When considering how to protect against fraud in a real-time payments ecosystem, many financial institutions focus on the "real-time" part of the equation. Speed is, of course, a key factor. Achieving secure, real-time payments, though, requires more than simply performing all the same steps, only faster.
Efficiency, flexibility and a clear understanding of consumer expectations will all become even higher priorities for financial institutions. On top of that, succeeding in a real-time payments environment means staying up to date with evolving processes and technologies – as well as watching the horizon for what's coming next.
With real-time payments, every step of the transaction – including fraud detection – must be completed within a second. Customer expectations are driving that need for speed, and, in some countries, regulators are already mandating processing timeframes.
Beyond speed, banking customers want to initiate real-time payments whenever they choose, and they want instant confirmation the payment is complete. If a payment fails, they want immediate resolution.
Delivering those capabilities requires financial institutions make support and fraud teams available 24/7, both to help users and detect new threats launched outside of traditional banking hours – a growing concern in an increasingly global economy.
Much like ATM transactions, real-time payments make money available immediately. And once that payment has been accepted by the payee's financial institution, the money is deemed irrevocable, similar to how ATMs put cash directly in the hand.
Financial institutions that take advantage of the latest risk management and cybersecurity capabilities – while pushing to offer faster payments – can create a true competitive advantage.
Those similarities have led many institutions to look to ATM fraud-prevention systems for insight on preventing real-time payment fraud. However, ATMs typically impose tight value limits, while the value limits of real-time payments tend to increase rapidly to meet demand. The limits can rise to millions of dollars or simply be removed completely. The risk of loss with real time is therefore different than any other type of transaction.
The breadth of use for real-time payments is also unlike any other payment type. While fraud-detection systems are typically specialized for a tight range of transactions, such as card payments, real-time payments are applicable for an incredibly broad range of transactions. In fact, every transaction – including even the most complex, high-value payments – may eventually run through a single platform and be finalized within seconds.
That means real-time fraud prevention solutions must be ready for every type of fraud. They'll need to be fully connected, using data across all payment types, to help understand, predict and prevent fraud. While those ideals are yet to be realized, financial institutions that find partners now with the vision and resources to deliver enterprise payments and fraud solutions will be well positioned to take advantage of new opportunities.
As new threats emerge faster than ever, support from a trusted technology provider has become essential. Without that partnership, financial institutions will be left alone to tackle new security threats, bringing together fraud-prevention solutions in a piecemeal fashion to plug the dam.
The next wave of fraud solutions must also be equipped to handle the multiplying data that comes with real-time payments. With ISO 20022 message sets being adopted as the new industry standard for electronic data interchange between financial institutions, real-time payments can carry significantly more data. The information can be structured or unstructured, and it may come with the payment instruction or arrive separately.
The additional data helps determine if a real-time transaction is fraudulent, but analyzing all of it takes time. Many traditional ATM, ACH and card-based fraud-detection systems are not equipped to process the influx of data and use it to effectively fight fraud.
Financial institutions can address that challenge and leverage data to their advantage with machine learning and fast and accurate advanced inference techniques. Machine learning and artificial intelligence (AI) solutions can perform millions of fraud checks within a fraction of a second, learning from the data to become more accurate and effective over time.
The most notable threats to real-time payments include account takeovers, invoice redirection and authentication fraud of the party authorizing the initiation or receipt of the payment. Although there isn't yet a single system to manage all of those threats, specialized solutions can be layered to greatly mitigate the probability of a successful attempt for each scenario.
With authentication fraud, current cybersecurity methodologies – from multifactor authentication to identity verification – provide layers of security to prevent a criminal from impersonating or using an authorized person to access the payments. Biometrics, tokens and complex password requirements can all be used for effective authentication.
Similarly, account takeover prevention relies on cybersecurity applications to prevent malicious actors from taking over or creating accounts with stolen credentials and identities. Solutions such as anti-malware, personal and network firewalls, network and back-office protections, and infrastructure assessment and performance services may all work in concert to prevent account takeover.
Analytical services with machine learning and AI capabilities are necessary to prevent crimes such as authorized push payment fraud or invoice redirection. That type of fraud necessitates AI to interrogate requests as they are presented. Machine learning capabilities deliver the speed and analytical processing prowess to analyze multiple data sources at the speed needed for real-time payments.
There's no way to predict all of the patterns and types of potential fraud attacks in real-time payments. But financial institutions can position themselves best by adopting flexible tools that offer protection today and are prepared for tomorrow. Those tools are nimble, adaptable, and can easily add new channels and transactions to be monitored.
Financial institutions are taking steps now to enter the real-time payments arena. Many banks and credit unions are starting out in a receive-only mode. As their comfort level increases, they're first offering corporate customers the ability to initiate real-time payments, beginning with relatively low per-transaction limits. Those are smart first steps to minimize risk while continuing to advance.
Effective security is increasingly a differentiator for financial institutions. Getting it right requires balancing customers' growing expectations for speed, ease and security. Financial institutions that take advantage of the latest risk management and cybersecurity capabilities – while pushing to offer faster payments – can create a true competitive advantage.
And as increasing investments in AI-based real-time fraud management technologies begin yielding new possibilities, organizations that are already testing the waters of real-time payments can be ready to excel.