Real-time schemes represent significant changes to the world’s existing payments infrastructure. Businesses and merchants can use these systems to quickly access capital and gain better financial outlooks, while freelance and gig workers can use them for faster wage access.
Though these systems have clear benefits, they also create new opportunities for fraudsters to steal funds and digital identities. Bad actors can utilize ATOs and application fraud to take advantage of real-time payments rails and access stolen funds. The following Deep Dive examines the different ways fraudsters use such systems to commit crimes and the solutions that could keep funds safe.
Understanding Real-Time Payments Changes
Disbursement speeds are likely to increase significantly as countries around the globe launch real-time payments systems. The Clearing House (TCH), which is owned by 24 large U.S. banks, launched its real-time network in 2017, marking the first upgrade to electronic payments in the U.S. since the launch of the Automated Clearing House (ACH) nearly 40 years earlier.
Last year, Australia launched its New Payments Platform (NPP), which was developed by the Reserve Bank of Australia in collaboration with the nation’s Big Four banks. As soon as the service went live, users could make instant payments between bank customers and other financial service providers.
On top of real-time payments platforms, new settlement methods – including mobile wallets and P2P payments providers – enable users to use either cards or ACH transfers to quickly send funds. These offerings are popular with users because they can instantly send money without having to write checks, count cash or visit ATMs.
While transfers made using these systems are instant, they do not clear nearly as quickly. In the U.S., ACH transfers take up to three days to settle, while card payments could take weeks. As such, it’s easy to understand the benefits of real-time payments. A closer look at fraudulent activities, however, reveals how bad actors use these systems to steal both information and money.
Real-Time Payments Open New Doors for Fraud
Account takeover (ATO) fraud is highly popular among bad actors who take advantage of real-time payment systems. During ATOs, fraudsters assume control of accounts and use them to move money, and legitimate holders who do not regularly access their accounts might not even be aware their funds are being stolen.
It’s also possible criminals might persuade legitimate users to give them their account details, enabling them to transfer money. This allows fraudsters to cloak the sources of their funds from authorities as they quickly move them between different accounts. In some cases, legitimate users might even be tricked into transferring their money to fraudsters of their own accord. These “money mules” are deceived into thinking they are helping people in need, or that they will receive payments for small tasks.
In the U.K., the use of money mules has led some young people, including students, to unwittingly launder money or finance other crimes, including terrorism. Bad actors use social media to find their targets, which eventually leads to their accounts being used for fraudulent activities. The end result can be devastating for account holders. Santander recently closed roughly 11,000 accounts suspected of being money mules, and their legitimate holders now may be unable to open new bank accounts or get approved for loans. In more serious cases, they could even face prison time.
Another popular method of fraud involves bad actors creating accounts under false pretenses. In these cases, accounts might be opened with stolen or fabricated identities, and once accessible, they can be used to move money across accounts and withdraw it.
Real-time payments services aren’t the only ones facing vulnerabilities: P2P platforms have also experienced fraud problems.
Zelle is one such service that has become appealing to legitimate users. According to figures from its parent company, Early Warning, users performed about 433 million transactions last year, with the total value reaching approximately $119 billion. Criminals have found ways to exploit Zelle, however, enabling them to extract money from users’ accounts or trick people into transferring funds. One key vulnerability in the system is that it does not always notify users when transfers occur, as such notifications rely entirely on the banks offering the service.
It is important for the banks and CUs that offer Zelle to invest in tools, such as artificial intelligence (AI) and machine learning (ML), to keep their customers safe from fraud. AI and ML are not only capable of responding to potential acts of fraud, but also gather data analytics that can inform FIs about emerging fraud trends.
Real-time and P2P payments are likely to see increased use as consumers and businesses demand quicker access to funds, and these systems’ users need to be protected against fraudsters. As payments become faster, it’s important that anti-theft and anti-fraud responses match – and preferably exceed – their paces.