In The Boardroom With...
Mr. Daniel Almenara
Vice President of Risk Management
Discover Financial Services
SecuritySolutionsWatch.com: Please tell us about yourself, Daniel, about your background and role at Discover.
Daniel Almenara: I am the Vice President of Risk Management at Discover Financial Services and responsible for customer authentication strategy and decision infrastructure capabilities across Discover’s business lines. I develop Discover's infrastructure to manage customer risk and the authentication framework that improves customer experience, while enhancing the security of the company’s online and offline interactions with customers. I have over 20 years of global work experience in Credit and Fraud Risk Management and Risk Operations.
SecuritySolutionsWatch.com: What is Discover's involvement with the FIDO Alliance?
Daniel Almenara: Discover was one of the first companies to join the FIDO Alliance and we became part of the Board of Directors in 2013. As part of the board, Discover has the opportunity to play a guiding role in developing security strategies within the industry and influence the way consumers and businesses transact online today and in the future.
SecuritySolutionsWatch.com: How does Discover's involvement with the FIDO Alliance play into Discover's overall security strategy?
Daniel Almenara: Information security risks for financial institutions have increased and are continuing to increase. Factors include the proliferation of new technologies, the use of the internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of activists, hackers and organized criminals.
Security is a top priority for Discover and the FIDO Alliance. Both are working to make online interactions easier and more secure. At Discover, we monitor our customers’ accounts to prevent, detect, investigate and resolve fraud. We also look to our work with the FIDO Alliance to help inform our authentication techniques and strategies.
Our fraud prevention systems handle the authorization of Discover’s application information, verification of our customers’ identities, sales, processing of convenience and balance transfer checks and electronic transactions. Each and every card transaction is subject to screening, authorization and approval through a proprietary POS decision system.
Discover uses a variety of techniques that help identify and halt fraudulent transactions, including adaptive models, rules-based decision-making logic, report analysis, data integrity checks and manual account reviews. We manage accounts identified by the fraud detection system through technology that integrates fraud prevention and customer service. These strategies are subject to regular reviews and enhancements to enable us to respond quickly to changing conditions, as well as to protect our customers and our business from emerging fraud activity.
Providing a secure environment for our customers to make monetary transactions is of the utmost importance. In this context, the FIDO Alliance’s protocols are a key part of our security strategy. Linking a registered device with a biometric and a cryptographic authentication will allow us to identify our customers with certainty. It will not only make our online transactions more secure but also will unleash a world of possibilities for customized interactions with our customers.
For customers, it will mean not having to remember a complex password. For example, they will be able to login to our Discover.com website using their mobile phones with fingerprint capability as an authentication device.
SecuritySolutionsWatch.com: Speaking of security, what's next in terms of security, in both card-present and card-not-present transactions?
Daniel Almenara: There are a variety of security solutions that are new to the US ecosystem and on the verge of being implemented, including EMV, tokenization and biometrics, to name a few. Discover is on track with the industry to deploy EMV cards and has already implemented fingerprint authentication for select devices. In addition to security, innovation is also a key priority for the company. We consistently work to develop new and innovative ways to engage with customers and make e-commerce more secure.
As EMV cards and terminals are deployed in the U.S., we expect fraud to shift to card-not-present transactions. Recognizing known and fraudulent devices used for online transactions and their associations with their users will be key. It will be possible for a customer to complete a financial transaction online and/or at point-of-sale by the showing of a biometric, such as fingerprint, voice or facial recognition.
The exponential increase in theft of personal identifiable information will also put pressure on call centers as fraudsters revert to more traditional methods of account takeover. The internet has made phone spoofing tools easily accessible to fraudsters. Voice biometric authentication and phone spoofing detection tools will become an industry must have.
SecuritySolutionsWatch.com: I understand that Discover is spending $35 million on EMV cards. Can you tell me about that?
Daniel Almenara: Discover is starting to deploy EMV enabled cards and is aligned with the US industry timelines for implementation. These cards cost significantly more than a typical mag-stripe card. We expect the incremental cost from issuing chip cards and network investments related to EMV to be $35 million in 2015, and to see benefits in terms of lower fraud and expenses occurring over time.
SecuritySolutionsWatch.com: Are there new products/security solutions brewing in the industry that come with the IOT/IOE climate?
Daniel Almenara: The most obvious new security solution in the financial services industry that leverages Internet-of-Things is the smartphone. State-of-the-art smartphones today are supercomputers with large data processing and storage capabilities, connected to the internet all the time, with GPS, geo-location, and biometric capabilities tied to crypto-secure elements. Compared to EMV chip cards, which have limited processing and data capabilities and no biometrics, smartphones are significantly more secure. We are already seeing payment applications that leverage these capabilities.