Faster payments have plenty of benefits for businesses and consumers, but the technology has also opened the door to a new breed of fraud: authorized push payment (APP) fraud. Banks and their customers have taken a considerable financial beating due to APP fraud. As losses soar, FIs are struggling to get a handle on this increasingly sophisticated fraud scheme, which could mean a loss of customers to competitors who are more invested in protecting their customers.
During a recent PaymentsJournal podcast, Dave Scola, CEO of Form3 (US), and Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research, discussed the formidable challenges banks face to mitigate APP fraud, why inbound transaction processing could be the catalyst for confronting APP fraud, and how banks can be the key change-makers in curbing this fraud scheme.
Banks Battle to Stay Ahead of APP Fraud
APP fraud is a scheme by which a criminal deceives a consumer or a business into sending funds to a fraudulent account. These bad actors target their victims to part with their money through social engineering or impersonating a real person or an existing company.
Banks face tremendous pressure to stop these malicious attacks. The problem is that these increasingly sophisticated attacks are rapidly outpacing the FIs’ ability to detect and mitigate such fraud.
“What makes it challenging is that most of the bank systems that are in play today have been geared towards monitoring the sender rather than monitoring the receiver,” Scola said.
“That puts a lot more onus on the banks to shift their position and start to look at the receiving end of that transaction, which is a change in posture for the industry as a whole.”
APP fraud is essentially a two-fold problem, according to Kitten. It has a technical component and a social engineering component, making it an incredibly complex fraud tactic to overcome.
“There is obviously a technology piece that plays a role here, but there’s also a human element, a psychological piece that’s a big part of this,” Kitten said.
“I think part of what makes resolving the scam issue so challenging, because as you know from the FI’s perspective, these are legitimate transactions. These are transactions that the users are actually authorizing.
“These are authorized push payments, but because they’ve been manipulated, socially engineered in some way, and they result in fraud. So it’s a huge challenge, and it’s one that is only going to continue to get worse.”
Why Inbound Transaction Processing is a Game-Changer in Tackling APP Fraud
Banks have typically focused on outbound transaction processing, which monitors transactions originating from the sender. However, inbound transaction processing enables banks to monitor and examine transactions originating from the recipient’s account, where the bad activity in cases of APP fraud is actually instigated. This is where banks must redirect their focus to combat such fraud.
“It becomes much more effective to monitor the receiving accounts than it is the sending accounts,” Scola said. “Because as we look across the industry and the activity that’s going through various payment rails, you can start to see similar types of transactions, similar amounts, similar times for these transactions that I think help reflect the fact that they are fraudulent.
“It’s working to identify those commonalities on the inbound side that make the identification of that fraudulent activity possible.”
Inbound transaction screening can be a dependable way to detect fraud, such as anomalies in these transactions.
“But I think that some of those things that we’ve talked about in the industry for a long time, some of those tried-and-true methods can really be things that we can fall back on,” Kitten said. “I think back to the days of ACH account takeover and wire fraud. What were some of the indicators of compromise there?
“We looked at the time of day of the transaction, the transaction, transaction amount, if you know this was a transaction that perhaps has been initiated by a sender that doesn’t normally have interactions with this particular recipient. Some of those types of things can assist.”
How Banks Can Be More Proactive in Preventing APP Fraud
With the speed and nature of faster payments, banks are simply not fully equipped to detect fraud. More banks are leveraging emerging technologies to revolutionize how they detect APP fraud.
“On the bank’s side, beyond relying on clients to identify [APP fraud], there are some other mechanisms that are starting to come into more popular use amongst the banks,” Scola said. “And that is the application of AI.
“I know everybody mentions AI is the solution to all things these days. But I really believe particularly in the payment side that fraud is the ultimate use case for AI. And the reason is, as Tracy mentioned, you are dealing with instant payment systems. They are irrevocable payments. They are happening within seconds.
“The only way you can successfully monitor that data at that speed is through the application of AI and really looking for commonalities among the payment activity that’s going through the network.”
Another powerful tactic to mitigate APP fraud, Scola said, is for banks to collaborate. Fraudsters will initiate this type of fraud across many banks. If these banks were to share their data, they could easily detect the fraudsters’ activities as well as the accounts they are leveraging. That would allow banks to ultimately close them down and block the funds from further distribution.
Kitten noted that many fraudulent activities, and the losses incurred, go largely unreported. It could be due to embarrassment. But this, according to Kitten, is a mistake.
“My recommendation would be anytime there’s some kind of fraud or scam that’s reported that it be tracked in some way or another, so we have some kind of grasp as an industry on how much is being lost or how much is potentially being lost,” she said. “Then there’s an opportunity for these teams to get some budget to make some investments in actually thwarting this issue.”
For Fraud Prevention and Payments: Think Digital
Without question, real-time payments are here to stay. To remain key players in this increasingly competitive environment, banks need to focus on reinforcing their fraud detection solutions.
“A lot of the banks we see are now leveraging API integration to start tying together best-of-breed technologies, micro-service environments where they can start to piece those together, using APIs to integrate and increasingly leverage the cloud for scalability and speed in activities that were kind of anathema in the past for banks to move off premium bank accounts,” Scola said.
According to Kitten, there is still work to be done among banks when it comes to fortifying themselves against real-time payments-related fraud.
“A lot of the institutions that I spoke with nearing the end of last year had done nothing as far as technology advancements, improvements to address the launch of FedNow,” Kitten said. “So, this has been back-burned again. Budgets are tight. A lot of fraud issues to look at.”
“Unless they’re really seeing losses that they can track and put on a budget line, it’s difficult for them to really pay attention to it. But I think that’s going to quickly change as we see a lot of losses linked to faster payments.”
