Real-time settlement leaves little time to stop a fraudulent transaction, leading data firms to build new security networks that cover as much of the payments industry as possible.
Risk management firm Sardine this week formed SardineX, a payment fraud consortium that includes firms with different operating models. The group's members at launch include Chesapeake Bank, Visa, Blockchain.com, Alloy Labs Alliance and Airbase. SardineX joins a growing market of groups that are casting a wide net to snare relevant data.
"There's a visibility issue, where you have traditional payment rails on one side and emerging digital asset companies on the other," said Ravi Loganathan, head of financial institution services at Sardine. "With real-time payments there's a need to stop fraudulent transactions before they are made."
By including banks, card networks, payment service providers, fintechs and blockchain companies, SardineX hopes to improve information sharing between different industries that access the payments market. SardineX's network includes a shared database where members can access fraud or compliance-related data at the point of payment in real time. Universal identifiers (UIDs) will be created for any entity transacting with Sardine or with consortium members. Each UID will have a risk score, reputation grade and behavioral intelligence analysis to perform a real-time risk assessment.
SardineX's members access UID information and risk profiles through an application programming interface, and integrate data into their own risk models. The intelligence that comes out of these individual risk models is then poured back into SardineX to improve the consortium's fraud risk management over time. The consortium members own the cumulative data, and the members will develop operating rules to govern terms of data sharing. Sardine is an equal partner to the other firms.
"We cannot operate in isolation and hope to identify fraudsters in real time. We must collaborate across financial services to identify the bad actors and protect our customers and their accounts," said DJ Seeterlin, chief innovation and strategy officer at Chesapeake Bank, in an email.
The consortium has two initial focuses, though SardineX anticipates payment types will expand over time as the consortium's network gets larger and accumulates more data. One early threat is friendly fraud for instant payments, or when a consumer makes a "real" purchase then files a claim that the transaction was illegitimate and asks for a refund. The other is gauging counterparty risk for P2P payments.
"There's an increasing need to understand who is on the other side of the transaction," Loganathan said. "There's early detection here."
Banks are traditionally reluctant to share information that may be deemed proprietary, but some banks have expressed concern about the shorter risk windows that come with instant payment processing. At
Strength in numbers
Other financial data companies are building networks similar to SardineX to address payment fraud. Account aggregator
Sardine's Loganathan did not rule out collaboration with other networks, since adding scale and bringing in diverse signals are key to detect emerging fraud vectors in real time. The consortium plans to announce additional collaboration and partnerships in the coming weeks.
"2023 is the year of information sharing when it comes to financial crime and fraud," said Greg Woolf, founder and CEO of FiVerity, a three-year-old data security firm.
"Instant processing will be one of the catalysts that leads more financial institutions to share fraud data," Woolf said. "We've gotten to a critical point in the digital payment market's development."
FiVerty has developed an API that's designed to plug into small financial institutions — generally community banks and credit unions — to access intel on payments fraud in real time. Thus far, it has accumulated 2 billion data sources, which are shared among the firms to spot potential payment fraud early.
"Anonymized data sharing is where the real value lies," Woolf said of the effort to build a network of both financial institutions and payment companies.
These projects may face challenges in building scale, due to the number of financial institutions.
There "absolutely" is a gap in fraud detection and risk mitigation that exists within the financial services industry, according to David Mattei, a strategic advisor for Datos Insights. "Effective fraud detection and risk mitigation requires strong insights into fraud trends and patterns," Mattei said. "That requires a breadth of data."
The issue is that there is very little data and information sharing today among financial institutions, and much less between banks and fintechs, Mattei said, adding this enables crooks to leverage these data blind spots to commit attacks.
The problem is most acute in the United States where there are more than 8,000 financial services firms.
"Sharing data across such a large and diverse ecosystem is difficult," Mattei said. "There are some efforts to address this issue but they are incomplete."
Those efforts mainly come from the fraud vendor community, which has scale and a pool of data to create a consortium-level view of fraud and can provide strong fraud mitigation technology. But there's still a lot of banks and fintechs to cover, Mattei said.
"It is an unfortunate situation," he said. "Mitigating fraud should be a strong incentive for everyone. Hence data sharing should be a welcomed initiative. However, financial institutions are reluctant to share data with each other out of regulatory and legal concerns."
