Fraud in faster payments was a hot topic at last week’s NACHA conference, Payments 2018. Front and center in the conversation were how to manage fraud in real time P2P transactions. This topic was inflamed recently by the New York Times article which chose to print a quote from a source that exclaimed fraud in P2P, and specifically, Zelle was reaching unsustainable levels. The quote was later revealed to be unsubstantiated, but the issue of fraud in faster payments remains and too much fraud is still slipping through. Two types of fraud that are persisting as new faster payment options are rolled out were discussed in an article in Bank Info Security. The first type of fraud has been around since money was invented:
The scam is relatively unsophisticated. Victims are asked to pay with Zelle for goods or services on websites such as Craigslist. Once the payment is sent, the fraudster doesn’t deliver the goods, closes the receiving bank account and is able to make off with the transferred funds before the victim realizes that a crime has occurred. And because the customer willingly sent the funds for payment, they are often left on the hook for the fraud losses by their financial institution.
Regulating this type of fraud or holding the faster payment provider labile for a consumer’s lack of diligence sets a dangerous precedent. Where does it stop? If the same consumer used cash, would the U.S. Mint be held accountable? Better communication with consumers regarding their liability is in order, however.
A different type of fraud, namely synthetic fraud is one that financial institutions need to be accountable for and should look for improved detection. Faster payments make this type of fraud even more attractive:
Robust authentication at the point of account opening is critical in controlling faster payments fraud. But new customers may be dissuaded from enrollment if they have to jump through too many authentication hoops.
“We generally advise a layered, orchestrated and risk-adjusted approach, combining passive methods, such as device profiling and behavioral biometrics, with traditional data,” says Aaron Press, director, market planning fraud and identity, at Lexis Nexis. “And while it is critical to limit friction whenever possible, there will be times when we need to ask for more information or stronger authentication, such as with a one-time password or a KBA [knowledge-based authentication] quiz.”
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group