As real-time payment (RTP) schemes move from pilot to implementation worldwide, cybercrooks follow, drawn by the lure of instant ill-gotten gains at scale.
First, appreciate how far RTP had come. PYMNTS recently reported that “66.7 percent of executives consider themselves ‘very’ or ‘extremely’ aware of Real-Time Payments, while 71.9 percent said they are ‘very’ or ‘extremely’ interested in the system. Indeed, 85.3 percent are either currently implementing RTP or plan to do so within the next three years.”
Then, think about what that awareness means to cybercriminals. They’re also “very interested.”
“Real-time payments are becoming more and more popular among consumers and businesses alike, but some FIs are finding it challenging to safeguard such systems. These struggles are leading many to examine cutting-edge tools that can help them better protect these transactions from fraud,” according to PYMNTS January 2021 Real-Time Payments Tracker(R) done in collaboration with The Clearing House.
The new Tracker cites one study where very nearly 80 percent of financial institutions (FIs) surveyed in the Asia-Pacific region “reported rises in fraud losses after debuting real-time payments services. Tools that help banks quickly analyze consumers’ behaviors for suspicious activities could help banks level up their defenses and ferret out bad actors before fraudsters pull off their scams.”
Protecting RTP is critical to its wide acceptance as another arrow in the payments quiver.
PYMNTS January 2021 Real-Time Payments Tracker(R) done in collaboration with The Clearing House examines the fraud-fighting needs of real-time rails as they move to the fore in a post-pandemic world fixated on instant payments, cross-town and across oceans.
Safeguarding Irreversible Payments
PYMNTS latest Real-Time Payments Tracker(R) tells of how Los Angeles-based auto finance firm Westlake Financial onboarded RTP cautiously, spending six weeks testing use cases and troubleshooting fraud scenarios before switching it on. “The company was well aware that immediate payments could bring reduced administrative costs, rapid speeds and 24/7 year-round availability, but such transactions are also nearly irreversible, adding complexity. Payments sent to the wrong account by mistake or as a result of a fraudster’s scam cannot simply be cancelled before the funds settle,” per the Tracker.
That’s about par for real-time payments. “The security measures FIs need to deploy to take advantage of real-time payments include techniques that are well-known in the information security space, such as multifactor account authentication, identity confirmation, fraud-monitoring tools and encouraging account holders to use strong passwords and safeguard usernames and account information,” TCH’s Ledford said.
Nacha, the rulemaking entity for the Automated Clearing House networks in the U.S., has been working with banks and corporates on faster payment solutions for some time, and recently began developing a new set of resources to boost this effort. Still, “FIs and corporates may struggle to determine whether they would benefit from using Same-Day ACH, The Clearing House’s RTP(R) network or other options to suit their needs, and Nacha aims to assist.”
As coordination continues, robbers never sleep. That’s why RTP networks and partner organizations in the space are busily securing the channel ahead of a big public debuts.
Tokenization, Authentication Working Invisibly
With the next year expected to bring multilayered security and fraud detection evolving with more advanced artificial intelligence (AI) algorithms that identify potential fraud before it takes place, would-be riders of real-time rails — and those that provide them — are busily plugging up cyber holes.
“The RTP network is also deploying tokenization for accounts on the network, where a token is used for account numbers. Tokenization increases security without harming the user experience — tokenization happens behind the scenes — because the unique token is transmitted during the transaction, not a customer’s account details,” Ledford told PYMNTS.
He added, “These measures will also help avoid payments made by mistake. Account authentication … will make sure the account holder is the one sending the payment, not a fraudster. This is important because payments on the RTP network are credit transfers and are irreversible in most cases. (It’s worth noting that most fraud involves debits, not credits.)”