Real-time and near real-time payment systems have changed the very fabric of online commerce. Over 30 countries now have real-time payment processes of some kind, some of them in use since decades.
The growth in Real-time-Real-Payment-Systems (RT-RPS) has been encouraging, with 18 countries now having a ‘live’ RT-RPS systems in place. Additionally, 12 countries are exploring/planning/building RT-RPS systems, with another 17 exploring RT-RPS through a pan-European initiative.
Over the last year, papers on real-time payments published by the U.S. Federal Reserve Bank, the European Payments Council and the European Banking Association have created considerable interest within the banking ecosystem.
RT-RPS systems have some common characteristics, like instant clearing confirmation to support instant or near real-time posting by banks, 24/7/365 operations and a focus on richer data standards, such as ISO 20022.
In a real-time or a near-real-time environment, once the transaction is over, the money is gone, compared to traditional payment mechanisms which gave financial institutions ample time to scrutinize transactions before they were cleared. Fraudsters had to wait for the money to hit accounts before they could vanish with the loot.
By shrinking the transaction processing window, the time to detect and act on fraud is greatly diminished. So whatever the technology that is used to accelerate payments, it must also support the bank’s ability to detect and thwart fraud.
Launched in 2008, UKFP (UK Faster Payments) was one of the first of the new generation RT-RPS services. While UKFP has been a success, the potential for fraud was seen immediately. In UKFP’s first two years, fraud tripled according to behavioral biometrics firm Biocatch.
Even though the infrastructure was sound, the entry points to transaction initiation were weak, and this was exploited by fraudsters. To enhance authentication, some quick steps were taken to improve verification of customer credentials using two-factor identification, tokenization and smartcard readers.
Fraudsters today are increasingly using malware to hijack user sessions and move money quickly and automatically, forcing banks to further fortify their defense mechanisms. As countries continue to roll out faster payment systems, it would be wise to pay heed to these lessons.
Quite evidently, real-time payments calls for extreme real-time fraud detection and prevention.
Financial institutions must arm themselves with financial crime prevention capabilities that are able to detect, investigate, prevent and resolve financial crimes much more intelligently.
Faster payment services are typically available across multiple channels (IVR, online, mobile, ATM, POS, etc.), so transactions must be monitored (and anomalies acted up on) in extreme real-time and across all channels. An intelligent monitoring system must therefore cover all channels to look for undesirable patterns or deviations from a customer’s known/usual behavior.
Another critical risk in real-time payments is identity management. Multi-factor identification to confirm payment parties makes payment initiation more secure. Behavioral analytics and biometric information to combat remote access attacks and malware also add to the overall defense framework.
Besides helping real-time payment fraud prevention, detection and investigation, new age cross-channel, extreme real-time systems also address regulatory compliance and audits.
Not so long ago, fraud monitoring used to follow an ‘observe and report’ process. Global compliance efforts are now choosing to pro-actively stop transactions based on suspicious activities, before they are executed.
It has also become increasingly vital to utilize the collective, cross-channel wisdom about customers, so that even the slightest deviation during a real-time payment is detected in absolute real-time. Extreme real-time transaction monitoring enables banks to make more accurate, in-the moment, ‘segment of one’ interventions.
Constantly staying several steps ahead of sophisticated digital financial crime has become an inevitability amidst the economic and regulatory pressures challenging retail banking worldwide.
Financial institutions cannot do away with customers expecting immediate and secure real-time payment transactions. But with real-time payments increasing the vulnerability to financial crime, the situation demands more intelligent, extreme real-time and cross-channel preventive systems.