Print Icon
Payments under attack!

The goal for payments to remove friction through innovation is counter balanced by the payment business exposure to fraud and cybersecurity. The more digital payments become real time the harder it becomes to stop bad actors causing major business disruption.

When EPA Asia invited the head of security for a major global retail property business to a recent Cybersecurity workshop, he said “its not the threat of a terrorist attack, but the threat of a cybersecurity attack that keeps me awake at night”.

Behind the threats posed to the business there is a greater need for better understanding and awareness of the payment operations, and also the many business risk exposures. All businesses should have contingency plans in place to help with business continuity.

To this end EPA Asia is kicking off a new Cybersecurity project initiative. PayPal are taking the role of Benefactor sponsor of the project. Sorin Toma has joined EPA Asia in the newly appointed role as Head of Cybersecurity. He will be guiding EPA Asia along with the members around specific areas of education, awareness and helping businesses to adopt and improve better security standards.  

In addition we hear this month from David Ojerholm, from the Initiatives group where he also talks about payments fraud.

We invite all of EPA Asia member to join us as we the payments industry raise our standards to help reduce the risks from untoward events.

Payments Scams - financial loss with willing participation  

Last year EPAA published an article by EPAA Ambassador Lance Blockley of The Initiatives Group titled “Scams Are Now Bigger Than Payments Fraud”. Throughout 2020 and 2021, losses from scams have continued to increase rapidly, the opposite of most payments fraud.  

Now 18 months into the Covid 19 pandemic, with all the change it has brought, The Initiatives Group has taken another look at the trends in financial scamming.  

Willing participation  

It is important to note that financial scams are associated with account holders knowingly authorising a transaction. This is different to payments fraud, where the fraudster gains access to account details and, unknown to the account holder, authorises fraudulent payments. When we are scammed, we are “willing participants”.  

Covid-19 Pandemic – the scamming opportunity of 2020-2021  

Covid-19 induced lockdowns, working from home, limited physical access to retail and services have all led to the acceleration of digitisation in our daily lives. Those who were already internet banking, transacting online and participating in social media increased their usage. Those who were not, typically older generations, were forced to become digitally engaged. Criminals took advantage of this digital shift and the heightened fears and anxieties through: 

  • impersonating parcel delivery companies, e-commerce platforms, broadband providers and others;  
  • fake online shopping stores selling products that do not exist or will never be fulfilled, such as cures for Covid-19 and face mask; 
  • imposter scams, involving contact from government officials regarding promises of stimulus relief for individuals and economic relief or loans for small business, or providing links to “more information” where phishing of personal information occurs; 
  • used car sale scams increased rapidly with the growth in used car sales (e.g. sellers impersonating defence personnel being redeployed, as a reason for a quick, too good to be true price sale); 
  • romance baiting, where dating apps are exploited to lure victims into investment scams.  
In the USA, financial losses due to scams increased by 73% during 2020, with imposter scams being 63% of the total.In Australia, just for scams reported to Scamwatch, the YOY increase in value of losses for the first quarter of 2021 was 65%.   
The number of cases in the UK increased by 22% and the value of losses by 5% - compared with 2019/2018 increases of 45% and 29% respectively. The volume and value increasing at a decreasing rate may augur well for the future. Criminals’ use of social engineering tactics through deception and impersonation scams is a key driver of these losses.  

Business email compromise scams (BECS) 
In 2019, BECS became the biggest cause of cybercrime financial losses in the USA, totalling US$1.7bn. At the same time, PWC reported that almost 25% of incidents in Singapore were “relatively low sophistication BECS”, and that criminals targeted financial services companies because victims were likely accustomed to large value transfers, and leveraged victims’ compromised credentials and a lack of multi-factor authentication6.  

There are 3 common scenarios: 
  • Scammers exploit the relationship and trust between companies and their vendors by impersonating the vendor and urging the target to pay invoices to the scammer’s account. 
  • Scammers impersonate senior personnel and direct staff to make scam payments. 
  • Scammers intercept legitimate invoices (usually pdf invoices attached to emails) and change the bank account details for payments.  
In a recent case, the FBI reported the successful sentencing of a Lithuania-based BECS scammer who, between 2013 and 2019, successfully scammed USD120 million from two companies.  

“It was a big, sophisticated research effort,” said Special Agent Jonathan Polonitza, who investigated this case out of the FBI’s New York Field Office. Armed with these details and two years of research, one of the fraudsters simply called the companies pretending to be a vendor. The caller told each company to change their bank account information for an upcoming payment.”

However, incidences of BECS are not limited to business-to-business. In Australia a number of BECS cases were reported where consumers were scammed when making payment for their new Tesla cars.

Rather than enabling final payments through a secure website, Tesla sent the purchasers an email with an invoice for over AUD$70k attached. The email was intercepted by the scammers, the bank details on the invoice were changed, and the customers willingly transferred their payment to the (unknowingly) wrong bank account  -  and then did not get their new Tesla!  

And, for end users trying to avoid being a victim of BECS, we give the final word to the FBI:
  • Enable multi-factor authentication for all email accounts; 
  • Verify all payment changes and transactions in person or via a known telephone number; 
  • Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
Author: David Ojerholm
Director The Initiatives Group, 

Project Meet-Her She Knows Payments has launched on Instagram.

Most likely, 90% of you are now saying - I don't use Instagram - and neither did we - but the thought leaders of tomorrow do. 

More than one billion people use Instagram every month, and roughly 90% of them follow at least one business. 

Follow us on Instagram to see how we are creating a new channel to educate the thought leaders of tomorrow on payments. Share the channel with your staff who are new entrants to the industry or whom inspire to lean in to be thought leaders of tomorrow.

Future Events

Register to get yourself more involved in payments.



APAC Fintech Payments Forum 




Cyber Security - the balance between  Regulations and Security





Blockchain and Payments

Hot Topic Briefing 

  Quote of the Month with Nilixa Devlukia

What is EPAA Forum?

An EPA Asia Forum is the event style used to create the opportunity for a large number of participants to engage and interact around a given area of interest. This is event form is designed to create active participation.  

Format for a forum can be variable, but could include any or all of the following stages: 

  • Opening keynote speech or panel 
  • The delivery of questions for discussion among the forum 
  • Breakout sessions amongst participants with facilitators 
  • Follow up panel with facilitators to discuss conclusions from breakout sessions 
  • Polling of participants 
  • Pre-prepared material to create an active side bar messaging conversation. 
  • Voxpop filming of Q&A 
  • Formal written conclusions of forum agenda, discussions, conclusions and recommendations  

EPA Asia Forum are available for sponsorship.   

Capacity: 100+ attendees  

Content Created: Video/Voxpop/Conclusion Paper  

Platforms used: Zoom or Airmeet 


Past Events

Press "Read More" to check our past event recordings, articles and related materials. 



FUSE – Digital Currency - Annabelle Huang 




Meet-Her She Knows Payments - Blockchain and Payments 




IFF - EPA Global Payments Forum 




FSB: Cross-Border Payments


In a world where online and digital collaboration is increasingly the norm EPA Asia projects are continuing to align more with the trends. Monthly working meetings are being held on the 3 operational projects, as follows :

  • Project Cross-Border APAC : second Wednesday every month
  • Project Digital Identity APAC : third Wednesday every month
  • Project Regulations APAC: fourth Wednesday every month
  • Special project - Meet-Her: This is arranged around the workshop events and is run on selected dates each month.  

To join the EPAA Project Working Group



  • Natalie Fleming (Senior Director - Banking and Regulatory Relations Asia Pacific) Payoneer will be joining our Regulatory Working Group on July 28 as a Guest Speaker. Key theme will be the progress of Japanese Payments Regulations. To join the meeting please contact The Regulations Working Group will also be participating in the FSB Cross Border Payments Target Submission from EPAA
  • The Payments Tracker is now live and EPAA members are being provided access to review. 
  • Corlytics Regulation Tracker Demo video   (email for login access)
  • Regulatory reachout program connected with RBA (Cross-Border Forum) and APEC finance and economic ministers (Open Banking POC)
Working Group Members are:

  • Dr Brad Pragnell (EPAA Ambassador)
  • Zennon Kapron (EPAA Ambassador)
  • Antony Morris (EPAA Ambassador)
  • John Byrne (Corlytics)
  • Mike O’Keefe (Corlytics)
  • Sean Peterson (AMEX)
  • Simone Joyce (FinTech Australia)
  • Steven Chan (PayPal)
  • Amrita Nair (PayPal)
  • Anurag Vasisth (ABP Australia)
  • Thomas Hind (DXC Technology)
  • Sarah Wood (AMEX)
  • Desmond Lim Ching Hau (Ebay)
  • Laura Hu (eBay)
  • Mailu Mizumoto (eBay)
  • Holly Dorber (PayPal)
  • Abraham Teo (AxiomSL)
  • Dom Braun (E6)
  • David Brown (Finastra)
  • John Ryan (Director General, EPAA)



Project Cross-Border Update

Three key focus areas: 

  • Dr Brad Pragnell (EPAA Ambassador), working with Fannette Hsin (Project Director), is leading the EPAA submission to the FSB Cross-Border Payments Targets Submission. You can find the submission here.
  • IIF-EPA Global Payments Forum Workshop to be held on 7 July 2021. "From competition to collaboration, how incumbents and fintechs can work together to solve customer expectations” - A case study investigating Wise and Shinhan Bank. (Read here)
  • Asian Bank Leaders meeting is WIP
  • The APAC Fintech Payments Forum is on the 4 August, where regional fintechs will Airmeet. (Register here)

Working Group Members are: 
  • Fannette Hsin (EPAA Ambassador/Project Director)
  • Amrita V Nair (PayPal – Project Sponsor)
  • Dr. Brad Pragnell (EPAA Ambassador)
  • Melissa Keir (Marqeta)
  • Kenneth Leung (SWIFT)
  • Laura Hu (EBAY)
  • Mishal Ruparel (Banking Circle)
  • Thomas Hind (DXC Technology) 
  • Steven Chan (PayPal)
  • Tom Alaerts (Swift)
  • Stephen Peters (FIS)
  • Katie Mitchell (Nium)
  • Todd Latham (CurrencyCloud)
  • Mailu Mizumoto(EBAY)
  • David Brown (Finastra)
  • John Ryan (Director General, EPAA)


Project Meet-Her She Knows Payments has launched on Instagram.

Most likely, 90% of you are now saying - I don't use Instagram - and neither did we - but the thought leaders of tomorrow do. 

More than one billion people use Instagram every month, and roughly 90% of them follow at least one business. 

Follow us on Instagram to see how we are creating a new channel to educate the thought leaders of tomorrow on payments. Share the channel with your staff who are new entrants to the industry or whom inspire to lean in to be thought leaders of tomorrow.


For more information regarding EPAA Project Meet Her - She Knows Payments




  • The POC was conducted March 19,  in partnership with MAS backed APIX, and run in conjunction with APFF (Asia Pacific Financial Forum), focus on standardisation of APIs
  • Jennifer Harrison discusses the POC.   
  • Follow-up POC event to be planned with APEC regulatory group.



  • White Paper is due for release Q3 2021.
  • Plan for whitepaper release is being finalised.
  • EPAA is looking for case studies showcasing interoperability in digital identity. If you would like to be considered please contact
Working Group Members are: 

  • Rajiv Madane (Project Director, Covr Security)
  • Victoria Richardson (Project Mentor, AusPayNet)
  • Richard Lomas (Citi)
  • CK Leo (FICO)
  • Ian Sorbello  (Transmit Security) 
  • Rob Allen(eftpos Payments Australia)
  • Desmond Lim Ching Hau (Ebay)
  • Mailu Mizumoto (EBay)
  • John Ryan (Director General, EPAA)

To join the EPAA Project Working Group


Members News

Australia's non-bank lender Bluestone Home Loans went live with its new digital lending platform, powered by Mambu


TrueLayer accelerates global expansion with dedicated Australian product and engineering team hiring Tilen Chetty in Sydney as Product Lead and Dan Gaskin in Melbourne as Lead Engineer.


eftpos FinTech Advisory Committee Report


PayPal to research transactions that fund hate groups, extremists


Join Our New Online Community to Fight Fraud & Financial Crime


Nium has become the first Global B2B Payments Unicorn from South-East Asia!



What's On The Horizon...

Open Banking:
Real Time Payments:
Digital Finance:
Cryptocurrency :
Fraud and Financial Security :