Mitigating ‘instant’ fraud in instant payments

Demand from consumers and businesses for convenient and immediate funds is driving the adoption of faster payments in markets worldwide. Instant payments have been making waves in recent years, enabling consumers and businesses to send and receive funds in real time with 24/7 availability, along with rapid access to funds and just-in-time payments to manage cash flows.

Other benefits include:

• Instant access to paychecks and the ability to spend it on the same day.
• Improvements to small business working-capital management, with immediate access to invoice payments.
• Enabling consumers to make last-minute payments to bills on the due date, potentially avoiding late fees.

In addition to the Clearing Houses RTP (Real Time Payments) Network going live in 2017, and the Federal Reserve’s FedNow Service launching last year, instant payments are poised to further disrupt the payments and financial services landscape.

However, without the proper controls, the benefits offered by faster payments can be nullified by “instant” fraud risk.

Risks involved with adopting instant payments

A key benefit of instant payments is the ability for consumers to have irrevocable payments. However, this gives financial institutions significantly less time to assess the fraud risk of a payment while funds are transferred or withdrawn by subsequent transfers. The combination of using Instant Payment networks and digital channels that operate 24/7 allows fraudsters to strike by performing transfers during periods when capacity for manual review is the lowest.

Real-time fraud is an emerging threat that will grow as the use of faster payment methods gains momentum. Mitigating these risks should be a priority for banks and other financial institutions that provide faster payment capabilities to their account holders. Combating fraud risk requires real-time fraud scoring and a high level of automation, which is only achievable through advanced artificial intelligence (AI), with configurable rules and policies geared toward stopping fraudulent payments.

Types of instant payment fraud schemes

Instant payments fraud schemes come in a variety of forms. Account takeovers involve fraudsters gaining direct or indirect access to a user’s online or mobile banking account. Once fraudsters compromise an account, they can initiate transfers or purchases that will appear to be authorized by the account holder.

Account takeovers can happen in three ways. The first involves an attacker obtaining a user’s credentials or abusing the account recovery process to gain direct access to the account. A second method involves the fraudster using malware to access a user’s device. The third occurs when fraudsters socially engineer a user into carrying out their wishes.

Direct debit or auto-pay is a common target for criminals looking to exploit instant payments. Direct debit fraud can happen when a debit is taken from an account without a valid direct debit request. Consumers often use direct debit to allow another party to withdraw funds to pay for recurring costs like utility bills and rent. Consumers can also use direct debit to withdraw money from their checking accounts on a specific date or at regular intervals.

Compromising business email and vendor impersonation exploit vulnerabilities within a customer’s professional organization. Fraudsters can deceive the customer’s personnel, processes and systems, convincing the organization to voluntarily send payments to accounts controlled by fraudsters. The FBI identified this type of fraudulent practice as one of the fastest growing and financially damaging crimes, with losses exceeding $2.4 billion in 2021.

Fraud schemes that involve a form of social engineering to trick a business or private person to transfer funds are also referred to as Authorized Push Payment (APP) fraud.

Approaches financial institutions can use against fraud

Fraud in instant payments is a modern problem that requires a modern solution. To effectively bolster defenses against fraud, financial institutions should implement solution platforms that stop fraudulent transactions using the following capabilities:

• Cross-channel and fraud type coverage: Enables FIs to receive comprehensive coverage to eliminate system gaps across channels, making it more difficult for fraudsters to find and exploit weaknesses.
• Predictive accuracy: Uses predictive analytics to identify the fraud probability and provides quantified and motivated results to fraud analysts to aid the investigation of suspicious items or payments.
• Automated decisions: Risk-based actions that leverage the capabilities of the payment channel, like prompting for additional authentication, before involving manual review.
• Operational reliability: Optimal system availability and performance to support real-time analysis requirements such as over the counter and instant payments.
• Real-time scoring: Determine the fraud risk of every payment the moment it is initiated and before funds are moved beyond the bank’s control.

Instant payments are here to stay and will change the way we conduct payments. However, the benefits of instant payments as immediate and irrevocable are also a risk.

Fraudsters will be quick to exploit weaknesses, meaning that banks and other financial institutions must rise to the challenge and implement measures to secure their instant payments capabilities against criminals.

Calin Sandru is Vice President of Fraud Solutions at ARGO.