A post in Global Banking & Finance Review reminds the payments industry that with the dawning of faster payments comes the need to focus on faster and just better fraud detection. This is nothing new, yet a number of financial institutions have not yet made the necessary adjustments to better secure payment types like same day ACH or real time person to person transactions:
“….banks currently rely on a layered approach combining various techniques. But somewhat surprisingly in today’s automated world, checking payment mandates and unusual account activity manually remains a mainstay of the traditional clearance process.
The problem is, manual review is simply not feasible when the clearance time for account-to-account transactions is measured in seconds, not days.
Importantly, fraudsters recognize the challenges facing banks when transitioning and are ready to exploit any vulnerabilities as soon as a RTP scheme goes live.
Banks need to get ahead, be proactive and protect the account data itself, rather than simply be reactive and wait for the fraudsters to strike.”
Another point made is that fraud will gravitate to the weakest point in the payment process. With card and transaction data now encrypted or tokenized much more frequently than it had been in the past, the next point of attack are DDA credentials which are frequently stored in the clear:
“For various reasons, Demand Deposit Account (DDA) credentials, which relate to current, savings or checking accounts that are used for direct credit transactions through automated clearing house (ACH) processing, are an increasingly attractive target.”
Overview by Sarah Grotta, Director Debit and Alternative Products Advisory Service at Mercator Advisory Group