Article

Fraud mitigation in an age of real-time payments

Man and woman looking at computer screen

Data and robotic processes make the difference


Any time a payment changes hands, there is the potential for fraud. Financial institutions implement fraud mitigation measures to monitor transactions. But now that the time window for transactions has gotten much shorter, the challenge is more acute.

In the early days of ACH, an institution had up to three days to review transactions before completion. But with the advent of next-day payments, and now real-time person-to-person (P2P) payments services such as Zelle®, fraud detection and mitigation should take place in seconds.

How can financial institutions do this more effectively? The question is especially pertinent because fraud attacks are becoming more sophisticated.


The cutting edge of fraud

There was a time when the majority of the noncard payment fraud was aimed at account takeover, using malware, keyloggers and other disruptors on consumer computers to capture usernames and passwords. Now, with access to faster and cheaper computing, as well as use of AI-assisted fraud tools, criminals have elevated their game and shifted their targets to weaker, more profitable points in the financial services chain.

Survey data from the Federal Trade Commission reveals that consumers reported losing nearly $8.8 billion to fraud in 2022, which is an alarming increase of more than 30 percent over the previous year. Investment schemes and impostor scams led the way in the amount of financial damage inflicted, with most losses incurred by consumers contacted by swindlers through social media or phone calls.

Fraudsters try to gain emotional dominance over their victims by exploiting human feelings and desires. Some examples:

  • Greed: Criminals offer their victims easy money through various funds-shifting schemes
  • Fear: Scammers send communications to consumers claiming to be public utilities, the police or the IRS, threatening punitive action unless a payment is made
  • Loneliness: Isolated people seeking companionship are lured by fraudsters into bogus, long-distance romantic relationships only initiated to ask for money

All of these are variations on the time-worn theme of gaining trust through deception – except this time, the funds lost are being transferred almost instantaneously.

How does your institution stanch fraud in an age of virtually instant funds transfers, and stop bad actors before it’s too late – while still providing a frictionless experience for the consumer?


Data to the rescue

There is no silver bullet for stopping fraud, but a risk strategy that considers potential vulnerabilities and specific mitigation actions may help reduce exposure. Layered security across different risk events should be a part of that risk strategy. The solutions your financial institution uses for real-time payment fraud mitigation should have the following characteristics:

Intelligence from consortium data. Billions of card and P2P transactions are processed around the world daily, and they all leave a digital footprint. Your financial institution needs instant access to both internal and external sources of this transaction data to evaluate the integrity of real-time transactions.

Real-time risk scoring and interdiction. Transaction time is short; each payment must be evaluated while the transaction is in progress, so real-time decisioning and risk mitigation actions can take place before the payment is submitted for processing. Of course, that’s why you need the big data access.

Many factors can be evaluated to calculate a risk score associated with a payment transaction: sender and recipient information; device reputation and mobile device ownership data; known discrepant data; geolocation information; and many others. The evaluation process allows for the automated discovery of patterns across large volumes of streaming transactions.

Because of the many possible data points to be considered, optimizing the use of machine learning is essential to all of this. Machine learning helps data scientists determine which transactions are likely to be fraudulent, while reducing false positives. If done properly, machine learning may be used to distinguish between legitimate and fraudulent behaviors while adapting over time to new, previously unseen fraud tactics.

Multiple migration options. Based upon the risk score calculated for each transaction, several risk mitigation modes should be available to verify that senders and recipients are who they say they are, and that funds are being transferred to legitimate destinations. These measures may include one-time passwords, two-way secure SMS messages, knowledge-based authentication challenges and automatic holds or cancellations of the highest-risk payments.

Robotic process automation. With the torrent of real-time payments, every financial institution’s goal is to respond quickly to fraud events with minimal human intervention. Leveraging robotic process automation helps achieve this goal. There are several processes, such as suspension of fraudulent sender and mule receiver accounts or profiles, that could be triggered automatically because of a fraud chargeback, to stop further migration of fraud across your various products and the wider financial network.

A quality consumer experience. With a real-time payment fraud solution working in the background, the consumer should really notice no difference in the pace or convenience of transactions. The process should be easy, transparent and frictionless. Optimal and relevant transaction authentication deters fraudsters and provides your users the confidence of a safe and secure transaction.
 

Living in real time

Real-time payments are here to stay, with Zelle®, the RTP® network and the FedNowSM Service among the most prominent players. With the right tools, your financial institution can be better positioned to prevent and detect potential payments fraud more effectively while serving consumers well, even in this fast-paced environment.