These days, we pay for more and more things remotely, either online or over the phone. However, these transactions are susceptible to cybercrime. In this featured stock story, Castlefield's David Gorman explores how AIM-listed digital security specialist Eckoh PLC (within our AIM Portfolio) is helping business to protect their consumer data in order to combat cybercrime and online fraud.

The FinTech (financial technology) revolution has brought amazing benefits for both businesses and consumers. The pandemic and the whole work-from-home revolution, enabled by technology, have driven us towards paying for more and more things remotely – online or over the phone. This method of payment is now so common that being able to offer Card-Not-Present (CNP) payment methods to customers is essential for all organisations - whether they’re taking holiday bookings or utility bill payments. Consumers would be  surprised and disappointed if this option was not available. However, there is a problem with this frictionless way of paying for goods and services – it is susceptible to fraud.

In our technology-driven world, Cyber & Digital Security is critical because it protects all kinds of data from theft, damage or misuse. In fact, Cyber & Digital Security is one of Castlefield’s positive investment themes; the theme encompasses companies offering products or services which support consumer privacy and digital security and might also include the development of secure digital infrastructure.

Cybercrime has become industrialised and is usually committed by organized crime groups and today’s cyber threats come from bots and other AI as well as from sophisticated human-initiated attacks. Most Card-Not-Present fraud is done by organized crime operations and it is highly lucrative, meaning that fraudulent attacks are becoming increasingly sophisticated and complex, with the style of attack  evolving on a daily basis. In the case of Card-Not-Present fraud, cardholder details are typically stolen electronically through a Phishing scam, theft of credit or debit card information or merchant database hacks. Typically, once criminals have stolen the victim’s card information they will use it to set up recurring payments, make purchases, buy gift cards or purchase cryptocurrency.

Card-Not-Present fraud is something all organisations must be aware of as it is the merchants who often end up paying for it because banks and credit card companies tend not to hold cardholders liable for fraudulent activity conducted on their accounts. Therefore, CNP fraud can badly damage smaller businesses.

This is a big problem. An estimated $200 billion will be lost to online payment fraud by 2025.[1] In the US alone, it is estimated that Card-not-present payments fraud loss will be $9.5 billion this year, rising to $10.2 billion in 2024. CNP fraud is expected to make up 74% of all fraud by 2024—up from 57% pre-pandemic.[2] In the UK in 2020 Card-Not-Present fraud constituted 85.3% of all card fraud reported[3]. Card-Not-Present fraud will continue to skyrocket as fraudsters see an opportunity online and increase attacks to seize it. That means issuers and merchants need to think hard about prevention strategies.

So merchants (i.e. those receiving a payment) have a dilemma. Card-Not-Present payments have become the norm but, on the other hand, merchants offering the CNP payment option lay themselves and their customers open to attack by cybercriminals. Merchants therefore have the challenge of offering the option of secure payment but without too much “friction” in the transaction, friction caused by security checks and payment approval procedures. Such friction and delay tends to irritate those trying to pay, putting them off using that site again.

Successfully supporting merchants in this tricky area of commerce is Eckoh PLC, based in Hemel Hempstead. Eckoh is a global provider of Secure Payment products and Customer Contact solutions, to  an international client base. The company's clients come from a broad range of markets  including government departments, telecoms providers, retailers, utility providers and financial services companies. The client list contains many household names. We own AIM-listed Eckoh shares in our CFP Castlefield Sustainable UK Smaller Companies Fund.

Eckoh’s technology makes it possible for businesses to remove the burden of lengthy, manual processes related to consumer data protection, regulatory compliance and security. The technology allows clients to improve efficiency, lower operational costs and increase customer satisfaction by providing a true Omnichannel experience.

The Group’s patented Secure Payment products help organisations reduce the risk of fraud, secure sensitive data and comply with regulations such as the Payment Card Industry Data Security Standard (“PCI DSS”), the UK’s General Data Protection Regulation (“GDPR”) or the US Consumer Privacy Acts. Eckoh products prevent sensitive personal and payment data from entering IT and contact centre environments when customers make payments for goods and services.

To help both customers and merchants, Eckoh can secure all engagement channels including payments made over the phone through a live agent or an automated system, on the web or a mobile, or through a web chat or chatbot. Its Secure Payments products are straightforward to deploy as they require no change to clients’ existing processes or systems.

The Group’s Customer Contact solutions help organisations transform the way they engage with their customers. Eckoh’s proposition enables enquiries and transactions to be performed on whatever device the customer chooses, through any inbound communication channel and it allows customers to self-serve or to engage with a customer service advisor.

For most of us, paying for things online is now commonplace and it’s important that our personal payment information is properly protected, so it’s pleasing that companies such as Eckoh are here to help consumers and merchants keep their data secure.

Written by David Gorman

[1]Card Not Present Fraud - Fraud and Identity in Focus (lexisnexis.com)

[2] Spotlight: US Card Payment Fraud Losses Forecast 2022 - Insider Intelligence Trends, Forecasts & Statistics

[3] Card Not Present Fraud - Fraud and Identity in Focus (lexisnexis.com)

Information is accurate as at 24.03.2023. Opinions constitute the fund manager’s judgement as of this date and are subject to change without warning. The officers, employees and agents of CIP may have positions in any securities mentioned herein. This material may not be distributed, published or reproduced in whole or in part. With investment, capital is at risk.