of
money because it’s either illegal or it’s supposed to be reported to regulatory authorities
and they want to fly under the radar. Those are really the three big categories
that I think most participants in our industry are looking out for. To get ahead of the curve, with money laundering
or fraud, are you seeing different uses of different currencies, fiat currencies, and
is there anything you’re doing to watch possibly what might be happening in the future with
cryptocurrency since they could be used for fraud or money laundering just as well as
real-world Fiat currencies? Is that something that you’re thinking about
on the horizon? Yeah, for sure, and I think we’ve seen a rise. You mentioned money laundering as cryptocurrency
and moving money around. Certainly, if you go back 15 years, there
was a big push for anti-money laundering regulation and prevention. I think, as an industry, we’ve got it kind
of under control. In the last few years, some of it because
of the rise of some of these new currencies and some of the rise of the new technologies
that are in the hands of the bad guys. We’ve seen a resurgence in AML or anti-money
laundering. That’s absolutely on the horizon. I would say the other thing we’re seeing in
the fraud world is, for those of us in the United States, we’re just now getting used
to the chip technology in our cards, right? That has provided a new and good level of
protection for the use of cards. It’s pushed a lot of the fraud online where
the card isn’t physically present. A bad guy with stolen information can go onto
a website and make a purchase. That type of online fraud, whether it’s traditional
e-commerce sites or even in mobile payments, is really on the rise and is something that
I think the whole industry is reacting to. There is a lot of state-of-the-art happening
to go after that online fraud. What about state-of-the-art among the criminals? What is their level of sophistication in terms
of using automated methods and data such as machine learning and various types of AI techniques? I would say their level of sophistication
is very high. We talk a lot about being nimble and agile
in the technology industry. They are extremely nimble and agile. The other thing they’ve got that we’re somewhat
limited by on the payment side and on the good guy side is, they collaborate. They work together and they specialize. You’ve got guys who are really good at breaking
into systems. You’ve got guys who are really good at stealing
the data. Then you’ve got guys who are really good at
making use of that data. All of them are using automation. All of them are using AI. They’re trying to mimic the behavior of good
consumers so that they are less detected. All of that could be done with technology. Frankly, it’s pretty impressive how well they’ve
embraced it and capitalized on it. That just raises the bar for those of us trying
to protect the system. Are there any examples that you can maybe
reference where something looked like it was benign or something looked like it was something
that was being caused possibly by humans and then, upon deeper investigation, you discovered
that this was something that was either more automated in nature or was something much
more sophisticated in terms of either the criminals and/or possible nation-states doing
something that, at the surface, looked like it was just normal human behavior? Yeah, let me give it a shot. I think one of the things we’ve seen in the
consumer arena that requires a fair bit of sophistication and it also requires some really
unsophisticated last-mile behavior, which is, I think, an interesting combination. One of the things that a lot of merchants
and retailers have been offering in the new digital world is, you can buy something online
and pick it up in the store. What the bad guys have figured out is that
there is a time window that they have to act that has made it very difficult for the protection
systems to kind of figure this out. Basically, what they do is they sit in the
parking lot of a Best Buy. They go online with stolen credentials. They make the purchase and basically say,
“I’m going to pick it up in the next 15 minutes.” They immediately walk into the store, walk
out with a big-screen TV, and they’re off before the system can really realize that
that wasn’t the authorized cardholder. The upfront piece of that to get the information,
to know what their time window is, to know what they need to do to mimic the good behavior
is highly sophisticated. Walking in the store in the next 30 seconds
and walking out with it is unsophisticated, but that’s how they make off with their goods. In terms of automated attacks, are you seeing
that, automated attacks specifically based on machine learning, the availability of data,
and sophistication with data? Given the data breaches that are well-publicized
these days, we’re seeing bad guys develop techniques where maybe they’ve stolen—let’s
just make up a number—five million records. They have developed technology that allows
them to very quickly cycle through those five million records and figure out which ones
haven’t already had the passwords changed or the account holder or the cardholder doesn’t
even know that the information has been breached. They know which websites are vulnerable. They can quickly go to those websites and
cycle through those five million in a matter of minutes. Like I said, they only have to be right once. They don’t have to be right five million times. They get what they’re after. That level of sophistication to be able to
cycle through that volume of data, quickly move on to the next one, and avoid some of
the bot detection techniques that you see on websites is highly sophisticated. They know what types of devices to use to
do this. They know the IP addresses and how to shift
IP addresses very quickly, so it’s a combinatorial sophistication of different techniques and
high volume data. Mike, this is quite fascinating, what you’re
sharing. It is sort of akin to an arms race. I guess my question would be, if you look
to the next five years in the future, three to five years, and you see that, obviously,
these actors that are doing criminal activity will accelerate their activity and their efforts,
what gives you hope that you can share on the good guys side that we’ll be able to keep
up if not find other ways to make sure we stay one ahead of the curve? It seems like you’re guarding a 500-mile goalpost
and all I have to do is kick it in one place. What gives you hope? Our industry is innovating pretty quickly
as well. I think we have figured out that there is
no silver bullet, so you need to take a multilayered approach. Banks, processors, merchants, even, and other
players in the ecosystem have figured out, “Hey, this is an important cost of doing business. It’s not something I’m trying to avoid anymore,”
and that’s not the same as it was. The other thing that gives me hope is, consumers
and businesses have decided they do want to be bothered when something bad is detected
on their account. It used to be, “Hey, that’s your problem. You protect me. You deal with it.” Now, we’re bringing consumers into the loop
and saying, “Hey, allow me to set limits. Allow me to get notifications, whether it’s
a text or an email, when something fishy is going on,” or, “Text me a code before purchases
are authorized on my behalf.” That slight level of friction, which increases
the level of protection, is something that consumers are embracing, so I think that gives
me hope. Then I would say, frankly, the government. We talked about state-sponsored bad guys but,
on the good side, the government has woken up to this problem and I think they can be
a partner to industry to help solve this problem. The payments infrastructure, the financial
services infrastructure, it’s a national asset that needs to be protected much like you’d
protect an energy grid or something else. I think there’s an important partnership there. It is recognizing that, like you said, the
financial infrastructure is a critical infrastructure and it’s vital. The other thing that I also love that you
said is it’s about not introducing a lot of friction, but a subtle amount of friction
that, in our quest to have things become frictionless, we may discover that it slid off the rails. If there’s a little bit of friction that asks
for a one-time code or a notification that you’ve hit a limit and, “Is this really you?” I love that you said that, Mike, because that
really emphasizes how people can take ownership of this and not assign it to solely being
the problem for someone else to solve, that we can all be a part of it in a people-centered
solution. People who have had their accounts hacked
or taken over know what a hassle it is to get back up and running, get a new card issued,
whatever the situation may be. I think part of it is to kind of learn by
experience but, hey, I think we’re in a much better place than we were five or ten years
ago. Mike, you are providing the infrastructure
and a variety of different capabilities to financial institutions. Mm-hmm. The consumer, then, is ultimately dependent
on the financial institutions to implement those features. Yes. How does that balance work? You may provide the infrastructure but if
my bank hasn’t built the software or take advantage of it, I’m out of luck. Yeah. No, that’s true. That’s true. I would say banks and merchants alike have
responded. I think they view security as an opportunity
to build a better relationship with their customers and potentially an opportunity to
differentiate themselves from their competition in how good a job they do with it. You’re absolutely right. It is incumbent upon your bank, your favorite
merchant, or your favorite e-commerce site to implement it. But I think we have moved past the days where
they resisted that and they’ve embraced it. They’re now trying to build out and fill little
gaps. I also think that they are viewing, especially
in the merchant world and the retail consumer spending world, they have seen consumers want
to have that trust, want to have that security that when I go to that website, my information
is going to be protected. They’re using that as an opportunity to build
a closer relationship and have a higher level of consumer engagement using security. We have a question from Twitter. Meghan Windle says, “Real-time payments are
becoming a bigger deal. The Fed just announced its scheme.” More important, “How does the fraud conversation
change when we’re not talking about credit cards, but real-time payments?” It’s a great question. Thank you. Yeah, it is a great question. Yeah, real-time payments are a big deal. Right now, today, they’re a bigger deal in
other countries than they are in the U.S., but it truly is coming to the U.S. I think
the Fed’s announcement that they’re going to stand up their own network for real-time
payments is going to push that along. The thing about real-time payments is, just
as the name implies, the money moves immediately. It settles and clears in real-time. Once it’s gone, it’s gone, unlike other payment
methods, and that does include credit and debit cards and others. There is somewhat of a delay that allows us
to take action and there is a chargeback process if something is determined to be fraud. With real-time payments, it’s gone and it’s
much more difficult, if not impossible, to get it back. That raises the bar on our ability to detect
fraud in that 100-millisecond window because that’s about all we’re going to have. The other thing is, these are truly different
payment rails. In other words, it’s not riding the same network
that your credit card transactions are, and so these new networks have different configurations,
different capabilities. To make fraud prevention work within that
environment, we’re going to have to use different techniques. It is going to create a new arm of the fraud
prevention world as these new real-time payments come on. Luckily, we do have some experience in other
markets like the U.K., India, and Indonesia where real-time payments have really taken
hold. We’re getting our experience that we can then
apply to countries in Europe and the U.S. when that comes on. Going further in that direction, Mike, do
you find that, in those cases where you’re doing real-time payments in other countries,
you’re having to collect additional information in terms of, possibly, is the person willing
to share their location for that time period, that their phone is nearby, or does a one-time
code? Are there other factors that you’re having
to assemble precisely because you have that smaller window and it’s that critical go/no-go
in a much more tight timeframe? Are you finding there are other factors of
data you need to have? Yeah, and the good news is that the new, real-time
payment schemes have explicitly factored that in. Without getting too technical, it’s a new
data standard that allows for much more data to come along with the transaction. That additional data, those additional data
fields, if you will, allow us to do a much better job determining whether this is legitimate
or illegitimate activity. That’s helpful. They were smart when they designed those data
standards that allow us to do that and so I would say the good news is that they built
that into the system and now we can take advantage of it. As far as we’re concerned, when it comes to
detecting fraud, more data is better. Now, because of big data technologies, because
of machine learning, we can handle that kind of scale. The more signals we can get to help determine
whether that’s really you, David, or really you, Michael, hey, we’ll take it. We have another question from Twitter, another
really good question, from Zachary Jeans who asks, “What are the top sources of threats
in terms of, say, countries, regions, or groups that you see? Can you categorize things that way?” We see a lot of fraud from Eastern Europe,
from Brazil, from China. It just happens to be where there are ecosystems
of people who figured out how to do some of the things they need to do to attack the systems. Really, truly, you’re seeing the threats come
from everywhere, but I would say the places I mentioned at the start are where we see
a vast predominance of the fraud coming from. I think there is a lot of discussion. We talked about the bad guys collaborating. Well, collaboration is one thing through dark
networks and other things, but is there state-sponsored attacks going on as well? I think there’s a lot of discussion about
that and I think a lot of smart people who really study this believe that it is going
on as a way to disrupt economies and disrupt systems around the world. It is getting harder and harder to determine
the actual location of where messages on the Internet are coming from. Yeah, that’s why location is one thing. There are other things we can use to kind
of piece together, well, it looks like they’re coming from the same state or the same region,
but are there other things we can use to determine that they’re probably not? If I could pull a little bit further on that
too because, at the end of the day, what you’re talking about is identity online. Yes. Having the opportunity to work with Vint Cerf,
who helped with co-creating TCP/IP, he said, one, TCP/IP was always a draft spec and it
was meant to be updated. One of the things they didn’t include in that
specification was an identity layer. Mike, I’d be interested. In some respects, when you get into determining
is this really Michael, is this really me, is this really you trying to make that payment,
you’re getting into identity. Is that something where you see maybe innovation
in the future might be helping people take back some ownership of what their identity
is online and making sure that it’s truly them when they do financial transactions? Yeah, absolutely. Digital identity is a big issue. It’s actually much bigger than just the payment
system. Within the payment system, there is a concept
that we talk about that we refer to as a token. Instead of your actual card number being used
to flow through the transaction and exposing that card number to all the places where it
could get compromised, it’s actually converted to a code, which we call a token, and that
token can be very closely associated with your digital identity, which represents maybe
more than just how you spend money. There is a lot of discussion about how we
map that token to that digital identity so that we really can verify if it’s you. Listen, if we can really have great confidence
in your digital identity and your payment token, we’re pretty much going to leave you
alone because we’ve determined you’re a good guy. It’s the bad guys we want to focus all of
our energy on. There is a lot of innovation, a lot of investment
going on both within and outside of the payments industry around that concept. This notion of identity is so inextricably
bound to payments. Does that, in effect, mean that in addition
to the mechanics of transferring payments back and forth, you are almost equally involved
in the identity business. Is that a fair statement or not really? The term we use in the payments business is
authentication. Do we know who you are? Are you who you say you are—effectively? That’s identity. The first step in really any payment transaction
is authentication. There are lots of different ways to do that,
some of them involving texting you a code. That’s out of band authentication, but there
are other things like biometrics, facial recognition, fingerprints on your iPhone. That kind of authentication becomes very closely
associated with your identity because it’s literally part of your physical being and
who you are. Yeah, it’s intimately linked. Another question for you, Mike, is, we’ve
seen some parts of Scandinavia and northern Europe trying to move towards truly cashless
societies. Yeah. I’d be interested in your thoughts about the
likelihood of that happening more globally and on what time horizon because there are
some that say, if we move off of cash, in some respects cash is used for a lot of illegal
activities or it’s actually stolen from you because it is hard to track. Do you see cashless societies as something
that’s more likely in the future for other parts of the world? The answer to that is yes. I think the trend is headed that way. It’s probably a long, slow arc globally. To me, one of the most interesting examples
of cashless society and quick movement is India. Within the last couple of years, the very
strong government-led action to move to a cashless society. You’re talking about a billion people who
were heavily dependent on cash and, I think, by all intents and measures, it’s been a big
success. I think it’s been a big success for a few
reasons. One was, the government really got behind
it. Number two, the banks got behind it—maybe
with a little help from the government. Number three, they made it easier on consumers
and merchants to move to cashless. One of the factors that were in play there
was a very high percentage of Indians had a mobile phone. They made it the number payment method, mobile-centric. They have a new payment method that we call
UPI in India, and they made it really easy to access, use, load funds onto your mobile
phone. All of a sudden, every Indian with a mobile
phone in their pocket, which is the vast majority of them, has access to their new, frictionless,
modern, secure payment system. We’ve seen the participation in that system
grow gangbusters and it’s only growing faster and expanding to more and more parts of the
country. It’s been a real success, so I think, if a
country as complex and as large as India can do it, we’re going to see it in other places
as well. One of the side benefits that I know that’s
been seen in India and other places in the world—I was in Afghanistan for a while—people
started receiving their payments directly by mobile phone. Absolutely. Actually, in some case, they came back and
said, “When did you get a salary increase?” and the answer was they had never gotten a
salary increase. It’s just when it was cash, 20% or 30% was
being taken off the top before it ever got to them and they didn’t actually know that
they weren’t getting their whole salaries. There’s a huge benefit to reducing graph as
well when you go to electronic, cashless payments. Yeah, and that feeds one of the goals of this
is raising participation out in the clear banking system. I think if people see those kinds of benefits,
whereas before they may not have necessarily trusted the system, I think they say, “Hey,
there is actually a real benefit for me here,” so I think it’s a win/win. Mike, you spoke earlier about the role of
nation-states using the payment system to try to undermine our economy. We hear so much in the news right now about
fake news and social media, fake social media counts. I’m wondering about the connections between
manipulation using social media and payment fraud, and are there intersections that you
can think of to share with us? Certainly, the technologies, they can use
to accomplish those things. At the end of the day, they’re trying to kind
of sow confusion and create friction, if you will. By using technologies that can do behavioral
profiling and understand how people behave and how people react to certain stimulus,
you might see that in the social media manipulation. Very similar techniques can then be applied
to duping the financial system and allowing the bad guys to commit fraud. I think there is a lot of parallels. If you probably peeled the onion back one
or two layers, underlying that is some very common technologies. We’re talking about machine learning. We’re talking about AI. We’re talking about big data. All of those things kind of come into play
I imagine they sit underneath both. How do you fight the resources of state-sponsored
actors who want to commit fraud, who essentially have unlimited resources at their disposal? It’s hard. I think you’ve got to prioritize, and you’ve
got to figure out. It’s like anything. Anything where there are limited resources,
you’ve got to kind of pick your priorities, place your bets and, so far, the technology
to protect the payment system in the financial services industry has done a pretty good job. Rates of fraud kind of per thousand transactions
have come way down. Unfortunately, the level of attacks has gone
way up. The bad guys are still taking their share. The other thing I would say is, it’s about
taking a multilayered approach. When you’re talking about fighting against
almost unlimited resources who are using sophisticated techniques, you’re going to have to have multiple
layers of defense. Some of it protecting the underlying data. Some of it protecting the applications, and
then some of it protecting where the consumers come into play and I think we just have to
keep investing. It’s going to have to become more and more
a part of our business model in the industry and I think it has. I guess the question from, what motivates
you and what helps inspire you and your C suite team. Is it the fact that, actually, in some respects,
you are the David going against the larger goliath? Having to be both innovative and scrappy,
does that help motivate you? What do you find inspires you and your team? Yeah, certainly. I think, when it comes to fraud prevention,
which is a big part of our business, providing incredibly secure systems to our customers
so that they can grow their businesses, that motivates us. I think the other thing, if we do that right,
if we do the secure part right, we enable commerce to happen. That’s really what we’re trying to do is facilitate
commerce for our customers. Whether it’s a bank or a merchant, we want
their business to thrive and we know that security is a big part of our value proposition
and I think that’s very motivating for us. As we finish up, what advice do you have to
organizations and also to consumers to stay safe? I figure you’re the guy to ask. Continue to invest in it. It’s a multilayered approach. There is no one silver bullet technology or
solution you can use to protect yourself. It’s going to take a portfolio. Get your consumers involved. This is advice to businesses and to consumers. Get involved, meaning, hey, if your bank or
your merchant or your favorite e-commerce site gives you the ability to kind of set
fraud limits and get notifications and get texts, do it. It’s amazing how much more effective a system
is when the consumer is partnered with their financial institution in preventing fraud. That’s another one. I think consumer education is a big part of
it too. We’re still living in days where consumers
are writing down passwords and storing them in their wallets. The more education we can do to kind of prevent
that kind of behavior, the better. When your bank offers you new technology,
whether it’s the chip on your card or something else, take advantage of it. Talking about the need to involve consumers
and consumers to take the ownership to say, “If you have the opportunity through your
bank, through your merchant site, or whatever, the reality is we all have to be a part of
the solution. It can’t just be solved by one individual,
one group, one silver bullet. It’s when the community takes ownership of
this and says, “We want to have better, more trusted commerce as a result, that to me is
the most inspiring thing and that’s why I really applaud what you’re doing, Mike, with
your company. I guess that also raises the question, David. When you talk about the community taking ownership,
what’s the community? Well, the reality is, that may be why you’re
seeing these challenges of what you talked about in terms of polarization, misinformation,
social wedges is, we used to define our community as our physical neighbors. Now that you’ve overlaid the Internet on top
of it, you can know more people online than you do in your immediate neighborhood. That’s calling in questions as to what is
your community? We’ve seen this before when the car was invented. The nation, the United States, and other nations
faced the challenge that they never had before, which is interstate crime could occur. You could actually, physically drive to a
state that you didn’t reside in, do the crime, and then drive back. We had to figure out ways to address that
and part of that was finger-painting and the federal bureau of Investigation, and other
solutions. I think, in this case, the community, at the
end of the day, is going to become a combination of both who you choose to associate with—both
online and in-person, in terms of your activities and your financial transactions, but also,
at the end of the day, I think we’re going to – quite frankly, is discover the community
is ultimately global. It’s all of us on the planet together. I don’t know, David. It sounds good, but I’m so skeptical of this
because, when we have the community, that implies that we all take responsibility and,
therefore, no one has responsibility to do anything. Well, this is it. I would actually say it’s the other way around. When you actually meet with an audience and
say, “Who do you think is going to solve this? Is it the government’s solution to solve it?” Is it the private sector solution to solve
it? Is it micro solutions to solve it? As Mike sort of indicated, they are all playing
parts of it but I think what we’re really facing now in the 21st Century is what I would
call learned helplessness in which people feel like these issues are either too big
or things like that. Definitely, in the example, you’re not going
to do what Mike and his company are doing in terms of all the processes. But if you’re given the opportunity to do
a one-time password for a transaction, or you’re given the opportunity to have a token
that you use to actually authenticate your transactions with a little bit of friction,
but it makes it better. If you choose to make that very simple, probably
no more than ten-second decision of your time, you will have better outcomes than if you
choose to do a completely frictionless solution where you don’t want to have any involvement
with a one-time password or some sort of token and then you’re surprised later when somebody
has actually done something fraud in your name. It’s not asking a lot of us but it is saying
that you can be a part of this larger ecosystem in helping to move things forward. Well, you know, speaking as a consumer, I
have people in various parts of the world that I employ and that I pay. Of course, I’m always scared about the money
going out into the ether or giving some payment company, intermediary, access to my bank account. But on the other hand, it’s also such a hassle. Every time I make certain types of payments,
I get interrupted. Then sometimes the credit card company construes
it. It’s a separate issue, but it’s kind of related. Construes it as a cash advance, which means
I’m now paying cash advance interest rates as opposed to a payment for a service. I haven’t lost any. I haven’t personally. I’ve lost my identity many times to data breaches,
but I haven’t actually been personally compromised my accounts. I guess the system is working well. Mike, it does remain a hassle, though. Yeah, well, I think it does go back to the
point I made about, hey, those companies that you’re doing business with that make it a
hassle that you find unacceptable, they have an opportunity to actually fix that and to
use that as a differentiator and a reason why you would continue to do business. They’ve got to make that better, right? There are ways to have relatively frictionless
experience for you, as the consumer, and still be highly secure. I think the companies who are figuring that
out are the ones that are ultimately going to do very well and secede in their markets. Michael, one question I would ask you real
quick is, you’re walking in a dark alley in a place that you don’t know and you feel somewhat
unsafe. What would you rather have in your back pocket:
$10,000 in U.S. cash, or electronic payment, app, or card? Which would you prefer to have? Yeah, that’s an easy one. Of course, I’d want a digital payment. [Laughter]
[Laughter] Yeah, so I think that gets to Michael’s point, which is, yes there are opportunities
to reduce friction and there may be some things in our household, but we are still, generally,
moving forward in a progressive direction that is making the world – like you said
– reducing fraud. The challenge is, of course, the bad guys
are increasing their volume, but reducing the incidents of fraud overall. Yeah. Well, there’s certainly no doubt about that. With that, we are out of time. I would like to thank our two guests today,
Mike Braatz is with ACI Worldwide. David Bray is with People-Centered Internet. Gentlemen, thank you so much for joining us
today. Thanks, Michael. It was a pleasure. Thanks for having me, Michael. Everybody, you’ve been watching CXOTalk. Subscribe on YouTube and hit the little subscribe
button our website and subscribe to our mailing list. We’ll see you again next time. Thanks so much, everybody. Have a great day. Bye-bye.

Leave a Reply

Your email address will not be published. Required fields are marked *