Payments

Why faster payments mean faster fraud

  • Faster payments doesn't necessarily mean more security; if anything, they're an opportunity for fraudsters to exploit mobile payments, which don’t have as much of a clearing period
  • Fraud detection in banks, however, is no longer just about building a wall to keep outsiders out; cybersecurity teams need to install a filter that can identify who can and should enter the system
close

Email a Friend

Why faster payments mean faster fraud

Banks on the Zelle network may want to re-examine their growth figures for fraudulent transactions. Mobile payments are becoming more popular for consumers and financial institutions, but that could signal another rise in payments fraud, which is already on the rise according to new data from the Federal Reserve.

Less than a month ago Early Warning Services, the network that powers peer-to-peer payments platform Zelle, touted $75 billion in funds moved through its bank-supported platform with plans to expand its member network. One member bank, however, also reported a fraud rate of 90 percent shortly after implementing Zelle last year, said someone familiar with the statistics who wished to remain anonymous.

“Faster payments doesn’t really mean it’s more secure than traditional payments,” said Genevieve Gimbert, PwC head of fraud management consulting.

If anything, the opportunity for criminals and fraudsters to exploit operational and control loopholes in mobile payments is growing with the popularity of new vehicles like Zelle and messenger based payments because they generally don’t have as much of a clearing period.

“In traditional payments you have time to vet those payment requests and see if they’re fraud or not,” at least a couple of days. But faster payments that make the funds available within minutes, there isn’t as much time. “The biggest challenge is having the proper real-time fraud detection system in place to identify whether the payment request is suspicious or not.”

Fraud detection in banks, however, is no longer just about building a wall to keep outsiders out; cybersecurity teams need to install a filter that can identify who can and should enter the system. Upgrading fraud detection systems to ensure they work in real-time and can organize the data well enough and fast enough is a multi-million dollar effort, Gimbert said.

“Moving money in real-time from one account to another creates new opportunities for ‘bad actors’ to commit new types of fraud,” said Early Warning in an emailed statement shared with Tearsheet. “We work to prevent a range of existing and emerging threats that can compromise accounts, including measures to prevent account takeovers.”

Much of that work involves implementing multi-layer and multi-factor authentication during the enrollment process, the company said, in addition to “what we are doing 24/7 to monitor account activity and take action against fraud or potential fraud once anomalies are detected.”

Early Warning hangs onto customers’ email addresses and phone numbers and facilitates peer-to-peer payments across the banking network rather than having each individual bank set up agreements with 50 others. Each bank has an agreement with the other to make the funds of the transfer available right away even if they don’t process it until later.

Fraud didn’t increase because of the implementation of Zelle, though.

“It’s a game of whack-a-mole,” Gimbert said. “If the banks strike the controls on one channel, the fraudsters will move to identify other vulnerabilities in another channel.”

Cybersecurity has been a top priority for banks since the dawn of time, and as everyday activities become more digital and more social, banks’ are being targeted by simpler and more common types of attacks. Fraudsters are finding it easier to impersonate customers — either through phishing scams or, increasingly, when calling banks’ call centers — to gain access to legitimate login credentials. The call center is the most vulnerable channel today, Gimbert said.

Bank of America will spend $600 million this year on cyber defense alone, its chief operations and technology officer Cathy Bessant recently told Tearsheet. In December Menlo Security, a company that provides malware isolation solutions, raised $40 million in Series C funding, bringing its total funding to $85 million. JPMorgan Chase, HSBC and American Express Ventures are among its investors.

For the past couple months banks have also been enhancing authentication controls to move away from knowledge-based authentication — such as prompting customers to identify the last four digits of their Social Security number or their mother’s maiden name. For example, a number of banks such as Chase and Wells Fargo are pushing customers to adopt Apple’s Face ID and Samsung’s iris scanner technology.

Almost half of all phishing attacks in 2016 involved redirecting users to a phony banking website, according to Kaspersky Labs. According to a separate Kaspersky Lab survey of more than 800 financial institutions, 53 percent of financial institutions in the U.S. say phishing and social engineering attacks on customers are in their top cybersecurity concerns — followed by attacks on local/branch offices (33 percent), on digital and online banking services (31 percent), on back-office systems (23 percent) and on point-of-sale systems (20 percent).

But beyond the need for system upgrades, banks have fraud detection systems for each product in their organization, Gimbert explained. If the banks have segregated systems, they need to consolidate them or add yet another layer to identify and look at the risk across the various fraud detection system holistically.

“Checking accounts, debit cards, credit cards, ACH wires — they’re all segregated,” Gimbert said. “With faster payments you need to have a consolidated view of your risk whether I’m sending a check or processing a debit card transaction. You need to understand the customer as a whole and understand the potential fraud happening with this customer.”

0 comments on “Why faster payments mean faster fraud”

Member Exclusive, Payments

Payments Briefing: Behind Papaya’s bill payment technology

  • This week, we take a look at how Papaya uses AI to simplify bill payments for consumers and merchants.
  • We also explore PayPal’s entry into the stablecoin race, and how payments are increasingly becoming “invisible”.
Ismail Umar | January 13, 2022
Payments

Marcus by Goldman Sachs adds GM as second co-branded credit card

  • GM is going all digital by partnering with Marcus by Goldman Sachs and Mastercard to launch its new rewards card and loyalty program.
  • This represents Marcus' second big retail partnership after issuing the Apple Card in 2019.
Iulia Ciutina | January 13, 2022
Member Exclusive, Payments

Payments Briefing: 8 trends that will define 2022

  • We welcome the new year with our very first weekly Payments Briefing.
  • This week, we explore the most important trends that will shape the payments industry in 2022.
Ismail Umar | January 06, 2022
Payments

Has crypto entered the mainstream?

  • 2021 was a record year for crypto in more ways than one.
  • The industry attracted more investment this year than all previous years combined.
Ismail Umar | December 28, 2021
Payments

‘BNPL fraudsters aren’t far behind’: Payments predictions for 2022 (Part 3)

  • For this series on payments predictions for the coming year, Tearsheet asked over 20 experts to share insights on upcoming payments trends in 2022.
  • Key topics covered include B2B payments, cross-border money transfers, embedded finance, on-demand pay, virtual cards, stablecoins, digital wallets, P2P payments, and more.
Ismail Umar | December 23, 2021
More Articles