Deliver better consumer experiences without compromising fraud prevention
As cybercrime techniques become more sophisticated and aggressive, bill pay can be a more frequent target for fraudsters. So financial institutions continue to strengthen their defenses.
But for the people who manage fraud risk in those institutions, it can be difficult to manage expectations. Fraud executives are expected to employ methods to reduce fraud losses, but still allow for a positive, frictionless consumer experience. It’s a tough balancing act.
Fiserv understands this. Providing tools that deliver better consumer experiences without compromising fraud prevention is a key component of our strategy to help our clients.
Remain aware of fraud threats
The most common fraud methods we see in bill pay are account takeover and identify theft.
Account takeover. In this scheme, customers are tricked into providing login information to fraudsters. Consumers receive texts or emails telling them to take action related to a purchase (approve a UPS delivery, confirm an Amazon order and so on) and click the link provided. These scams ultimately install malware on consumers’ computers or phones, enabling fraudsters to access bank account information. The criminals typically target older or younger people, who may be more vulnerable to scams.
Preventing fraudulent payments
Using FraudNet™ from Fiserv, financial institutions large and small stopped over $653 million in fraudulent payments in 2022.
Case in point:
- A top-20 bank was targeted by fraudsters and a single user profile scheduled 38 unique payments, totaling over $285,000. FraudNet alerted and stopped every payment from processing.
- A community bank was targeted and 81 unique payments were scheduled, totaling over $2 million. This unexpected attack was 100% mitigated by FraudNet.
Identify theft. Fraudsters often create fake accounts using information they’ve found or collected online about the consumer to make unauthorized transactions. Sometimes fraudsters even pay a bill – to themselves.
Educate your consumers
The first line of defense against such bill pay fraud is a knowledgeable consumer. In printed, digital and in-person communications, make it a priority to educate consumers on the basics of avoiding fraud threats. These reminders can include using unique passwords and keeping them private, not clicking links or replying to suspicious texts or emails, and monitoring accounts and reporting suspicious activity.
Deploy intelligent fraud prevention processes
In addition to educating consumers, financial institutions can employ enhanced best practices to counteract bill pay fraud.
Better processes. Strengthening the bill pay enrollment and verification process can go a long way in weeding out bad actors and preventing fraudulent attacks. Confirm within the enrollment process that the account is being opened by an actual bank customer and not a computer program or “bot.”
Enforced standards. Financial institutions receiving payments should return payments that are not directed to the correct type of account. For example, the institution should not try to manually post payments to loan accounts that have checking or savings account numbers on them.
Reasonable limits. Financial institutions should consider limits on transaction frequency and payment amounts, as more flexibility in these categories can lead to greater potential threats. Institutions have to balance the positives of a friction-free customer experience with the profound negatives of potential fraud loss.
Real-time decisioning. With the speed of payments increasing, fraud controls must be even tighter and able to flag suspicious activity in fractions of a second. Each transaction requires extra scrutiny and more thorough verification as real-time payments offer an extra layer of complexity. This means that real-time decisioning is a must-have to quickly identify fraudulent actions and ensure appropriate transactions are approved.
All of these best practices will require:
- Finely tuned velocity and frequency rules
- Enhanced monitoring against information in subscriber profiles
- Additional verification provided through one-time passwords (OTP)
- Additional in-session verification for high-dollar or high-frequency transactions
- Verification of valid cards, and that nothing has been lost or stolen
The more hurdles they encounter in trying to execute fraudulent transactions, the easier fraudsters will be to detect, and the more likely they will be to move on to softer targets.