Fighting fraud in real-time payments: a balancing act
As the global trend towards real-time payment systems continues to accelerate, many industry stakeholders fear increased fraud – and rightly so. One of the most pressing issues for banks, system operators and regulators is how to increase speed without sacrificing security.
In this new payment landscape, can technology contribute to fraud and financial crime prevention, rather than simply speeding up payments? And in a world of instant payments, how much risk is too much? Are regulators ready to adapt a risk-based approach across the board, or does a zero-tolerance approach for certain compliance activities still stand? As new payments bring about new methods of fraud, how are financial crime compliance teams shifting their focus to prevention rather than detection?
When real-time and instant payments systems have been launched around the world, fraud attempts have immediately followed. Such payments are a new paradigm, delivering 24x7 payments transfers in a matter of only seconds. Unfortunately, instant payments could open the door to instant fraud.
Everything must be balanced: banks are obliged to abide by data protection and privacy laws and the fines for breaching these laws are very high, but we also need to find a way to share information so we can more effectively fight payments fraud and maintain our customers’ trust in this new instant way of paying
Head of Interbank Relationships, Global Transaction Banking
Before it introduced the SEPA instant credit transfer, SCT Inst, into the Single Euro Payment Area (SEPA), the European Payments Council (EPC) discussed options for fighting fraud with regulators and other bodies in countries that had experience of real-time payments. Based on those discussions, a ceiling was placed on the maximum amount that could be transferred using SCT Inst – EUR15,000. This ceiling, which reflects the fact the eurozone is a new-born real-time payments market, is foreseen to be reviewed after November 2018. The imposition of the limit has, to an extent, hampered development of real-time payments in euro, particularly for B2B use cases. However, as the market matures, it is likely this ceiling will be raised as participants feel more comfortable with this new payment paradigm.
Banks, infrastructures and regulators must work together to tackle instant payments fraud. At the bank level, technologies such as intelligent scoring and detection tools, can be deployed to identify and block suspect transactions. Infrastructures have an important role to play because they are in a position to identify abnormal patterns, on a country-wide or regional level, within the huge volumes of payments they process. By deploying the same technologies as banks, infrastructures can identify wider trends and alert banks to these. Finally, regulators can use their high-level position to harmonise laws, particularly around data privacy. The industry’s fight against fraud has been hampered by legal restrictions to communicate fraudulent parties’ information such as IBANs to counterparts, which is made more complex by the differing national data protection and privacy laws. Harmonising information sharing at the SEPA level will be vital in the fight against fraud.
On the technology level, a big issue for banks in implementing real-time and instant payments is the filtering of the flows. This has to take place in order to comply with international rules in respect of sanctions and be followed by any action very quickly for the payment to be processed within the required time. If the filtering tool identifies an atypical payment that requires investigation, it is impossible to process that payment within the time expected. Like many banks, Societe Generale, is investigating artificial intelligence (AI) and robotics technologies that will enable it to detect only the real problem transactions and complete all the others quickly.
The main issue is false positives – transactions that are flagged as atypical but in fact are legitimate. This is a particular problem with sanctions lists as names similar to those on such lists can be identified as a problem. Robotics should enable banks to immediately investigate such instances (e.g., the name is the same as a sanctioned party, but address and other details are different) online and clear the transaction immediately if appropriate.
Another area that has promise to improve detection is credit scoring. Societe Generale is building intelligent scoring capabilities on unitary credit transfers. Based on our knowledge of our customers, we set a certain score and execute instant payments that reach that score; anything below, we investigate. In detecting and preventing real-time payments fraud, banks must also consider the customer experience. If we want real-time and instant payments to succeed, we must ensure the user experience is perfect.
Real-time payments require very efficient tools that can deliver answers to queries on atypical payments as fast as possible. It is challenging, but there is a big demand from customers for such capabilities
Chief Compliance Officer, Global Transaction Banking
In creating a new way of paying, banks need to ensure they can also create and maintain trust in that new instrument. This takes time, but fraudsters do not wait; they attack new payments channels and instruments from the beginning. Collaboration with infrastructures and regulators, and the application of new technologies will help the industry to fight back against fraudsters while ensuring customers receive the instant service they expect.