Get ready for instant payments: Fraud edition
As your organization considers how to take advantage of instant payments to enable things like just-in-time payroll and bill pay, it’s important to review your key systems for readiness.
You can’t avoid it – the potential for fraud exists with any type of payment process, and that includes instant payments. As instant payments become more popular around the world, fraud will continue to be a threat. What does this mean for organizations that may be considering adopting instant payments?
It means that now is the time to start preparing for instant payments and taking steps to help mitigate fraud, including evaluating your organization’s current fraud management approach.
Understand the basics of fraud and instant payments
Let’s review the basics: Fraud is not new, or specific to instant payments, but it can be a dynamic and rapidly evolving threat. As such, there are some fraud management considerations to be evaluated when preparing for instant payments, including:
- Speed – Clearing and settlement occurs almost immediately, minimizing the time frame to detect fraud and stop fraudulent payments from processing.
- Finality – Immediate settlement equates to immediate irrevocability, with funds available for the payee to withdraw.
- Always on – Instant payments operate on a 24x7x365 basis, giving fraudsters the opportunity to attack at any time. That means that fraud detection must occur continuously, with processes or controls in place to act quickly.
“Organizations need to look at fraud related to instant payments differently,” explains Mike Timoney, vice president for secure payments with the Federal Reserve Bank of Boston. “You can’t assume that everything is going to be the same. The nature of instant payments needs to be taken into consideration, and organizations need to be prepared for it.”
Below are steps your organization can take to help protect itself and its customers against instant payments-related fraud.
Talk to the right people
As is the case in any instance when making a significant change in your organization, getting the right people at the table upfront is key to a successful launch.
Whether you have already decided to adopt instant payments, or are still in the consideration phase, engaging with your fraud experts should start as soon as possible.
“It’s important to get the fraud people involved in plans early. It doesn’t mean you have to build a best-in-class fraud system before you can launch instant payments, but your team can advise on a phased approach for enhancing your defenses that protect you even when initial volumes are low,” says Timoney. “Organizations need to be cognizant of their vulnerabilities; the worst thing they can do is nothing. What organizations need is a well-considered plan.”
This plan starts with your fraud management team, whether they are in house or your organization works with a service provider. They need to become familiar with the implications of the instant payments characteristics noted earlier so they can evaluate your current processes, procedures and systems, and then adjust them accordingly. For example, systems designed to combat fraud involving payments that are cleared and settled in batches on predictable cycles may need updates to address fraud involving payments that clear and settle instantaneously.
Review current fraud-fighting tactics
Chances are your organization already has a fraud management program in place. But if you are considering adopting instant payments, here are some key questions to consider with your team.
Are your fraud mitigation processes identifying fraud before it happens?
With instant payments’ speed and finality, it’s particularly important to detect nefarious activity as early as possible in the payment flow. Ensuring that you have a multilayered approach to fighting fraud is an important step. Do your fraud mitigation processes have robust user authentication procedures at login and continual verification of user contact information (e.g., email addresses and mobile numbers) to ensure they are up to date? Taking an extra close look at your authentication methods is vital to stopping unauthorized fraud before the transaction occurs.
“The ability to stop the fraud as far upstream as possible is crucial to minimizing downstream impact. Having a robust account opening process can help mitigate authorized fraud, while strong authentication can help combat unauthorized fraudulent transactions,” says Staci Shatsoff, assistant vice president for secure payments with the Federal Reserve Bank of Boston.
Instant payments are always on. Can the same be said for your organization’s fraud systems and tools? Having systems or tools that can analyze and manipulate incoming transactional data in real time, 24x7x365, may keep a fraudulent transaction from completing.
Are you enlisting your customers to help combat fraud?
Educating your customers on how to identify fraud attempts and protect their personal data, such as user IDs and passwords, will also be an important part of your fraud mitigation practices. Some practices that could prove helpful include:
- Communicating to customers that your organization will never ask for login information over the phone, email or text and encouraging them not to share this information with anyone.
- Encouraging strong and unique passwords for different accounts.
- Guiding customers to enable alerts for transactions from their accounts.
How are you classifying fraud?
To effectively fight fraud, organizations need to speak the same fraud language. With more consistent fraud classification, there can be a better understanding of fraud activity. Even amongst professionals within your organization, multiple terminologies to classify fraud across different systems can create barriers to fraud discussions, measurement, analysis and prevention.
One step your organization can take to get a closer look at how your organization is classifying fraud is by exploring the FraudClassifierSM model (Off-site), which enables organizations to systematically classify fraud involving payments. The model helps everyone in the payments industry get on the same page. The result is a holistic view of fraudulent events, which can help with a more strategic approach to fraud management.
Fraud happens. Is your organization prepared?
When looking at your current fraud management approach and your future with instant payments, it’s important to remember that these types of payments are immediate, final and always available. To help your organization prepare for this transition, be sure to add evaluating your fraud strategy to your instant payments adoption checklist. And stay tuned for additional articles in our “Get ready for instant payments” series that will help your organization continue to prepare for your instant payments journey.