Real-time fraud busting: 5 best practices to protect your institution from real-time payment fraud
The thought of waiting three days for a check to clear seems antiquated in today’s environment of real-time payments. Consumers and businesses want money moved quickly, in real-time or near real-time. However, consumers and businesses won’t sacrifice safety—they want both speed and security.
For some financial institutions (FIs), delivering fast and secure payments has been challenging.
While banks and credit unions have done a good job at protecting their payments infrastructure in an environment of batch processing and even same-day Automated Clearing House (ACH) or wire transfers, real-time payments have changed the rules of the game. FIs no longer have the advantage of time on their side to determine if a payment is legitimate. They no longer have hours or days to investigate a transaction.
Mobile payments introduce additional challenges to real-time payments. Device spoofing, malware, and stolen SIM cards are just a few ways that fraudsters can impersonate a legitimate customer.
If payments are in real-time, then the processes and tools FIs use to secure the payments network need to be in real-time as well. However, real-time detection and decisioning tools can’t slow down payments or create unnecessary friction for good consumers.
Here are five ways banks and credit unions can protect their institution with real-time monitoring and fraud solutions so that faster payments don’t translate into faster fraud.
1. Update your customer information system.
One important layer of security is validating the email address and mobile numbers that are typically used as a “token” to identify the customer account. You also need this information to contact your customers if you suspect a transaction may be fraudulent or to ensure that payments aren’t sent to the wrong person.
While you won’t want to request that customers update this information every time they sign on to mobile or online banking, periodically ask customers to confirm that the information you have on file is correct. In fact, there are solutions in the market that can help recognize if the phone number or email are associated with the correct customer, which can also help detect account takeover (ATO) attempts.
2. Review and update your authentication strategy in all channels.
Multi-layer authentication that combines something the customer knows with something the customer has enables you to ensure that you are interacting with a customer and not a fraudster. Review your authentication strategy, not just for real-time payments but across all digital and non-digital channels. Fraudsters are adept at using social engineering to trick agents into resetting usernames and passwords.
Each FI’s strategy will be unique based on their risk tolerance and how they choose to balance risk with customer experience. Being overly risk-averse will likely lower risk, but could inadvertently result in false declines. Being too lax may improve the customer experience, but will likely result in fraud increases. Finding a balance is key.
3. Have a real-time fraud detection system in place.
Since FIs have to make a decision on faster payments in real-time, you’ll need a platform that can provide intelligence about the transaction to decide whether to step up authentication. In addition to a real-time fraud detection system, ensure that you have interdiction capability so you can delay suspicious transactions before approving them.
4. Use layered security.
No one tool can protect against fraudulent payments, so FIs need to implement a multi-layered approach that they can step-up, or step-down, depending on the level of authentication required. It can make sense to use passive authenticators, such as whether the device is associated with a customer, by checking Mobile Network Operator (MNO) data to determine if there are any red flags. If there is a red flag, use active authenticators like a One-time Passcode (OTP) sent to a mobile device for added security.
5. Plan for the worst by developing a plan and continuously monitoring fraud levels.
Fraud isn’t a matter of if, but a matter of when and how badly. Every payment system is vulnerable, but as you roll-out real-time payments you’ll be especially at risk since fraudsters assume that you have not yet worked out all the security issues. To protect your customers and your institution during this transition, you may have to initially lower transaction limits following your launch and gauge and assess the risk vectors fraudsters are attacking and adjust where necessary.
Monitoring fraud levels and using analytics to determine how and where fraud is occurring allows you to make changes to your processes and tools to prevent additional fraud.
Real-time payments have changed how banks and credit unions approach fraud. Yes, there will always be fraud threats on the horizon, but with the right strategies in place, you can still meet customers’ needs for convenience and speed, while safely and securely mitigating fraud threats in real-time as well.
To learn more, click here to download Aite Group’s eBook, titled Fraud Risk Management in Real-time Payments.