Until 2017, the U.S. payments market had no real-time payment rails while other nations across the globe had already launched various instant payment schemes. In 2019, the prospect of a second instant payment rail, FedNow, was announced by the U.S. Federal Reserve. FedNow, if implemented, will join The Clearing House’s (TCH’s) Real Time Payments (RTP) in the market. The increase in adoption of real-time or faster payments worldwide will force banks to reevaluate their payments infrastructures as well as their fraud strategy.
In August, when the U.S. Federal Reserve announced it would launch a real-time payment scheme, banks in the United States became faced with the prospect of having to connect to multiple real-time domestic rails. Banks in the U.S. will now likely need to connect to both FedNow and RTP. Banks outside of the U.S. have already had to deal with that reality, where many of the 40 nations that now live with real-time payments have multiple faster payment schemes.
Preparing for connectivity to even a single real-time rail requires financial institutions to rethink their payments infrastructure as a whole and, most certainly, their fraud strategies. Things only get more complicated with the need to cover multiple rails, which could have differing transaction types or messaging.
To meet those challenges, financial institutions must have fraud coverage that is fast enough to stop transactions in real time, scalable enough to enable higher volumes in a more complex digital environment, and purpose built to “understand” the risk in brand-new products and services.
Fraud in Real-Time Payments
Do real-time payments mean real-time fraud? The answer to that question is, maybe. For banks and merchants that have not updated their fraud technology and strategies, then it is a definite ‘yes’. For those companies that take appropriate measure to enhance their fraud technologies so that they can assess risk and make automated fraud decisions in real-time, then the answer is ‘no.’
The two issues at play are speed and novelty. Fraudsters seek out opportunities to cash-out faster, real-time payments provide them that opportunity. Fraudsters also seek out novelty, which means they look for opportunities to exploit vulnerabilities in newly launched digital products and services. They quickly test the limits of the controls in place to find weaknesses and then quickly adapt methods to drive fraud through the proverbial hole in the fence.
Real-time rails are central to larger modernization initiatives within banks and for many nations. As such, real-time schemes are designed with updated transaction messaging and overlays to optimize payment processing and open the door for innovation in products and services. As fraud teams consider real-time payment coverage strategies, they must seek solutions that address speed and a wider set of capabilities linked to modernization.
Fraud strategists must consider new elements related to payment modernization as they re-think their fraud strategies. New messaging standards, transaction types, and API ecosystems will all have to be considered, and planned for, by fraud strategists to avoid leaving vulnerabilities exposed – the “hole in the fence.”
Meeting the Fraud Challenges of Real-Time Payments
Financial institutions must define a strategic approach to faster payment challenges to adequately address them. There are several things that must be done, including aligning fraud and payment teams’ objectives, producing real-time risk assessments without increasing unproductive alerts, developing fraud strategies that can enable innovation, and moving beyond rules-based system technology.
A key structural problem is that there is often a disconnect between fraud and payment teams. The goals of each team are often at odds. Fraud teams strive to prevent as much fraud as possible, not understanding how banks plan to monetize payments and benefit the customer’s experience.
On the other hand, business-line payment teams are innovating and moving products and services to the market without full comprehension and input from fraud teams. Aligning the strategic objectives of these teams will substantially enhance an organizations chances for success.
The increased speed and complexity associated with faster payments mean that fraud-detection engines must use AI-based advanced machine learning models. These models can analyze data at massive scale and detect nuances within the data for more accurate outcomes.
Implementing an intelligent, advanced fraud prevention application can enable a bank to move beyond simple rules-based fraud strategy. It can provide an opportunity for banks to analyze more data without generating unsustainable volumes of false positives. Machine learning helps address and move past the limitations inherent within legacy systems. Ideally, a fraud application will use supervised machine learning and unsupervised machine learning models to emulate the thinking and instincts of a seasoned fraud analyst while assessing more data points.
The rise in entity-based attacks, including synthetic identity and mule account activity, has necessitated a growing need for fraud solutions to look beyond point-in-time monetary or nonmonetary events, additionally seeking anomalies in the patterns of accounts and behavior of entities. The goal should be to begin the journey by assessing a new entity at account opening or onboarding and then to use that baseline as a starting point for a risk score that continually evolves through a customer life cycle.
Real-time payments will undoubtedly impact how banks and merchants address fraud within new payment ecosystems. New technologies and strategies will likely be needed to adequately address the risks associated with the faster movement of money. This issue will and how organizations address it will continue to drive the research agendas for IDC Financial Insights’ Compliance, Fraud and Risk Strategies program as well as IDC’s Worldwide Payments Strategies program.
Learn how to develop a fraud strategy that addresses the risks associated with real time payments; register for IDC’s “Managing Fraud in a Real-Time Payments World” web conference on March 24 at 11am ET: