A global challenge: Fast Payments equals Faster Fraud
March 26th, 2024
Real-time, instant, or simply faster payments are ubiquitous across the globe, in the 16 years since the U.K. roll out. In fact, many countries, such as the U.S., have multiple real-time payment platforms with RTP, FedNow and Zelle. We also see a variety of payment limits (not always the end consumer facing limits) with £1m in the U.K., $1m in U.S. and EUR100k in the EU.
To provide a brief, non-exhaustive, list of countries with faster payments systems, for illustration, Australia, China, EU, India, Saudia Arabia, Singapore, U.K. & U.S. Some notable exceptions are Canada, which should go live with its RTR in 2024 and Switzerland where the largest banks go live with its real-time rail later in 2024. And it’s not only domestic faster payments systems, but international ones too.
International Payment Systems
SWIFT’s products and collaborations are taking this speed completely cross border, with over 50% of SWIFT GPI traffic credits beneficiaries within 30 minutes. In addition, over the next 18 months or so, PSPs in the Eurozone, will have to provide SEPA Instant Payments systems, then expanding to all the 36 countries making SEPA Euro Payments. It’s notable that PSPs get between nine and eighteen months to before this comes in to force as this is to give them time to get their real-time fraud detection systems in place.
But with that increase in speed comes at a cost too. It’s clear that in all these countries that these faster payment rails bring a faster fraud issue, and that issue is a global one.
Losses for authorised fraud (where the customer is scammed into making the payment) are now high in many of these countries, at £485m in the U.K., $651m in Singapore for 2023 and AUS$476m in Australia. Whilst there are still unauthorised payment frauds, via online or app banking (£79m for th123 in U.K.) these are substantially lower as the increase investment in fraud tooling has reduced in part migrated Fraud to APP.
Regulatory Impact
The scale of the frauds is forcing regulators and politicians to take notice. But it’s not just the size of the losses, but also the implications for victims and society. For many, their life savings having been lost or business collapsed, causing life changing impacts. And those funds are reaching the pockets of organised crime groups and used to fund other illegal acts such as human trafficking. In fact, there is much evidence that some of the scams are run out of places like Myanmar using trafficked people forced to call victims across the globe.
Global regulators and governments are starting to take action, and they’re implementing all sorts of controls. These range from full liability shift in the U.K. to increased fraud data sharing, forcing telcos to act upstream, and preventing banks from sending links in Singapore. KSA has implemented the Counter Fraud Framework5 to ensure its financial services firms have the tools to manage.
Data Sharing
Data sharing is becoming part of the solution both public, private and joint initiatives, for fraud and AML purposes. Some examples include the U.K.’s new Economic crime and Corporate Transparency Act, which provides PSPs with the legal cover to share data in wider financial crime contexts. The EU’s Payments Services Regulation, that at present, is quite limited in its fraud data sharing. There is also the Brazilian law that came into force at the end of 2023. Australia is rolling out its FRX platform their banks to share data on frauds.
So faster payments present several challenges to financial institutions (FIs). The most obvious being the liability shift seen in the U.K. and to a more limited extend in the EU under its new Payments Service Regulation or Zelle in the U.S.
Operational Impact
With faster payments there is usually a large increase in the genuine volume of payments, not just a cannibalisation. This in addition to their irrevocable nature, makes it hard to see the frauds within the genuine payment volumes and losses increase fast as recoveries drop.
However, it’s also the operational impacts of dealing with their customers who have been victims, even if there is no liability and that it also undermines the trust in real time and digital payments.
So as an FI, you need to be able to offer customers real-time payments, (which are becoming table stakes), whilst attempting to keep the friction (SCA/MFA) to a minimum. Also, meet an increasingly tough set of regulatory expectations to refund and protect customers, not just from fraud, but from having their accounts frozen, such as by the U.K.’s FCA Duty of Care.
From a cost perspective, FIs need to manage their liability from fraud and money laundering by mules and all the above while being better, cheaper, faster than their competitors.
What are the solutions to that FIs need to invest in?
Real-time profiling of payments and non-payment activity has been in place for some time. However now it must cover both inbound as well as outbound payments. This is being coupled with a multifaceted, intent-based set of machine learning/AI models to detect unauthorised and authorised fraud, mule accounts and first-party abuse of liability shift.
Firms need to fully utilise the increased data sharing being permissioned by regulators. Having this data and more is extremely useful, however, it requires the right tools to be able to turn that into actionable decisions that can be used in an efficient and operational way.
In addition, firms need to remove the silos (data and operational) within their firms and be able to feed the large amounts of data that are freed into AI models to detect and prevent fraud.
These tools need to be set up to manage multiple fraud typologies, across the customer lifecycle. This means looking at onboarding and early account monitoring as well as ongoing mule detection and payments profiling. It also requires automation of alert workflows and case management to bring efficiencies to the claims and investigations processes to deal with the increased volume of fraud cases.
This makes it more important than ever to have the right fraud prevention and detection tooling.
For more information on NICE Actimize’s real-time fraud solution Scams & Mule Defense, go here.