The payment landscape is evolving and changing – with new payment schemes and services launching across the world – and with that, payment fraud is changing.
Fraudsters can adapt, rapidly migrate and scale their fraud tactics across the globe by leveraging their strengths and taking advantage of organizations, and individuals, that are not prepared. Anyone who makes payments or uses payment services is a potential target as fraudsters now see people as the ‘weakest link in the chain’ and open to manipulation to help them achieve their nefarious aims. In the United States the FBI recently reported that businesses fell victim to $1.8bn of losses from just one type of payment fraud scam in 2019 and this is the tip of the iceberg. What do organizations need to do to outsmart the criminals and stay ahead of payment fraudsters?
The changing payment ecosystem
The payment landscape and ecosystem is evolving and changing with fintechs, challenger banks, and Payment Service Providers (PSPs) all helping to drive innovation in new payment services. Key to the growth in these services is an ever-increasing number of Immediate Payments schemes. Currently, 60+ countries around the world have already moved from batch payment processing to immediate payments that take seconds or less from payment initiation to settlement. Across all continents and regions, increased digitization of payment services and the move to online banking and e-commerce is driving change from batch payments to immediate 24/7 payments. While some countries had immediate payments for many years (Japan since 1973!) there is huge growth in last 5 years and even more to come in the next 5 years.
Coupled with the growth in Instant Payment schemes is the emergence of payment overlay services: schemes or services that use the new immediate payment rails to offer innovation in payment services. Examples include Request to Pay & use of QR codes, where the recipient initiates the payment request which is then authorized by the payer to instigate the payment. There are lots of these schemes already active in Asia and we will see a big push in the UK and Europe in the next few years. In India, the Unified Payments Interface (UPI) scheme has grown from zero to over 1bn payments per month in less than 3 years, showing the scale of consumer demand for these services.
We are also seeing growth in services allowing payment accounts to be linked to identity tokens such as pay-a-mobile or pay-an-email, and we will undoubtedly see an increased push from Big Tech companies to incorporate payments into social media and sharing platforms.
Regulators are also a key driver of change, with Open Banking/Finance schemes underway around the world these are opening banking and payment services to new participants. While PSD2 in Europe also creates a lot of change and disruption in payments ecosystem, hopefully most of it for the better, regulators around the world are pursuing similar options in their regions.
Standardization and interoperability are key factors in the success of payment schemes and overlays crossing national and regional boundaries. However, there is some way to go here as the payments market remains very fragmented along national and regional lines, much more so than card payments.
No doubt we will see more movement in this space. Changes like the ISO 20022 payment messaging standard and schemes like P27 (pan-Nordic payment scheme) and Swift GPI will help move immediate payments beyond national to regional and global multi-currency services.
There is a whirlwind of change and innovation, with lots of opportunities and challenges ahead, but what impact does this have in the fraud space?
New payment services create new fraud challenges & threats
With the change and innovation happening in payments this creates new fraud challenges and threats. These threats are emerging around the world on different timelines in different regions, providing an opportunity for organizations to learn and benefit from countries and regions that have gone before.
But it is also an opportunity for fraudsters. It means the evolution of the fraud happens much quicker; fraudsters can export models that work in one region to another region that is adopting similar technology. There can be a heavy price to pay for organizations caught behind the curve.
Immediate payments mean immediate fraud – fraud attacks can scale very quickly, and losses can grow exponentially. This challenges organizations to have fraud processes that respond quickly. Only using a rules-based detection approach, where it takes days to implement changes, can leave organizations exposed.
New overlay services are also at risk of opening new opportunities for fraudsters to exploit. Fraud controls can get left behind in the push to go-live with new payment services. It can mean organizations implement new services, e.g. Open Banking, without fully understanding the fraud risks and threats.
In addition, wherever payment fraud takes off we see a growth in ‘money-mules’. These are the accounts used to receive and launder illicit funds. This creates issues for banks and PSPs in managing their new account onboarding processes, as well as having processes in place to identify, manage, and close-down accounts misused by money mules.
The clear and obvious need is to move to 24/7 fraud response. Banks & PSPs can move from having days to investigate a suspicious payment alert to dealing with them in real-time. There is a clear need for 24/7 fraud response to make quick, but accurate decisions as customers are making immediate payments. And they will want immediate resolution when payments are delayed or disrupted.
Finally, there is a need for a coordinated response across the organizations using a payment scheme or service. There is generally a payer and payee in most payment frauds, and the account holding organizations need to work together to share intelligence to be able to recover funds.
In summary
The payment landscape is changing and evolving, which is creating positive opportunities for the industry. Awareness of potential new fraud threats must be considered with equal importance at the same time as adopting new innovations.
Payment fraud threats are continuously evolving and the big challenge to banks and PSPs is from customer authorized payment scams – where tried and tested fraud detection methods do not work.
Banks and PSPs need to evolve in response by using advanced analytics that can adapt and learn to spot anomalies from behavioral indicators.
Learn more about Payments Scams {ADD LINK TP SCAMS ONE PAGER} and watch a recording {ADD LINK TO ALEX VIDEO} from a recent talk I presented on this topic.
Share