Fraudulent activity is on the rise, with criminals looking to take advantage of the pandemic, and faster payments is shaping up to be a prime target. That is because faster payments shorten the time that financial institutions can use artificial intelligence and other fraud identifiers to determine the legitimacy of a transaction. Without a standard means for classifying fraud, financial institutions are left with the inability to collect the appropriate statistics that assist in locating where fraudsters are gaining access.
This topic is further explored in the US Faster Payments Council’s recent report, “Examining Faster Payments Fraud Prevention.” And a Model by the Federal Reserve’s Fraud Definitions Work Group, the FraudClassifer model breaks up transactions into two categories: authorized party and unauthorized party.
To learn more about the “fraud classifier,” and to better understand what’s causing this increase in fraudulent activity and how to stop it, PaymentsJournal sat down with Rebecca Kruse, executive vice president of operations at ICBA Bancard, and a member of the task force that worked on the white paper. She was joined on the interview by Tim Sloane, vice president of payments innovation at Mercator Advisory Group.
FraudClassifier model: Who initiated the payment?
Classifying the types of fraudulent activity taking place comes down to one question: who initiated the payment? As seen in the visual above, the party initiating the transaction is either authorized or unauthorized. Based on the answer, there are five possible scenarios for how the fraud is executed, followed by 12 possible conclusions.
“This is a giant step forward to help everybody standardize how they evaluate fraud,” said Sloane. Without specific vocabulary, individual representatives of financial institutions can run into points of confusion, leading to a delay in finding the tools needed to mitigate fraud and come up with a positive solution.
“All of these classifiers pertain to faster payments, except for two, which are very specific to checks and cards, physical alteration and physical forgery and counterfeit,” added Kruse. This is important now more than ever, as the technology in the payments industry evolves and the speed of payments continue to accelerate.
Trending: Fraud in faster payments
The U.S. Faster Payments Council identified three trends contributing to fraud in faster payments.
- The first trend is about identity and the vulnerability of consumer data, which directly correlates to a high number of data breaches that have happened over the past few years due to outdated methods of validating identity. “Nearly all the static fields that banks and merchants use to verify identity are available on the dark web, or even through social media platforms,” said Kruse. Answers to security questions—the name of a first pet, or a favorite color—are often visible on consumers’ profiles or somewhere on the internet.
- The second trend is authorized push payment scams. “This is a specific form of social engineering where a bad actor deceives consumers or businesses to send a payment under false pretenses,” explained Kruse. These “bad actors” target both consumers and entities in the mortgage business and that perform P2P payments, attempting to convince each party to submit payment to them. This is a particular challenge in a faster payments environment because the transaction happens immediately and is irrevocable.
- The third trend is social engineering. “Scams usually follow a pattern of contact grooming, and then funds extraction, which are often requested with a sense of urgency,” said Kruse. Scammers prey on human emotions, often targeting vulnerable groups, such as older adults. Under this scenario a bad actor fabricates an emergency that requires immediate funds and prompts the victim to forward money playing on a fabricated emotional attachment to the false identity of the scammer. This type of fraud highlights the need to “always verify someone’s identity through another method that the request is legitimate,” Kruse added.
Mitigating faster payments fraud
With fraudulent activity increasing, especially with faster payments, it is important to implement security methods that work against it. In the U.S. Faster Payments Council report, several promising mitigation tactics are proposed.
Three general categories are outlined in the white paper: behavioral and process controls, technical controls, and education and awareness. Behavioral controls speak to what consumers can do to help prevent fraud such as locking their device, closing out applications, and not writing down passwords. Technical controls implement AI and cybersecurity, using technology like physical and behavioral biometrics and complex passwords.
“For me, the fraud mitigation tactics that deserve more attention are education, first and foremost, holistic fraud detection, due diligence, and electronic consent-based social security number verification, or eCBSV,” said Kruse. It is important to educate bank management and their employees and for banks to be sure that they have properly vetted the security of every vendor. It is also crucial to build awareness of consumers, businesses, and anyone involved in faster payments. “Each stakeholder should understand the benefits, the risks and the best practices associated with any new technology,” Kruse said.
Advice for community banks
To help confront the changing nature of fraud, Kruse recommends community bankers take advantage of the available resources like those offered in the whitepaper and stay informed. Get involved with industry groups and committees to learn from peers and exchange best practices. Kruse also recommends community banks stay in touch with core providers and technology partners and get assurances of their preparedness to mitigate fraud before a product is launched. “These tactics aren’t new for faster payments, but real-time irrevocable settlement will definitely impact fraud trends.”
As always, community banks can rely on ICBA and its payments subsidiary, ICBA Bancard as a trusted partner for education, advocacy, and best-in-class resources in the payments space.