As instant payments become more widely used in the United States, the financial services ecosystem must gird for ever-more-brazen attacks from fraudsters.
Nick Fleetwood, head of data services at Form3, said that there’s at least some reference to be gained from the United Kingdom, where there’s a relatively mature instant payments architecture in place as nearly all accounts are enabled to send faster payments.
And that, he said, “means there’s quite a mature instant payments fraud problem.”
He added: “We’ve seen a 27% increase in fraud losses, but a 68% increase in cases [of instant payment-based attacks] over the last three years because there’s the ability to tie in a sense of urgency.”
A plethora of scams have dogged the market in the U.K., Fleetwood noted, including retail-based ruses, where bad actors pretend to sell goods online, get the money instantly, and never deliver the promised items.
Impersonation scams that use social engineering to ply funds instantly from unwitting victims are also common, as are romance scams. The fraudsters are lured, too, by the promise of anonymity; it’s easy to pretend to be a legitimate entity or individual and steal fund from unsuspecting victims.
“These [schemes] are nothing new. … They’ve been going on for a long time,” Fleetwood said.
But the fact that funds can now be sent instantly means that it’s nearly impossible to get that money back, as criminals use the faster payment rails to shift funds into other accounts or even cryptocurrency.
Authorized push payments fraud has proven to be especially onerous, he said, given the fact that speed bumps — prompts that seek to slow users down a bit to examine whether they really want to send funds — might be ignored, as users are habituated to make those payments.
A collaborative approach among various stakeholders can improve defenses against instant payments fraud, Fleetwood said, with technology giving fraud fighters a fighting chance.
“The good news is that there are a lot of tools out there,” he said. But firms must adopt an anti-fraud mindset that’s proactive instead of reactive, and analyze data and transactions in real time.
“You also need a high-quality risk score that enables you to understand where to apply the right friction,” Fleetwood added.
That score is dependent on several aspects: the person sending the money, the behavioral aspects of the person receiving the money, and the relationship between the sender and the recipient.
“This is the collaborative network,” Fleetwood said, “and if you have everyone contributing to a data model, you’re able to score risk in real time” based on a consortium effort. This holistic approach lets financial institutions (FIs) determine whether to let a payment go through, or whether to raise new prompts to slow things down and make sure the account holders are genuine.
Looking ahead, he said that the recent launch of the FedNow® Service in the U.S. will likely spur a wider embrace of instant payments. Its increased adoption may push FIs and other enterprises to reconsider the tools and processes they have on hand to fight fraud and zero in on behavioral characteristics.
The consortium approach, Fleetwood said, has proven effective at identifying 80% of fraud within a system.
“This makes it very inefficient for a fraudster [to be successful] using instant payments, because they’re in a position where 80% of that fraud will be stopped,” he said. “Consortium intelligence will become a key aspect in the fight against fraud in instant payments … and beyond.”