As faster and real-time payment schemes achieve ubiquity in more markets around the globe, speed is increasingly becoming the standard for payers of all kinds. This new reality isn't without its challenges for financial services providers, however, with security and fraud mitigation among the largest concerns.
By definition, real-time payments give financial institutions (FIs) almost no time to analyze and authenticate a transaction to prevent fraud and other financial crimes. What's more, these transactions are irrevocable, and as fraud losses mount, new questions surface over who holds liability to recoup funds.
The Asia-Pacific (APAC) region is one in which faster payment capabilities are quickly proliferating. Analysts today expect APAC to see the fastest rate of faster payments growth of any other geographic region on the planet, according to a 2018 report. However, as the latest research from FICO's Asia-Pacific operations has revealed, the APAC region is struggling with rising fraud rates as a result of real-time payments adoption — and financial institutions across the region expect that threat to grow.
"The main attributes of real-time payment schemes are speed and convenience," said FICO Asia-Pacific President Dan McConaghy in a recent interview with PYMNTS. "This makes them attractive to consumers and businesses — and unfortunately, also to criminals."
Unwrapping The Fraud Threat
Pointing to FICO APAC's research, which found that 78 percent of APAC banks have agreed that the introduction of real-time payments has resulted in increased fraud losses, McConaghy highlighted an array of areas in which faster payments most dramatically increases the fraud threat. They included authorized push payment fraud, money laundering, and account application and takeover fraud.
What makes these crimes so difficult to prevent in a real-time ecosystem is that transactions are often initiated by legitimate customers and exploited by fraudsters — and it's not only consumers exposing banks to the threat.
"In many Asian jurisdictions, the real-time platforms have already been extended to businesses and governments," McConaghy said. "The [fraud] risks are actually heightened in these ecosystems, as the payouts are potentially larger."
He highlighted common scams, including CEO fraud and invoice fraud, often carried out via the Business Email Compromise (BEC) — in which a scammer imitates a legitimate company executive or trusted supplier to initiate a B2B payment to a vendor. Through social engineering, fraudsters place pressure on their targets to initiate payment immediately and without thinking, McConaghy explained, and once a transaction is made via real-time payments, it cannot be undone.
Adjusting Banks' Strategies
Real-time transactions make it nearly impossible for FIs to catch and prevent a fraudulent payment between the time a transaction is initiated and completed. As such, McConaghy said that banks must take preemptive measures to combat the fraud risk, with machine learning an important part of that strategy.
"It's likely that APAC banks have some of the necessary solutions in place, but they may well need to alter how they are used to take steps to ensure that systems work together across the fraud and financial crime landscape," he said, noting that FIs must elevate their Know Your Customer (KYC) due diligence at the time of account opening. "Ultimately, banks need to stop criminals from benefitting from the money they steal or launder, and this means that they must be prevented from having accounts they can spend or withdraw from."
Using machine learning to analyze patterns can also enable financial institutions to more quickly identify and report when suspicious activity occurs. In the case of push payments fraud, he highlighted machine learning as a tool that can identify anomalous behavior from a legitimate customer, as well as suspicious activity for funds both coming in and going out of accounts, based on historical real-time payments activity.
Sharing The Fraud Responsibility
The rising fraud risk of real-time payments is introducing new questions about liability, noted McConaghy, warning that while banks may not be liable for push payment fraud, allowing customers to bear those losses could be detrimental to that institution's reputation. So, while adjusting anti-fraud tactics and embracing technologies like machine learning can be key to combatting fraud, promoting customer awareness of the real-time payment fraud risks is also an essential component of the security strategy.
"Communication doesn't only mean sending an email or letter to warn of the possibility of such scams," said McConaghy. "In-process communications that highlight risk to customers as they are making transactions are extremely valuable. Fraudsters rely on creating a sense of urgency in victims so that they send money without thinking — anything a bank can do to encourage customers to pause for thought is vital."
The developers and operators of these faster payment schemes have a role to play, too, he added, with service providers able to learn lessons from older networks like those seen in the U.K. McConaghy said that includes the integration of payee confirmation and mutual authentication measures to address the fraud risk before a transaction is initiated — as well as shifting the liability of push payment fraud to the banks, which could motivate FIs to take larger steps in combatting this risk.
With Asia-Pacific's economic growth now the fastest on the planet (even with headwinds from trade disputes), faster payments will continue to play an important role in market modernization. The benefits of real-time payments outweigh the risks, said McConaghy, but that doesn't mean APAC institutions can afford to not prioritize fraud mitigation.
"Real-time electronic payments are a powerful tool for expanding the digital eCommerce ecosystem, and creating new services for both consumers and businesses," he said. "But given the experience in countries such as the U.K., where real-time payments and the accompanying crime have been ubiquitous for over a decade, APAC banks should be aware of the likely fraud and financial crime issues."