Close-up of the moon with three fraudsters around it one holding a telescope, one holding a lit bomb, and one typing on a keyboard representing real-time payments fraud.

As I recently explained at Payments Canada, there are two sides to real-time payments (RTPs), a bright side and a dark side. Banks taking their first ventures into this uncharted territory need to be prepared for the dark side and prevent real-time payments fraud as they explore the bright future of RTP’s benefits.

In some respects, real-time payments are much like the two sides of the moon. On the bright side, there’s an exciting opportunity for banks to tap into the transformative power of real-time payments and the myriad use cases it presents. But banks can’t overlook the dark side of real-time payments: fraud. Unfortunately, as with any new and groundbreaking technology, fraudsters are often the earliest adopters. They will wreak havoc on long-term plans for real-time payments if financial institutions aren’t prepared.

To successfully navigate the bright side of real-time payments, banks must first understand the dark side. Let’s explore this unfamiliar territory to ensure banks worldwide are well-prepared to prevent real-time payments fraud.

Key Real-Time Payments Fraud Lessons from Around the Globe

As banks prepare for their real-time payments initiatives, looking to other regions’ early experiments with real-time payments and fraud is essential.

After the UK launched its Faster Payment System (FPS) in 2007, the nation saw a surge in fraud cases. Many cases involved money mules to shift funds from one account to another. 

UK banks responded by implementing real-time detection systems to prevent account takeover fraud. But fraudsters have recently shifted their tactics to scams which have significantly increased in recent years, even surpassing card fraud in the UK. UK regulators have implemented measures like Confirmation of Payee (CoP) and Contingent Reimbursement Models (CRM) to protect customers from scams. These measures are also shifting focus to first-party fraud scenarios and assessing customer risk to thwart money mule activity.

Meanwhile, fraud rates skyrocketed by a 4-figure percentage within the first three months after Italy’s faster payment system launched. This surge in fraud highlights the challenges banks can expect and the urgency of investing in robust fraud prevention and risk mitigation strategies. 

Both the United States and Canada are preparing to launch real-time payment systems in the coming months. These systems will unfortunately also attract fraudsters who will use them to push authorized push payment (APP) fraud. If customers approve the transactions, funds will be delivered immediately, with no chance of recovery. 

Best Practices for Ensuring Customer Safety with Real-Time Payments Roll-outs

The lessons outlined here provide critical learnings for banks preparing to usher in real-time payments. As they look to adopt real-time payment services, financial institutions will also need to balance risks, such as data and privacy breaches, with the delivery of secure and seamless customer experiences. 

Banks should completely re-evaluate how they deliver their customer journeys. This re-evaluation should be divided into three key stages: pre-event, in-the-moment, and post-event.

Pre-event Analysis

Banks should develop a deep understanding of their customers and their normal behaviors before they transact. Knowing who customers are and how they usually transact empowers FIs to detect and respond to unusual events and mitigate potential fraud and scam risks. It’s also important to strike a delicate balance between personalization and data protection. Customers may increasingly expect personalized experiences and services. However, collecting vast amounts of data increases the risk of exposure from a risk management and data protection standpoint.

In-the-moment Transactions

The real-time payments landscape demands both speed and transparency to cultivate customer trust. Clear, fast, and open communications reinforce a financial institution’s commitment to protecting its customers from fraud and scams. For example, it may be necessary to terminate a session or block a transaction if the bank detects suspicious activity. In this situation, it’s imperative that banks intervene and communicate quickly with customers to explain what may have occurred.

Post-event Response

After an event is detected, FIs must proactively communicate with their customers about how they plan to prevent future incidents. FIs should be prepared to outline the specific measures they are taking to bolster security and prevent future occurrences. These measures will demonstrate to customers that their bank takes their safety seriously and is committed to protecting their well-being.

How to Prevent Real-Time Payments Fraud

Real-time payments offer banks and customers an exciting way to send and receive money. They offer several advantages over traditional payment methods, such as speed, convenience, and transparency. But fraudsters are always looking for new ways to steal money, and RTP’s speed and convenience make it an attractive target.

Here’s how financial institutions can prevent real-time payments fraud. 

Assess your bank’s fraud readiness

Banks should audit their organization’s preparedness for real-time payments fraud threats. This includes understanding the current fraud risk level, identifying critical vulnerabilities, and developing a plan to mitigate those risks. 

Develop a risk strategy 

A bank’s real-time payments risk strategy should include a clear definition of fraud, a plan for detecting and preventing fraud, and a process for responding to fraud incidents. Start with focused typologies, threats, and use cases with the most significant benefits. For example, consider starting with first-party deposit fraud and identity theft and plan to shift to synthetic ID later. 

Implement a 360-degree view of risk

A complete view of the customer’s risk level and history allows banks to connect important dots and better align fraud cases with transaction monitoring. This goal remains on the “to-do” list of many financial institutions. Implementing it can be challenging because of the spaghetti-like arrangement of siloed systems built up over the years.

Don’t use generalized risk models

Generalized models are insufficient for the types of fraud and scams that will thrive in the real-time payments era. Banks need to build different models for different fraud typologies, bespoke to their own institutions instead.

For example, an account takeover model will analyze anomalies in the device used, login time, and geolocation. But if banks were to apply this same model for a scam scenario, it would be overlooked because the account owner would be authorizing the payment themselves – therefore, the device, login time, and geolocation would all appear as normal.

Prepare response teams for different scenarios

Different types of fraud and scams require their own responses. Banks should establish response teams to respond to different types of fraud. This includes a team specifically tasked with handling scam victims, another to address money mules, another to address account takeovers, and more. This will help banks respond quickly to different fraud incidents.

Educate customers about real-time payment fraud

The customer is the biggest vulnerability for real-time payments fraud. With funds able to move and settle in a matter of seconds, customers must be vigilant against potential threats. Banks should teach their customers how to protect themselves from fraud and to detect scams before they can do real harm. Banks should also provide their customers with the necessary resources to report suspicious activity. 

Don’t delay relevant fraud platform modernization initiatives

In surveys conducted by the US Faster Payments Council, 50% of respondents confirmed that they have been investing or planning to invest in fraud detection and prevention technology with the introduction of real-time payments. At the top of those investments were Artificial Intelligence and Data Science toolsets and strong customer authentication, including multi-factor authentication and biometrics data. 

The ISO20022 standard creates new opportunities, given the richness of data transmitted with the payment. For example, in the Netherlands, participating financial institutions have used the text field of ISO20022 messages to provide the risk scoring of the sending bank to the receiving bank. This has also helped with fraud-fighting at the level of market infrastructure entities or country-specific clearing networks, which have visibility across the system. 

It takes the broader ecosystem in each country, in addition to financial institutions, to prepare for the bright side of real-time payments, with the right security and trust measures built on the dark side. 

Real-time payments promise to deliver exciting benefits for bank customers. But banks can’t afford to overlook the associated risks. That’s why it’s essential to take proactive measures against fraud. If banks implement effective fraud prevention measures and strategies, their customers will be over the moon.