1
00:00:05,600 --> 00:00:07,920
Speaker 1: Welcome to the Fear and Greed Business Interview. I'm sure

2
00:00:08,039 --> 00:00:11,520
Speaker 1: Ailma more than nine in ten Australians have been personally

3
00:00:11,560 --> 00:00:15,160
Speaker 1: targeted by fraudsters, and one third of us are aware

4
00:00:15,200 --> 00:00:18,600
Speaker 1: of our personal details being compromised in a data breach,

5
00:00:19,040 --> 00:00:22,960
Speaker 1: so it's perhaps understandable that consumers are wary about handing

6
00:00:23,000 --> 00:00:27,240
Speaker 1: over their data online. The challenge for SMBs, particularly in

7
00:00:27,320 --> 00:00:30,280
Speaker 1: e commerce for example, is to make security a top

8
00:00:30,320 --> 00:00:34,839
Speaker 1: priority while also delivering a smooth, easy customer experience. Daniella

9
00:00:34,920 --> 00:00:38,560
Speaker 1: Fernandez is the head of Information Security at PayPal, Australian

10
00:00:38,840 --> 00:00:41,880
Speaker 1: a great supporter of this podcast. Danieller is speaking today

11
00:00:41,960 --> 00:00:45,360
Speaker 1: at the PayPal Connect event in Sydney, highlighting some of

12
00:00:45,400 --> 00:00:48,199
Speaker 1: the research PayPal has done into the way scams and

13
00:00:48,240 --> 00:00:52,760
Speaker 1: fraudulent behavior is evolving and how businesses can protect themselves. Daniella,

14
00:00:52,840 --> 00:00:53,880
Speaker 1: Welcome to Fear and Greed.

15
00:00:54,400 --> 00:00:56,320
Speaker 2: Has Jean great to be here.

16
00:00:56,680 --> 00:01:01,720
Speaker 1: From a consumer side? First, what does the scam look like?

17
00:01:01,800 --> 00:01:02,640
Speaker 1: How are they evolving?

18
00:01:03,560 --> 00:01:08,440
Speaker 2: It's a great questions. Cams today are more sophisticated and

19
00:01:08,560 --> 00:01:12,640
Speaker 2: tailored than ever before. In terms of trends, we've seen

20
00:01:12,680 --> 00:01:16,440
Speaker 2: an increased interest from an industry and government fighting fraud

21
00:01:16,520 --> 00:01:20,880
Speaker 2: and scams. According to Day Triple C in twenty twenty three,

22
00:01:20,920 --> 00:01:24,600
Speaker 2: Australian's laws two point seventy four billion dollars to scams.

23
00:01:25,000 --> 00:01:29,120
Speaker 2: So it is a profitable business and bad actors use

24
00:01:29,160 --> 00:01:33,760
Speaker 2: a rune of tactics to target different people. So how

25
00:01:33,800 --> 00:01:38,120
Speaker 2: does it look like the traditional vision emails to investment

26
00:01:38,400 --> 00:01:42,959
Speaker 2: camps which are very common these days, tricking people into

27
00:01:43,360 --> 00:01:49,160
Speaker 2: fake stock investments, leading individuals to believed they are making

28
00:01:49,280 --> 00:01:54,280
Speaker 2: real profits to later discover their money is gone. Another

29
00:01:54,320 --> 00:01:58,120
Speaker 2: common one from a consumer side, I would say what

30
00:01:58,200 --> 00:02:03,160
Speaker 2: we call romans scamps are particularly targeting all their Australians

31
00:02:03,520 --> 00:02:08,000
Speaker 2: and then the typical you know, parcels that haven't been delivered,

32
00:02:08,560 --> 00:02:12,079
Speaker 2: subscription renewals and also fake invoices.

33
00:02:12,800 --> 00:02:16,160
Speaker 1: What's the difference between fraudulent behavior and scams?

34
00:02:16,760 --> 00:02:19,480
Speaker 2: Yes, scams is a type of fraud, but the key

35
00:02:19,520 --> 00:02:26,120
Speaker 2: difference is that scams trict the user into providing information

36
00:02:26,240 --> 00:02:29,400
Speaker 2: so it looks like a legitimate transaction and it's difficult

37
00:02:29,400 --> 00:02:34,600
Speaker 2: to dispute with some of you know, the traditional organizations

38
00:02:34,680 --> 00:02:38,960
Speaker 2: because fraud, in the other hand, it's something where the

39
00:02:39,400 --> 00:02:44,519
Speaker 2: actual platform has been compromised and it's able to commit

40
00:02:45,040 --> 00:02:46,320
Speaker 2: the type of transaction.

41
00:02:47,040 --> 00:02:50,040
Speaker 1: Who's doing mass of these scams, Who's behind them?

42
00:02:50,639 --> 00:02:56,120
Speaker 2: It ranges. The scammers can be criminal organizations that are

43
00:02:56,320 --> 00:03:00,360
Speaker 2: very large, it can be just people that are taking

44
00:03:00,360 --> 00:03:03,680
Speaker 2: the opportunity. And the thing is that scammers are targeting

45
00:03:03,720 --> 00:03:09,000
Speaker 2: pretty much everyone. If we looked at some of the patterns,

46
00:03:09,520 --> 00:03:13,440
Speaker 2: something that we have identified is that they tend to

47
00:03:13,480 --> 00:03:17,399
Speaker 2: focus on people that are not digital saving so for example,

48
00:03:18,160 --> 00:03:22,840
Speaker 2: all their generations as well as children. They tend to

49
00:03:23,080 --> 00:03:29,040
Speaker 2: also manipulate the challenges of linguistic you know, people from

50
00:03:29,040 --> 00:03:34,440
Speaker 2: different demographics that potentially are more more prompe for those scams.

51
00:03:35,320 --> 00:03:38,400
Speaker 1: Okay, so let's move to the merchant perspective. The cost

52
00:03:38,440 --> 00:03:41,480
Speaker 1: of living crisis mainly small and many sized businesses are

53
00:03:41,520 --> 00:03:43,760
Speaker 1: working really hard to attract customers. They have to they

54
00:03:43,800 --> 00:03:47,440
Speaker 1: can't afford to lose money to fraud and scams. How

55
00:03:47,480 --> 00:03:51,800
Speaker 1: big a problem is it on the merchant side.

56
00:03:51,000 --> 00:03:55,640
Speaker 2: Yeah, it definitely matters for small medium businesses because there

57
00:03:55,680 --> 00:03:58,400
Speaker 2: are a good target as they do not have the

58
00:03:58,440 --> 00:04:03,320
Speaker 2: same resources as large enterprises to invest in security protections

59
00:04:03,360 --> 00:04:08,000
Speaker 2: and detection tools. And of course, the financial reputational impact

60
00:04:08,160 --> 00:04:11,360
Speaker 2: of a single scam or a data bridge can be

61
00:04:11,440 --> 00:04:17,360
Speaker 2: pretty staggering for SMBs merchants. Last year's Cyber Trail Report

62
00:04:17,720 --> 00:04:21,760
Speaker 2: published by the Australian Signals Directorate showed that the average

63
00:04:21,800 --> 00:04:25,400
Speaker 2: cost of cyber crime for small businesses was around forty

64
00:04:25,400 --> 00:04:29,200
Speaker 2: six thousand dollars pair incidents. So if we think about

65
00:04:29,839 --> 00:04:34,840
Speaker 2: SMBs operating on tied budgets, these kinds of losses can

66
00:04:34,920 --> 00:04:39,800
Speaker 2: really hurt get into potential layoffs or tewing down the

67
00:04:39,839 --> 00:04:44,640
Speaker 2: business altogether. And from a reputational risk perspective, if a

68
00:04:44,680 --> 00:04:47,960
Speaker 2: business falls victim to a scam, that impacts the reputation

69
00:04:48,720 --> 00:04:51,239
Speaker 2: a lot. And on top of that, when an SMB

70
00:04:51,400 --> 00:04:55,919
Speaker 2: falls victim of a scam, there could also be a

71
00:04:56,000 --> 00:04:59,840
Speaker 2: huge impact on the disruption of the business comes trying

72
00:04:59,880 --> 00:05:04,040
Speaker 2: to recover from the incident, taking away resources, for example,

73
00:05:04,040 --> 00:05:07,040
Speaker 2: from day to day running of the business itself while

74
00:05:07,120 --> 00:05:09,760
Speaker 2: handling the aftermath of a scamp.

75
00:05:10,360 --> 00:05:12,200
Speaker 1: What are the types of scams that the people are

76
00:05:12,279 --> 00:05:15,400
Speaker 1: running against merchants at the moment, Yes.

77
00:05:15,440 --> 00:05:19,800
Speaker 2: The restaurant, as I mentioned before, the phishing emails for

78
00:05:19,920 --> 00:05:23,320
Speaker 2: fake invoices. One very common that we have seen is

79
00:05:23,320 --> 00:05:28,560
Speaker 2: what we call the business email compromise. So say in

80
00:05:28,560 --> 00:05:31,559
Speaker 2: this case when cammers are sneaking to an email threat

81
00:05:31,760 --> 00:05:36,839
Speaker 2: or impersonate a vendor and send fake invoices. Small businesses

82
00:05:37,040 --> 00:05:41,600
Speaker 2: manage a lot of invoices. If one fake slips through,

83
00:05:42,000 --> 00:05:47,159
Speaker 2: it can cost thousands before anyone notices. And with most

84
00:05:47,200 --> 00:05:50,760
Speaker 2: transactions happening now online, these scamps are happening more often.

85
00:05:51,120 --> 00:05:54,160
Speaker 2: Another classic is again, if we go back to phishing,

86
00:05:54,320 --> 00:05:58,640
Speaker 2: it seems like it's never going away. Cammers send emails

87
00:05:58,839 --> 00:06:02,760
Speaker 2: texts Britain to be from trusted platforms, like say one

88
00:06:02,760 --> 00:06:05,839
Speaker 2: of their vendors, and they try to trig stuff into

89
00:06:05,960 --> 00:06:10,520
Speaker 2: sharing passwords or payments information, and all it takes is

90
00:06:11,240 --> 00:06:14,039
Speaker 2: one employee clicking the wrong link.

91
00:06:14,760 --> 00:06:19,679
Speaker 1: Stay with me, Danielle, We'll be back in a minute.

92
00:06:23,080 --> 00:06:27,080
Speaker 1: I'm speaking to Daniella Fernandez, head of Information Security at

93
00:06:27,080 --> 00:06:31,760
Speaker 1: PayPal Australia. Okay, so, one of the advantages of using

94
00:06:31,839 --> 00:06:35,120
Speaker 1: a platform like PayPal. Then, with all this is background,

95
00:06:35,440 --> 00:06:38,800
Speaker 1: and I'm a merchant, what's the advantage of using a

96
00:06:38,800 --> 00:06:39,800
Speaker 1: platform like yours?

97
00:06:40,560 --> 00:06:43,960
Speaker 2: Yes, particularly for PayPal, because people has a relationship with

98
00:06:44,080 --> 00:06:48,840
Speaker 2: both customers and merchants, and we operate in over two

99
00:06:48,960 --> 00:06:51,720
Speaker 2: hundred markets with an work cover of more than four

100
00:06:51,760 --> 00:06:56,359
Speaker 2: hundred million users or thirty million merchants globally. We have

101
00:06:56,440 --> 00:06:59,880
Speaker 2: a huge data set across our two sided networks. Are

102
00:07:00,040 --> 00:07:02,240
Speaker 2: we to see you know what merchants are doing as

103
00:07:02,279 --> 00:07:06,479
Speaker 2: well as consumers, and these help us to block payment

104
00:07:06,760 --> 00:07:12,360
Speaker 2: fraud and address online crime. Every customer transaction is monitoring

105
00:07:12,400 --> 00:07:16,520
Speaker 2: and heavily guarded behind our advanced encryption to help prevent

106
00:07:16,640 --> 00:07:22,000
Speaker 2: frol and identity theft, and particularly now with prez and

107
00:07:22,080 --> 00:07:24,800
Speaker 2: bins that have a present online if they use e

108
00:07:24,840 --> 00:07:30,320
Speaker 2: commerce platforms like PayPal that have protection dispute automation allowing

109
00:07:31,000 --> 00:07:35,320
Speaker 2: charge BUTD management across payment proseners and also something that

110
00:07:35,360 --> 00:07:39,480
Speaker 2: we call three D secure capabilities which allow merchants to

111
00:07:39,640 --> 00:07:44,760
Speaker 2: enable two factor authentication during transactions to help reduce fraud.

112
00:07:45,160 --> 00:07:50,600
Speaker 2: Also we three D secure through our PayPal Complete payments.

113
00:07:51,160 --> 00:07:55,360
Speaker 2: The liability for charge packs can be cheap from the

114
00:07:55,400 --> 00:07:58,160
Speaker 2: merchant to the car issue bank for example.

115
00:07:59,240 --> 00:08:01,560
Speaker 1: Okay, there's a lot in that. How do you think

116
00:08:01,600 --> 00:08:05,640
Speaker 1: businesses think they're doing? So what you makes What you say,

117
00:08:05,720 --> 00:08:08,800
Speaker 1: Daniel makes sense to me. But if I'm running a business,

118
00:08:08,840 --> 00:08:12,520
Speaker 1: do most businesses think they're doing the right thing? Or

119
00:08:12,880 --> 00:08:15,160
Speaker 1: is it something that bites them eventually? And they realize

120
00:08:15,160 --> 00:08:16,400
Speaker 1: they haven't been doing the right thing.

121
00:08:16,960 --> 00:08:20,840
Speaker 2: Yeah, So it's an interesting question, Seoan. There seems to

122
00:08:20,880 --> 00:08:25,680
Speaker 2: be a disconnect between consumer perceptions about how well businesses

123
00:08:25,760 --> 00:08:30,520
Speaker 2: can protect them online and how actually business feel they

124
00:08:30,520 --> 00:08:33,080
Speaker 2: are doing in this regard. So, based on our research,

125
00:08:33,920 --> 00:08:37,679
Speaker 2: only twenty eight percent of Australian consumers believe that Australian

126
00:08:37,720 --> 00:08:42,880
Speaker 2: businesses can keep their data safe well. On the other side,

127
00:08:43,000 --> 00:08:46,760
Speaker 2: sixty eight percent of businesses claim that they're good at

128
00:08:46,800 --> 00:08:51,000
Speaker 2: protecting their customer's personal information. Now, what I would say

129
00:08:51,040 --> 00:08:55,239
Speaker 2: is the good thing is that nearly all Australian businesses

130
00:08:55,720 --> 00:09:01,560
Speaker 2: have taken a step to strengthen their cybersecurity practices, with

131
00:09:01,720 --> 00:09:05,360
Speaker 2: the top actions, you know, being packing up their data,

132
00:09:06,040 --> 00:09:12,360
Speaker 2: enabling multi factor authentication and obviously encouraging employees to treat

133
00:09:12,480 --> 00:09:15,839
Speaker 2: calls or emails and texts with more suspicion.

134
00:09:17,360 --> 00:09:21,280
Speaker 1: One final question, how do you keep the customer experience

135
00:09:22,200 --> 00:09:28,160
Speaker 1: in security in sync? Because sometimes it's quite jarring that

136
00:09:28,160 --> 00:09:30,960
Speaker 1: you've got to go well, two factor authentication I have

137
00:09:31,040 --> 00:09:32,719
Speaker 1: no problems with. I think that's a really smart thing

138
00:09:32,720 --> 00:09:34,199
Speaker 1: to do, and in fact, it makes me feel good

139
00:09:34,200 --> 00:09:36,000
Speaker 1: about using a platform if I have to do that,

140
00:09:36,240 --> 00:09:38,920
Speaker 1: but at other times it is difficult to have the

141
00:09:38,960 --> 00:09:41,680
Speaker 1: sort of the smooth transition as a consumer working with

142
00:09:41,720 --> 00:09:44,120
Speaker 1: the merchant. How do they manage that.

143
00:09:44,840 --> 00:09:49,359
Speaker 2: Yeah, that's a really good question. And having that balance

144
00:09:49,440 --> 00:09:54,640
Speaker 2: of good security with smooth customer experiences, it's not easy

145
00:09:54,679 --> 00:09:58,880
Speaker 2: to achieve. I think the key is around invisible security.

146
00:09:58,960 --> 00:10:01,920
Speaker 2: You know, security mension is that work well in the

147
00:10:01,920 --> 00:10:05,880
Speaker 2: background so that they can minimize the friction while still

148
00:10:05,960 --> 00:10:10,440
Speaker 2: keeping the data secure. For example, advanced analytics in pro

149
00:10:10,559 --> 00:10:15,080
Speaker 2: detection systems. You know, they quietly monitor in transactions in

150
00:10:15,200 --> 00:10:17,400
Speaker 2: real time and this is one of the benefits we

151
00:10:17,520 --> 00:10:21,000
Speaker 2: have at the PayPal. As I mentioned before, every customer

152
00:10:21,080 --> 00:10:25,760
Speaker 2: transaction is monitoring heavily guarded behind our advanced analytics to

153
00:10:25,880 --> 00:10:31,240
Speaker 2: help prevent fraud. I also very proud that now we

154
00:10:31,360 --> 00:10:35,440
Speaker 2: offer the option to our users to log in using

155
00:10:35,600 --> 00:10:39,720
Speaker 2: past keys, which is a passwordless solution as a more

156
00:10:39,760 --> 00:10:43,880
Speaker 2: secure method of authentication without the hassle of remembering the

157
00:10:43,960 --> 00:10:47,280
Speaker 2: complex passwords, because we know now the passwords one of

158
00:10:47,280 --> 00:10:50,880
Speaker 2: the big issues in terms of security, and this has

159
00:10:50,960 --> 00:10:56,559
Speaker 2: proved to be more secure and offer a better user experience.

160
00:10:57,440 --> 00:10:59,720
Speaker 1: Fantastic Danielle, Thank you very much. For talking to Fear

161
00:10:59,720 --> 00:11:03,280
Speaker 1: and thank you for having me. That was Danielle Fernandez,

162
00:11:03,320 --> 00:11:07,280
Speaker 1: head of information Security at PayPal Australia, a supporter of

163
00:11:07,280 --> 00:11:10,280
Speaker 1: this podcast. This is the Fear and Greed Business Interview.

164
00:11:10,400 --> 00:11:12,640
Speaker 1: Join us every morning for the full episode of Fear

165
00:11:12,640 --> 00:11:15,480
Speaker 1: and Greed Business news for people who make their own decisions.

166
00:11:15,480 --> 00:11:17,320
Speaker 1: I'm Sean aelma Enjoy yourday.