Real-time payments platforms sees higher losses for APAC banks

0

According to a survey by FICO, most banks in APAC say the introduction of real-time payments platforms in their country has resulted in increased fraud losses. -— AFP photo

SINGAPORE: According to a survey by FICO, most banks in Asia Pacific (APAC) say the introduction of real-time payments platforms in their country has resulted in increased fraud losses.

In a statement, it pointed out that the proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks.

Silicon Valley analytics firm FICO recently conducted a survey with banks in the region and found that four out of five (78 per cent) have seen their fraud losses increase.

Further to this, almost a quarter (22 per cent) say that fraud will rise significantly in the next 12 months, with an additional 58 per cent saying they expect a moderate rise in fraud.

“While the convenience of real-time payments is great news for customers, increasingly, banks have zero time to clear a transaction or payment. AI can’t slow down the clock, but it can help create systems that are radically quicker to recognise a transaction that smells likely to be fraudulent,” said FICO Asia Pacific president Dan McConaghy.

“Banks will need to move beyond passwords and OTPs and add biometrics, device telemetry and customer behavior analytics to keep up with the changing payments landscape.”

It said, when asked which identity and authentication strategies they used, the majority of APAC banks have a strategy of multifactor authentication (84 per cent). They increasingly use a wide range of authentication methods including: biometrics (64 per cent), normal passwords (62 per cent) and in last place behavioral authentication (38 per cent). Interestingly, nearly half of the respondents (46 per cent) are currently only using one or two of these strategies, potentially leaving them more exposed to attack vectors such as identity theft, account takeovers, cyberattacks.

“Why try to crack a safe when you can walk in the front door?” explained McConaghy.

“Criminals are trying to fool banks into thinking they are new customers or stealing account access by tricking people into making security mistakes or giving away sensitive information.

“When they are successful, criminals are making use of real-time payments to move funds quickly through a maze of global accounts.”

The survey bore this out with 40 per cent of banks in FICO’s survey naming social engineering as the number one fraud concern when it comes to real-time payments. Account takeovers were ranked second, with false accounts and money mules also rated as problems.

New forms of biometric, multifactor and behavioral technologies allow banks to stop payments being made, even if an account appears to be using the correct but stolen password or entering the right, but intercepted, one-time-password.

“Beyond this type of account take over, we also have authorized push payment fraud, such as when a customer is tricked into paying what they think is a legitimate invoice like a fake school bill or payment to a tradesperson,” said McConaghy.

“This type of social engineering is harder to stop but better KYC, link analysis to find money mule accounts and behavioral analytics to flag new accounts for a regular payee, are all examples of how to tackle it.”

Further to stopping fraud in real-time payments platforms, crimes such as drug trafficking, human smuggling, tax evasion and terrorism finance are also attracted to the irrevocable nature of instant payments. The lack of visibility between jurisdictions has seen regulators encouraging banks to move quickly in this cross-border payments space to ensure payments are compliant and secure.

In terms of mitigating this criminal behaviour, more than 90 per cent of APAC banks surveyed thought that convergence between their fraud and compliance functions would be helpful in defending transactions on real-time payments platforms.

“We estimate that there is about an 80 per cent overlap in software functionality between legacy fraud and anti-money laundering systems,” added McConaghy

“To tackle fraud and money laundering schemes that exploit real-time money movement you need to leverage all the available technologies, automate as much as you can and introduce models that can identify outlier transactions and customer behavior so your teams can spend their time investigating the riskiest of the red flags.”

FICO surveyed 45 executives from financial institutions across the region at its annual FICO Asia Pacific Fraud Forum.