As the world hurtles headlong toward real-time payments, speed and efficiency have often been prioritized over security. However, with faster payments comes faster fraud, and just as organizations deploy technology to streamline their systems, criminals are deploying complex schemes on a global scale.
In a recent PaymentsJournal podcast, Dal Sahota, Director of Trusted Payments at LSEG Risk Intelligence, and Brian Riley, Director of Credit and Co-Head of Payments at Javelin Strategy & Research, discussed the prevalence of fraud, the challenges it presents as payments accelerate, and the ways organizations can defend themselves.
Sophistication at Scale
Criminals seize upon any weakness they can exploit. They might imitate genuine companies or individuals using deepfake IDV profiling and attempt to manipulate organizations, or use authorized push payment scams to defraud vulnerable individuals.
“Is there ever a day where I don’t hear a new anecdote about fraud, or new evidence of fraudsters’ sophistication?” Sahota said. “The sophistication is at a scale we’ve never seen before, and it’s across the globe. It’s not one or two individuals, its highly sophisticated networks that are creating a dramatic impact and financial consequences across the ecosystem.”
Traditionally, payment systems had built-in delay payment processing, particularly to provide a buffer for merchants, customers, and institutions. The added time gave all parties an opportunity to ensure that the transaction was legitimate and authorized.
As technology has accelerated payment processing, the objective has shifted to delivering funds to recipients in real time. However, this eliminates the longstanding safety net, as instant payments are often irrevocable.
“A good example is credit cards, which traditionally took three days to reconcile,” Riley said. “It was practical because the business model was built in the 60s and 70s and that delay was inherent. Now even debit card payments, or a clearance on a check, they happen in a snap. It’s important to have controls on the front end of the process rather than on the back-end settlement.”
A Perfect Storm
Guardrails are even more critical as cross-border payments gain traction. Fraud is more difficult to catch when payments are sent across different jurisdictions, and criminals know that.
“It’s a payments perfect storm where on one side you have faster payments, which create a lot of benefits across the marketplace,” Sahota said. “But at the same time, on the right-hand side of that storm, the deep clouds of fraud are exposing vulnerabilities due to the speed at which payments can move today.”
Faster cross-border payments face issues on several levels. Some countries have fraud controls built into their financial infrastructure that make it simpler to conduct bank account verification, and to identify and share data on fraudulent accounts and cards.
“Banks are typically linked through the central bank, so there’s an easier flow in countries like the U.S. or Canada,” Riley said. “Without that link, there’s no universal banking rule for fraud mitigation or vetting payments. You have that complexity where it’s going faster, it’s crossing borders, and countries have different standards for fraud management throughout.”
High Exposure
Fraud vulnerability is especially pronounced in industries that are less regulated or lag behind in adopting digital payment processing. These organizations are more likely to rely on paper-based or email-based communications, which create exploitable weaknesses for criminals.
Authorized push payment fraud, where criminals send phony invoices or pose as vendors, has become a rampant threat. Criminals know it can be difficult for larger organizations that receive invoices from multiple supply chains and multiple vendors to keep tabs on each invoice.
“When an update comes through from a vendor that their bank details have been updated, there aren’t effective ways for companies to carry out verification on all those types of invoices and all the updates coming through,” Sahota said. “That creates high exposure on the side of corporates, who might not have the anti-money laundering or fraud controls to mitigate that exposure.”
Within the payments infrastructure, there is often an assumption that companies will establish their own frameworks to manage risk. In contrast, regulators typically assume that consumers lack the knowledge or the resources to protect themselves. While consumers protection is crucial, the risks faced by organizations can be equally damaging.
“Instead of consumer payments where you’re moving high-volume, low-value payments in the thousands of dollars, corporates are moving low-volume, high-value payments in the millions, or tens of millions of dollars,” Riley said. “If you picture a multinational company where invoices are coming in, It’s a great environment for fraud.”
An Array of Protections
Because criminals are constantly probing for weaknesses, organizations require multiple layers of defense. Protections should be in place at every critical touchpoint: during customer onboarding, when users make account changes, and as transactions occur.
“It’s not one defense, it’s multiple defenses,” Sahota said. “At any touch point where a customer—or a potential fraudster—is engaging with your business, you want controls and defenses in place. Continue to update them on a cyclical basis because as criminals get smarter, they’ll find ways to sophisticate and infiltrate an enterprise. “
One of the reasons why it is so critical to have ongoing fraud prevention initiatives is because, in many large companies, there can be delays in implementing new solutions and procedures. On the other hand, criminals don’t need meetings and approvals to shift course.
“How do we get in front of the problem and get ahead of the fraudsters, when they seem to be somewhat ahead, if not way ahead, of the market?” Sahota said. “The agility of the fraudster means not all these problems can be solved by one mechanism.”
The Right Hands
In discussions about innovation, faster payments, and new fraud prevention solutions, the impact of fraud can sometimes be dismissed.
“We should not lose sight of the emotional impact fraud creates,” Sahota said. “It could be for anybody—brothers, sisters, moms, dads, grandparents—there’s no immunity here. At the corporate level there can be reputational impacts, but there are also impacts to employees. If an accounts payable member pushes out a payment to a fraudulent vendor, they may have the fear of being fired or facing repercussions.”
Fraud has such far-reaching impacts on both a corporate and individual level that it should always be top of mind for organizations. That is especially true as faster payments continue to gain traction.
To combat that threat, many companies are turning to solutions like LSEG Risk Intelligence’s Global Account Verification platform. The platform was specifically designed to combat authorized push payment fraud—it is a global account verification product which allows customers to input key data elements and verify a recipient before a payment is issued.
“It provides greater certainty that you’re not getting duped out of funds, that you’re not getting scammed,” Sahota said. “There is greater certainty at the point of payment initiation, so an organization knows that the money is going to land in the right hands, and not the wrong hands.”
