For all the buzz about the advent of real-time payments, and the various opportunities it can reportedly unlock, the lingering uneasiness is that speed also brings the potential for more fraud.
That fear, according to David Barnhardt, EVP of product at fraud prevention firm GIACT, is not unwarranted or unreasonable. In fact, he said, it’s very much Payments 101 — where there is increased speed and less of an opportunity to respond to that fraud, banks could be more vulnerable.
That is the bad news, he noted. The good news is that all the recent buzz about real-time and instant payments has brought with it the realization that banks need to understand and address fraud in these new, faster channels.
“A lot of firms, until recently, really had nothing in place,” Barnhardt told PYMNTS. “With fraudsters now putting faster payments under the microscope, banks are actively working with firms like GIACT to get real-time protection products into place. People are really thinking about it. “
More than just thinking about it, he noted, they are taking steps to better insulate themselves and their customers, no matter what type of payment one is talking about — such as faster debit pulls or faster credit pushes. In the case of firms like insurance companies, both are relevant. There is a more intense focus on making sure funds are going to and coming from where they should so that companies can be certain they are getting it right, no matter how fast (or slow) the payment is traveling.
Tightening Timelines
Legacy processes, Barnhardt told PYMNTS, are likely coming to the end of the road because they aren’t suited to a world where payments are increasingly under pressure to happen same day or even instantly. With next-day processing, those payment systems can function with a certain methodical authentication process because the window is long enough to allow it.
“That window is evaporating,” he noted.
As that window evaporates, he noted that things like trial deposits and charges to authenticate accounts, and batch processing debits at the end of the night, are tools that have “been rendered almost useless.”
If the payments — push or pull — are in real time, he said, then the authentication has to be in real time as well. That is possible, though not by merely speeding up the authentication process. It’s not about trying to run a race with a fraudster in the few seconds or few hours that the payment is processing, Barnhardt explained. It is about getting ahead of the fraudster throughout the entire customer relationship.
“This is about managing for the customer lifecycle in its entirety,” he said. If businesses understand the customer they have enrolled, and they know who they are consistently, there are a lot fewer issues with running payments in real time or same day.
If those issues aren’t handled well, he noted, then problems will happen. It’s an issue Barnhardt has seen many times with GIACT partners, and is often triggered when a lot of returned payments are discovered.
“The problem may be visible with the payment, but it started at the enrollment process when the criminal was allowed access into the system. And if that isn’t buttoned up, fraudulent payments will happen time and time again,” he said.
What’s Next
The only good thing about an ongoing parade of data breaches and innovative attempts at identity theft is that it can be incredibly persuasive when it comes to the importance of making the payments process more secure. Consumers are too worried to use some products, Barnhardt noted, and that has led to businesses asking their banks directly how they plan to secure the products and services they are offering. As a result, banks now want to know how they can best protect their customers, and how they can make sure they are securing themselves as well.
That’s because, he added, when things go wrong, they can go very wrong.
“I have heard horror stories about life insurance settlements being disbursed to the wrong person, and the mistake going unnoticed for six months. And this was an honest mistake — two clients had the same last name and the money went to the wrong person,” Barnhardt said. “When they went to court to fight that unjust enrichment case, they were ruled against. Court found it was their mistake and the woman didn’t have to give the funds back.”
The trouble and challenge going forward, he explained, is that when banks are thinking about authenticating payments, they need to think outside the authenticating-transactions box. Approaching fraud that way treats the symptoms, not the cause, and it’s why preaching about lifecycle management is the way to get to the root of the problem. That’s where fraudsters are infiltrating the system, long before the payment is initiated.
That 360-degree view of the customer not only allows banks to understand their customers better, but allows for those customers to do business with as little friction as possible. That is, until the system can see that “something is not right” and introduce a little friction to the system, he said.
That can be hard, Barnhardt noted. Fraudsters often come armed with lots of good information (the right name, address or social security number), and it is only when one takes a closer look at the secondary information and sees a different phone number or email address that they can get the feeling something is off. This is when the intervention can be most effective, and possibly the best defense against a future fraudulent transaction — simply by cutting it off before it starts.
“The fraud guys give us a lot of signals,” he concluded. “We just have to get better at reading them to prevent losses.”