Who better to provide an enlightening talk on payment security than the FBI security adviser and former master of identity fraud himself?
I was privileged to hear firsthand from Frank Abagnale at a talk hosted by Pay360 on the 3rd day of his London tour. Frank, of course, is infamous for his audacious impersonations of a pilot, doctor and lawyer, as set out in his biography (and subsequent film and Broadway show) Catch me if you can.
Introducing Frank was his long-time friend and business partner, cybersecurity expert Ori Eisen. Ori is the former Worldwide Fraud Director for American Express and founder of Trusona, the leader in passwordless two-factor authentication ventures, for which Frank Abagnale is an adviser.
Frank is spearheading the campaign to put an end to password use, a concept he’s been passionate about for many years. “Passwords date from 1964 – I don’t need to point out how absurd it is that we’re still using them to protect ourselves over half a century later, with all the technology advances – and threats – we’re subject to today,” he said. “Moving away from passwords makes the world much safer, and provides tremendous convenience and security for customers.”
“I’ve been consulted on every major breach in the States in the last 40 years and over 80% of these were caused by stolen or weak passwords. Every breach occurs when someone in a company either fails to do something they were meant to, or does something they weren’t meant to. Hackers just sit tight and wait for that door to open.”
Frank has been an adviser to the FBI for 43 years now – much, much longer than the teenage exploits captured by the movie – and his passion for protecting organisations and people was evident throughout his talk.
He spoke about his role with the American Association of Retired Persons, a not-for-profit organisation which provides services for older Americans. When they surveyed their 38 million members to discover their greatest fear, the answer was ‘being a victim of fraud’, so Frank developed educational materials to help protect them from crimes such as email and romance scams.
Frank warned against trusting ‘the personal touch’ when it comes to emails requesting bank transfers or financial information: “A frequent danger is where, say, a director may post a message about having dinner with colleagues, which leads to an email being sent to those colleagues the following day, thanking them for a great evening and asking them to wire £35,000 to a charity. It’s all so believable: the recipients see the personal reference and assume it’s genuine, but it’s only too easy for anyone to use social media to provide that context. We live in a ‘too much information’ world.”
“Luckily more and more people are aware of this and where, say, an investment banker gets an email supposedly from a client saying, “Great game yesterday, please go ahead and wire the money etc”, the wise advisor will call the client to check if they actually sent it. Taking those few seconds to check can prevent disastrous financial consequences.”
We also had the benefit of a talk by John Heaton-Armstrong, previously Senior Associate at identity technology pioneers Raidiam and now Chief Information Security Officer at Account Technologies. John is renowned for being at the forefront of the UK's Open Banking initiative, including leading many organisations in their introduction of strong customer authentication (SCA) services. He explained the theory of open banking as being that when a customer interacts with a bank, the data generated is able (with permission) to be shared with another organisation of the customer’s choosing. He discussed the issue of data ownership, and the complexities of different jurisdictions around the world, with different discretions on how the bank shares that data.
John emphasised that this is why an extra level of security around information is needed, such as biometric authentication (i.e. fingerprint or face recognition) or possession of a device where the possession can be dynamically confirmed, perhaps by means of a sim card or encrypted token. He also made the point that: “…rather than increasing friction, this type of authentication provides a much better user experience than the horrible process of remembering passwords.”
John explained how this will change the market: “Historically, user experience hasn’t been an area for banks to compete on – competition has largely focused on price and scale. Now however, improved user experience, such as a more secure, streamlined payment journey, is having much more of an impact. Particularly at a time when debt market spreads are incredibly tight.”
Following Frank and John’s insights, we took part in a series of workshops looking at different fraud solutions, including those provided by Trusona, Raidiam and our award-winning Optimize fraud and risk management platform.
We wrapped up the morning with lunch and a Q&A panel session where the question on everyone’s lips was put to Frank: Was he happy with the dramatization of Catch me if you can?
Frank confirmed Steven Spielberg did ‘a great job and was as accurate as he could be’: the three FBI agents involved in bringing Frank to ground oversaw a good deal of filming. There were only a few minor discrepancies and I could list these…but I strongly recommend reading his book to find out!
Most touchingly, three different presidents have offered Frank an official pardon but he feels no piece of paper can absolve him – he’s certainly not proud of his early adult life. He’s grateful to have been able to pay everything back and of being personal friends with FBI agent Joseph Shea (played by Tom Hanks in the movie) for over 40 years before he died a few years ago, at 88 years.
Frank believes, “Education is the most powerful tool in fighting crime”, something I wholeheartedly agree with. For those interested, Frank has set up a website containing a wealth of resources for individuals and organisations looking to learn more about fraud prevention and how to best protect themselves.
If you’re looking to better protect your organisation from payment fraud and optimise your business revenue, take a look at our powerful fraud and risk management platform or get in touch for a chat with the Pay360 team.