Saeed Ahmad, Managing Director, Middle East, and North Africa, Callsign
Globally and at a rapid pace, people are beginning to approach almost all transactions with an online-first perspective. Consumers demand speed, simplicity, and security, and if a company can’t deliver on those promises, consumers will quickly switch to one that can. Peer-to-peer payments are one area where this trend has become especially widespread. Real-time payments (RTP) which have skyrocketed in popularity, are initiated, and paid nearly instantly, and allow users to make transactions around the clock, swiftly and easily.
By 2026, real-time transactions are forecast to comprise 10.4% of all digital payments made in the UAE, ushering in a revolution in the payments landscape. In addition, by 2026, it is anticipated that real-time payment transactions in Saudi Arabia will total 473 million, resulting in net savings of $109 million for both enterprises and consumers.
Real-time payments and real-time fraud
However, if not managed well, faster or real-time payment methods will open the door for criminal organizations looking to target transactions that are fast and irreversible. Fraudsters flock to places where money can be easily moved, and RTP is no exception. With the rise of rapid payments, established RTP markets such as the USA has seen an increase in financial crime at an alarming rate.
It’s vital to remember that bad actors aren’t bound by borders and have had plenty of time to develop techniques and tools that allow them to fully exploit RTP. This is especially concerning for businesses and their customers in countries where instant payment methods are just launching and will grow in popularity.
Because of RTP’s speed and irreversible nature, it is difficult for financial institutions to spot and prevent fraud when it is happening unless they have the right technology in place.
One common method scammers use for RTP fraud is social engineering, techniques such as coercion or manipulation of genuine users to transfer significant sums of money. Often acting as a bank, the police, or another authority and armed with the knowledge of banks’ transaction paths, fraudsters worry and panic their victims into making the transactions and are frequently able to talk their victims past static fraud warning messages that are typically the only line of defence against such fraud. And by the time the payment is made, it’s too late.
After the fraud has happened, institutions can find it difficult to identify that fraud has taken place, because it’s a genuine user making the payment, which is very different from the unauthorized fraud we’ve traditionally seen with account take over for example.
Social engineering is giving rise to a new fraud trend of authorised fraud or authorised push payment fraud (APP).
A modern solution for a modern problem
RTP is a twenty-first century solution for transacting quickly and combatting fraud and scam vectors that target RTP requires a twenty-first century solution.
Conventional fraud prevention solutions have traditionally operated on batch processing and can’t handle the additional speed and complexity associated with immediate payments. These solutions also focus on the accuracy of payment instructions supplied, but this rules-based approach can’t identify unusual consumer behaviour associated with APP fraud.
Today, many organisations looking to prevent APP fraud display fraud warning messages throughout a genuine user’s journey, for example at log in, when choosing a recipient to pay, or even just checking a balance. This blanket fraud warning approach does more harm than good, with customers saying they ignore them, and fraudsters know exactly when warning messages will appear, coaching users’ past alerts.
A real time solution is required, one that dynamically detects the danger of fraud looking at behavioural patterns of the user and using that knowledge to detect if the user is being tricked or coerced. Combing behavioural data with threat or malware detection, a financial institution can intervene if the user might be in danger. Interventions can deliver intelligent, contextual and timely fraud messages to the consumer or stop payments altogether. Crucially, for genuine users performing recognised activity these messages won’t be presented. This ensures users will not get message fatigue but, because the messages are dynamic, fraudsters will not be expecting them and will be unable to coach a user to ignore them.
Dynamically intervening is more effective in this situation because the process directly involves the consumer in identifying and stopping fraud. There is less chance that bank warnings will go unheeded because of the contextual and personalised nature of the warning messages.
It also offers financial institutions evidence that they acted to protect users from fraud, and with more regulations being introduced around the world, pushing liability onto FIs, this type of technology will help to demonstrate compliance.
Making the most of the future of payments
Real-time transactions are here to stay. Regrettably, so is authorised fraud. RTP represents a significant opportunity for banks and financial institutions to increase customer engagement, but they must first ensure that payments are processed securely. It’s clear a new approach to combatting scams and APP fraud is needed, and the best result for organizations in all sectors is layering solutions, using a combination of threat detection, dynamic fraud interventions and behavioural biometrics, to ensure genuine users are protected.