How to mitigate bill pay fraud risk

Mitigate Bill Pay Fraud and Risk

Deliver better consumer experiences without compromising fraud prevention


As cybercrime techniques become more sophisticated and aggressive, bill pay can be a more frequent target for fraudsters. So financial institutions continue to strengthen their defenses. 

But for the people who manage fraud risk in those institutions, it can be difficult to manage expectations. Fraud executives are expected to employ methods to reduce fraud losses, but still allow for a positive, frictionless consumer experience. It’s a tough balancing act.

Fiserv understands this. Providing tools that deliver better consumer experiences without compromising fraud prevention is a key component of our strategy to help our clients.


Remain aware of fraud threats

The most common fraud methods we see in bill pay are account takeover and identify theft.

Account takeover. In this scheme, customers are tricked into providing login information to fraudsters. Consumers receive texts or emails telling them to take action related to a purchase (approve a UPS delivery, confirm an Amazon order and so on) and click the link provided. These scams ultimately install malware on consumers’ computers or phones, enabling fraudsters to access bank account information. The criminals typically target older or younger people, who may be more vulnerable to scams. 

Preventing fraudulent payments


Using FraudNet™ from Fiserv, financial institutions large and small stopped over $653 million in fraudulent payments in 2022.

Case in point:

  1. A top-20 bank was targeted by fraudsters and a single user profile scheduled 38 unique payments, totaling over $285,000. FraudNet alerted and stopped every payment from processing. 
  2. A community bank was targeted and 81 unique payments were scheduled, totaling over $2 million. This unexpected attack was 100% mitigated by FraudNet.

Identify theft. Fraudsters often create fake accounts using information they’ve found or collected online about the consumer to make unauthorized transactions. Sometimes fraudsters even pay a bill – to themselves.


Educate your consumers

The first line of defense against such bill pay fraud is a knowledgeable consumer. In printed, digital and in-person communications, make it a priority to educate consumers on the basics of avoiding fraud threats. These reminders can include using unique passwords and keeping them private, not clicking links or replying to suspicious texts or emails, and monitoring accounts and reporting suspicious activity. 


Deploy intelligent fraud prevention processes

In addition to educating consumers, financial institutions can employ enhanced best practices to counteract bill pay fraud.

Better processes. Strengthening the bill pay enrollment and verification process can go a long way in weeding out bad actors and preventing fraudulent attacks. Confirm within the enrollment process that the account is being opened by an actual bank customer and not a computer program or “bot.”

Enforced standards. Financial institutions receiving payments should return payments that are not directed to the correct type of account. For example, the institution should not try to manually post payments to loan accounts that have checking or savings account numbers on them.

Reasonable limits. Financial institutions should consider limits on transaction frequency and payment amounts, as more flexibility in these categories can lead to greater potential threats. Institutions have to balance the positives of a friction-free customer experience with the profound negatives of potential fraud loss. 

Real-time decisioning. With the speed of payments increasing, fraud controls must be even tighter and able to flag suspicious activity in fractions of a second. Each transaction requires extra scrutiny and more thorough verification as real-time payments offer an extra layer of complexity. This means that real-time decisioning is a must-have to quickly identify fraudulent actions and ensure appropriate transactions are approved.  

All of these best practices will require:

  • Finely tuned velocity and frequency rules
  • Enhanced monitoring against information in subscriber profiles
  • Additional verification provided through one-time passwords (OTP)
  • Additional in-session verification for high-dollar or high-frequency transactions
  • Verification of valid cards, and that nothing has been lost or stolen

The more hurdles they encounter in trying to execute fraudulent transactions, the easier fraudsters will be to detect, and the more likely they will be to move on to softer targets.

Evaluate your fraud technology's real-time capabilities

As we move to real-time bill pay, the threat is changing. Because real-time payments mean instantaneous money transfers, financial institutions are looking to implement solutions that prevent fraud and flag risky transactions in real time.

The most capable software solutions will:

  • Leverage fraud data collected across all financial institutions in the entire payments network
  • Use advanced statistical algorithms to identify suspicious consumer behavior
  • Maintain database of known fraud sources and targets
  • Monitor transactions in real time 24/7
  • Stop fraudulent payments prior to sending and freeze accounts to eliminate any future attempts to make fraudulent payments
  • Identify other transactions that are linked to a known fraudulent user profile

Looking back and looking forward

Twenty-five years ago, few of us could have imagined that we’d be facing the scale and nature of the fraud threat we see today. But one thing we can be sure of: there’s no going back. As long as humans are humans, the fraudster techniques described above will continue to work with some consumers. To mitigate the harm to everyone in a real-time payments environment, financial institutions can take the lead with an aggressive antifraud posture that still allows for a positive customer experience.