Consumers always want more speed and expect security to always be top-notch, but traditionally there’s been a trade-off.
More of one meant less of the other.
In the latest On the Agenda discussion, a trio of fraud fighting financial services executives told PYMNTS that consumer permissioned data and deep analytics — along with data sharing between financial institutions (FIs) — are what’s needed for a better, frictionless payments future.
Panelists included Early Warning Vice President of Product Management Chris Davey, KeyBank Head of Fraud Operations Jen Martin and Randolph-Brooks Federal Credit Union Vice President of Enterprise Fraud Brian Munsterteiger.
At a high level, real-time payments are all the rage as of late. But with faster payments, goes the old saying, the faster the fraud.
Ensuring the success of account-to-account (A2A) transactions, whatever the use case, is key to moving real-time payments to the forefront, to be more widely embraced by consumers and the businesses that serve them.
Knowing who’s on either side of the transaction is critical, but identity verification can be a daunting challenge. Identity authentication and verification isn’t a job for just an individual bank or an individual payment provider, but rather it’s an aggregate of all the contributing FIs.
“Coming out of the pandemic, the demand from clients is absolutely there,” KeyBank’s Martin said.
But at a high level, real-time payments are akin to handing cash to someone. If you’re not watching out for the security of it all, well, that cash can disappear in a second.
The most effective lines of defense lie with knowing that the individual who is submitting the payment — or logging into an online banking account in the first place — is who they say they are.
Early Warning’s Davey said a consortium approach is one in which the risk of fraud can be measured across a network, rather than just from an individual bank or entity perspective.
“From my perspective, as we look out into the future, the idea of connecting the nodes and really understanding the identities of individuals who want to transact and use digital payment mechanisms like real-time payments will be critical,” he said.
Those combinations of attributes and nodes can be mashed together to identify transactions that appear high risk, and that alert can be fed back to the banks to address that individual or entity, he said.
Beyond focusing on the payment itself, FIs should focus on the individuals’ behavior, where they are signing in, and uncovering anomalies, he said. That level of insight, aided by advanced analytics, can go a long way toward eliminating the password and the one-time passcode (which can already be easily gotten around by the fraudsters).
Panelists were somewhat lukewarm about the prospects of facial recognition’s place in the ID verification pantheon. That methodology can be a bit intrusive, they said, and may be increasingly passed over in favor of options like fingerprint-based IDs that can be used with most devices, which in turn will become de facto mechanisms for authentication.
The Regulatory Landscape
As is always the case when identity and data and privacy enter the picture, there looms the question of who should regulate and how much regulation is enough, or too much. Panelists agreed that controls need to be in place — through know your customer (KYC) requirements, for example — that lend at least some confidence that there can be relatively higher assurance with real-time payments.
Martin contended that there needs to be a “minimum threshold” for authentication. That’s a bit of a tougher hurdle here in the states than might be seen in Europe, due chiefly to the fact that there are thousands of more institutions stateside than in Europe.
“What you know about your client and what I know about mine is what makes some of the faster payments work so well in Europe,” she said.
Banks Have the Data
Munsterteiger said there is more data on hand with U.S. financial institutions, and data sharing could be used to the FIs’ advantage. That data can also be shared with law enforcement (as Randolph-Brooks Federal Credit Union does) in order to perform deeper dives that can pinpoint trends.
Looking ahead, the trio of executives told PYMNTS that we’ll be able to transact in a frictionless way because identities will be verified, and consumers will control their data and information — rather than having sensitive information being held by a third party (or parties).
Banks will remain a trusted place to interact and thus be a keystone identity holder, and they can create the interoperability between trusted networks.
Said Davey, “I don’t think anyone’s going to trust Facebook with their identity necessarily at this stage. … consumer permissioned identity is the trend of where we are going, and this is an important place to invest time and effort.”
Consumers are demanding control of their data across any number of sectors, permissioning data that can in turn be stored in digital wallets, and the trend is set to continue
Martin noted that the banks have insight into spending behavior and patterns that can be so powerful in the fraud prevention space and that education is a key component in battling against fraudsters and scams.
“The more that we can educate and notify clients and pick up on those anomalous behaviors, well, that really starts to systemically stop fraud,” she said.