As the U.S. runs hurtling towards faster payments, better or at least different fraud controls are needed. As pointed out in an article in International Banker, U.S. bankers should study the implementation of Faster Payments in the UK, where increased fraudulent transactions resulted:
While banks and businesses both want a faster way to move money, data and a variety of other financial-service products across physical and digital borders, the high volumes of payments and the speed at which the funds are transferred could potentially allow fraudsters to take advantage of the new system. This happened in 2008 when the UK moved to faster payments, attracting the attention of fraudsters who seized the opportunity to steal and get away with money before being detected. Online banking fraud losses in the UK went from £22.6 million in 2007 to £52.2 million in 2008 and £59.7 million in 2009, before they started to drop again; but even by 2012 there were still £39.6 million in online banking losses.
The reduction in the time it take for transactions to clear also reduces the time available to detect fraudulent transactions. The irrevocability of some of the faster payments schemes also minimizes opportunities for recourse. As is pointed out in the article, many financial institutions will be dealing with this seemingly inevitable outcome of more fraud by adding more people to analyze transactions. This is a very expensive solution to a transaction that has an unproven business case. It seems that the industry needs to be running toward fraud solutions at a faster rate:
It will be paramount for banks to assess and choose the right fraud-prevention security platforms, and establish that they can handle additional real-time fraud traffic. Once the regulation takes effect, fraud-attempt numbers will grow, along with the introduction of new types of attack vectors. Current security controls such as transaction-based anomaly detection, device identification and MitB (Man-in-the-Browser) infection detection will become less effective at mitigating risks. Incumbent solutions will need to be complemented with a new-generation fraud-prevention solution that can detect new types of malware and remote-access attacks, and that cannot be easily circumvented.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here