Authentication is the key to fast payment fraud protection while regulations evolve, says Entersekt CEO Schalk Nolte.
As global payments have gotten faster, so too have the speeds of attacks. While international regulators evaluate how to tackle the growing levels of real-time payment fraud, for now, it remains up to innovative fintechs to provide the strongest line of defense for both financial institutions (FIs) and customers.
Around the world, instant payments, real-time payments and peer-to-peer offerings are experiencing strong growth. Unfortunately, FIs are struggling to keep pace with the latest fraud vectors that inevitably follow any new transaction growth. However, new authentication solutions exist today to help prevent these new attacks.
Global growth of instant payments fuels new fraud threats
Nearly 18 million Americans were defrauded through scams involving digital wallets and peer-to-peer payment apps in 2020, says Javelin Strategy & Research. A large part of the fraud has been so-called “authorized” fraud where scammers use social engineering to pose as friends or merchants to trick trusting victims into sending money to their accounts. ACI’s 2023 Scamscope report predicts that Authorized Push Payments (APP) fraud could see losses exceed an eye-watering $3.03 billion in 2027, up from $1.94 billion in 2022.
In the case of FedNow (launched by the Federal Reserve in July 2023 as an option to The Clearing House’s RTPservice), strong anti-fraud measures and a liability model will also become increasingly vital as the service grows.
Federal rules historically required banks to reimburse customers for payments made without their authorization, such as by hackers, but not when customers themselves make the transfer, as they do in APP fraud. However, regulators are now looking to mandate imposter fraud protections, with banks already starting reimbursements for fraud tied to certain payment apps, following consumer protection concerns raised by lawmakers and the federal consumer watchdog.
The problem with APP fraud is not unique to the US. Over in the UK with its Faster Payments scheme, APP fraud and remote banking fraud have also become especially prevalent, amounting to £485.2 million ($629.03 million) and £163.1 million ($211.4 million) in losses – respectively – in 2022. These figures have given both regulators and FIs pause for thought, with Visa research showing that the growing fraud numbers are going so far as to turn consumers off digital banking as a whole.
The UK’s Payments Systems Regulator has already mandated that when APP fraud happens, the sending and receiving firms will both be equally liable (50:50) for reimbursing the customer within just a few days.
And the developing world has not been impervious to the spike in rapid payment fraud. Brazil’s instant payment platform, Pix has also fallen victim to fraudsters looking to cash in on the success of the country’s Central Bank’s initiative. Reports show that the country Brazil experienced total losses due to fraud amounting to an estimated R$2.5 billion ($500 million) in 2022, with a considerable 70% of these cases originating from Pix transactions.
South Africa’s real-time payment system, PayShap, is nearing ten million transactions worth R6.6 billion ($346 million) from two million ShapIDs currently active on the system since its launch in March 2023. While there hasn’t been any fraud reports to date, the industry is preparing for the spikes based on global crime trends in the faster payments space.
Benefits of faster payments also make them an attractive target
With immediate initiation and receipt of payments 24/7, faster payment systems are a compelling offering for small businesses and individuals who are dependent on immediate cash flow. In turn, this creates increased revenue for FIs.
However, it becomes a delicate balancing act for both public and private institutions who want to create an enabling environment for customers, while still ensuring their digital safety. As a global provider to FIs, we are seeing customers realize immediate benefits when adopting real-time payments, but then struggle to keep up with the security challenges when the various fraud schemes pop up just as fast.
The strict service level agreement requirement based on scheme rules mean payment service providers and faster payment system operators have very little time to run the usual fraud checks including vital anti-money laundering or countering the financing of terrorism.
In a faster payment environment, even if fraud is identified, there is almost no time to respond because the recipient has immediate access to the funds and can then quickly move them again to other accounts, including those of money mules.
Another complicating factor is that, unlike card fraud, money illegally moved in a faster payment can’t easily be reversed.
Technology is key while regulations catch up
While the media is filled with the many dangers posed by AI, it is also being deployed to effectively and efficiently fight fraud. Using AI and machine learning, FIs offering instant payment options can calculate the risk posed by transactions and pick up user behavior that is out of the ordinary.
For example, technology is vital when it comes to APP fraud, where it is extremely difficult for FIs to spot and prevent as it’s the customers themselves who make the payment or transfer.
The best solution calls for a multi-layer approach of both visible and invisible security which is much more likely to detect suspicious activity, such as unusually large payments.
To break it down, visible security refers to active authentication steps, such as a customer verifying a large payment via their mobile device.
Invisible security, including behavioral biometrics, uses technology to learn about a customer’s transactional behavior to better determine which interactions are legitimate and which should be flagged as suspicious and stopped before they happen.
While there is no doubt that faster payments are being embraced by consumers, bad actors will always follow the money. There is also a growing agreement from the industry that regulations must shift to accommodate these faster transactions. But regulators can’t be too hasty, and may stifle innovation in their rush to protect the consumer. The solution must lie with a combination of technology and enabling regulation and, until the latter is in place, tech – especially advanced authentication – must lead the charge against this growing fraud threat.
