An Insider’s Take on Processing Instant Payments Securely

Executives reported a 73% increase in P2P fraud and 44% in instant or real-time payment fraud in the last 12 months, according to PYMNTS data. In this month’s “Digital Fraud Tracker®,” DataVisor CEO Yinglian Xie explains why firms must include security and automation by design as there is no margin for error in real-time transactions.

DataVisor - Digital Fraud Tracker: Instant Payments Fraud Reaches The Tipping Point - December 2022 - Explore the importance of recognizing instant payments fraud and fighting it head-on, as well as what banks and companies can do to protect their clients

Christian Santaniello, senior vice president and head of commercial deposits and treasury management at Axos Bank, tells PYMNTS how his bank ensures that instant payments are safe and secure.

Instant payments have many advantages over legacy, slower payment methods. They are also a prime target for scammers looking for a quick way to defraud businesses, banks and consumers — sometimes to the tune of millions of dollars. After hearing stories of instant payments gone wrong, some people feel anxious about making payments this way.

“Some of it is just learning the nuances around instant payment rails and understanding how they may be different from [legacy payment technologies],” said Santaniello. “There are certain [situations where] just the idea of instant and irrevocable payments can be intimidating.”

Building a strong technological infrastructure and educating businesses and consumers about how to use instant payments the smart way can help.

Quality IT integration is one of the most important parts of successful instant payments. Some third-party software is still built with legacy payment systems in mind, Santaniello cautioned, so it is vital to make sure any of these applications are modern and ready for instant payments. Additionally, it is important to employ people and programs that are familiar with each customer’s payment habits and are trained to spot suspicious activity. Axos uses automated software to flag potentially fraudulent payments and then has employees familiar with the accounts review the payments to make the call about whether or not to put the brakes on them.

“We use a combination of in-house and partnership technologies that help establish controls around every aspect of the payment from the point [at which] the person or system is logging in until after the payment [is made],” he said.

Doing this allows Axos Bank to examine anomalies with respect to payment patterns, catching fraud or errors early in the game.

Axos integrates with third-party software companies that use application programming interface (API)-based wire origination to streamline payments and make them more secure.

“One of our specialties is connecting right into the ERP system to allow origination and time reporting through API-based services back to the system of record,” said Santaniello. “It makes existing payment rails a little bit more efficient and speedier with respect to the user.”

For this secure infrastructure to work, everyone involved must be educated on protecting themselves from fraud — especially from getting tricked into sending money to bad actors.

“We can have the most secure pipe in the world between the business and the bank, but if you send good instructions to a bad person, it isn’t achieving the goal.”

The most common form of instant payment fraud is when a company sends a legitimate payment through an app or transfer, but this payment goes to someone who has promised a good or service they do not plan to fulfill, said Santaniello. The key is to educate consumers and businesses about the realities of fraud and that instant payments are just that — instant — and cannot be recalled.

Santaniello and his team have made it a point to educate as many of Axos Bank’s customers and potential customers about these risks as possible, he said, offering in-person consultations and periodic webinars on topics such as cybersecurity. The issues are almost always preventable through education, he said.

“We hear very little about these major payment rails being hacked or having security concerns. It’s more around scenarios where someone gets deceived into sending a payment to somebody they shouldn’t.”