Events in July 2024 could be likened to a stress test of the global financial ecosystem. Escalating fraud and service outages involving Microsoft operating systems and UK’s CHAPS interbank payment system tested the resilience of banks, enterprises and service providers worldwide.  

Alex Reddish, responsible for international expansion at Tribe Payments, compared payment flows to water, electricity, and other public utilities, which tend to be taken for granted until something breaks. “The CHAPS outage illustrates how much we depend on these systems and the smooth flow of payments, no matter which system they pass through.” 

Recent service interruptions had been caused by third-party service providers, Reddish noted. Microsoft Windows operating systems went dark on 19 July 2024, after security provider CrowdStrike distributed a faulty update to its Falcon Sensor software. CHAPS went down the following day, due to operational difficulties at third-party provider Swift. These events raise questions about legacy systems, he said, and their capacity to manage modern-day commerce. 

Building resilient infrastructure

Thomas Müller, co-founder and CEO of Rivero, observed that recent outages brought down computer systems around the world, impacting banks and payment gateways and causing airlines to ground flights in many countries. “It may still be a while before the financial cost of the outage is totalled,” he said. “However, this incident is a reminder of the need for resilient systems that can withstand faults without causing widespread disruption.”

Building resilient systems may seem daunting at first, but Müller has seen financial institutions update systems without ripping out or replacing existing infrastructure. Each system, built to unique specifications, shares these four essential attributes: 

1. Continuous Planning and Testing: Regularly updates, tests, and refines disaster recovery plans to ensure rapid recovery and minimal downtime.

2. Heterogeneous Environments: Diversifies security and IT environments to avoid single points of failure.

3. Multi-Cloud Approaches: Utilises multi-cloud strategies to increase redundancy and flexibility and reduce service disruption impacts.

4. Process Automation: Deploys chatbots and automated technologies to detect and mitigate fraud, address cardholder concerns and inquiries and deflect and resolve disputes. 

Modern SaaS solutions provide these capabilities without requiring heavy upfront investments and lengthy implementations, Müller noted. Participating banks can be up and running in weeks rather than months by using APIs to extend capabilities and improve efficiencies, he added. 

Achieving and sustaining resilience: the case of fraud and disputes

A recent letter to Merchant Risk Council (MRC) members warned of a recent uptick in refund abuse, first-party misuse, and chargeback volumes throughout the merchant community.  

The MRC advised merchants and solution providers to review current KPIs and velocity checks to identify any changes to transaction flows and to consider adding additional KPIs and velocity metrics to detect repeat refund requests. They also recommended evaluating the percentage of refunds and replacements in total sales, the amount of time that elapses between purchases and refunds, and prevailing reasons for chargebacks. 

“We haven’t identified a specific profile, meaning that the abuse appears to be across all card types, low and high-net-worth customers, card present and card not present, different merchandise categories, etc.” the MRC wrote. 

Müller noted that the collective impacts of these fraudulent activities flow upstream to card issuers, but digital technologies can improve resilience and protect stakeholders from harm. He added, “For example, with our dispute management product, Amiko, we offer card issuers a rule-based virtual agent, which can be integrated into the bank’s app and is directly linked to Mastercard’s Ethoca and Visa’s Verifi.”

The virtual agent can then help cardholders remember the transactions in question by providing additional transaction details, alternative merchant names, logos, and contact information, as well as the device used at checkout. Amiko virtual agent has helped our clients and partners deflect as much as 80% of friendly fraud, simply by sharing transaction data and digital receipts with cardholders.

In addition, advanced, SaaS-based solutions like Amiko enable financial institutions to automate manual dispute case management procedures and incorporate multilingual chatbots into cardholder communications. In the digital-first world, customers appreciate having self-service options for obtaining information instantly, on-demand, and in their native languages. 

Futureproofing operational resilience

The European Banking Authority defines operational resilience as the ability to deliver critical operations through all types of disruptions. Achieving and sustaining resilience requires an appropriate framework, internal governance, and coordinated efforts of service providers and policymakers. With these pillars in place, banks are well-positioned to identify and react to threats, protect critical infrastructure and find teachable moments in disruptive, chaotic events. 

The Digital Operational Resilience Act (DORA) reflects further efforts to legislate and standardise approaches to resilience in the financial sector. Enacted by the European Union in January 2023, and set to become effective in January 2025, the ruling aims at protecting information and communication technology (ICT) across banks, insurance companies, and investment firms, which the EU noted are susceptible to cyber-attacks and other disruptions. 

Noting that ICT supports complex systems used daily and high-level economic activities, regulators stated that these technologies must be safeguarded from threats and disruptions. EU regulators emphasised the need to harden security and improve preparedness across increasingly digitalised and interconnected workplace environments. “While the ubiquitous use of ICT systems and high digitalisation and connectivity are today core features of the activities of Union financial entities, their digital resilience has yet to be better addressed and integrated into their broader operational frameworks.” 

Related articles:

1. Payment Rails vs Payments Schemes

2. European Consumer Payment Preferences Reflect Robust, Diversified Economy

3. 2024 Chargeback Trends: Insights from Industry Experts

4. See firsthand how our SaaS products have fueled success for our clients

5. Rivero in the news: our latest press releases