FIs Need Real-Time Tools To Stop Real-Time Payments Fraud

Fraud looms, as it always does, when there is money to be moved — and with real-time payments, there are truly only a few milliseconds in which to stop bad actors.

Cleber Martins, ACI Worldwide’s head of payments risk management, told PYMNTS that as financial transactions move increasingly toward real time in the United States and banks deliver new value-added services that rest upon those real-time rails, fraud will inevitably follow.

“The connected economy,” he said, is showing that “if you are able to drive new value, people will join up.” But, he noted, “The fraudsters’ end game is cash.” As real-time payments evolve and limits increase, so does the appeal of real-time to bad actors. Real-time payments offer a rapid way to get cash, if the vulnerabilities at either end of the transaction (humans, after all) can be exploited.

At the moment, he remarked, there’s been no mandate for U.S. firms or providers to move to real-time payments — and yet the U.S. is now the ninth-largest market for real-time activity, with more than 1.2 billion transactions logged in 2020 alone. The greenfield opportunity is there, said Martins, as The Clearing House’s real-time scheme has relatively low adoption, at least at present, FedNow is in a pilot phase, and interoperability will be a tailwind to more real-time payments adoption.

“The technology behind similar functional requirements, the ability to scale, the reliability of the system,” he said, “all of those high-end technology requirements are very similar across the whole globe.”

Against that backdrop, the U.S. can take a cue from countries such as India, where social engineering fraud has gained ground as criminals approach unwitting victims through social media accounts and trick them into sending money or sharing account details.

In a real-time environment (where the payments are irreversible), he said, machine learning models are effective lines of defense when it comes to detecting and preventing real-time fraud. At a high level, he said, machine learning can sift through hundreds and even thousands of data points to find anomalies and identify risk, stopping money from changing hands.

Doing Due Diligence 

Customer due diligence, he said, is also important when moving cash through real-time means. Financial institutions (FIs) need to authenticate and verify customers as they open accounts, said Martins, and to track where the money is headed. (To steal a line from Bonnie and Clyde: The fraudsters hit the banks because that is where the money is.)

Looking toward new use cases, Martins noted that the payments themselves are not just faster — they’re also cheaper and more reliable.

“You can really enable new types of businesses who can leverage their relationship with customers,” while boosting margins, he said.

Underpinning it all, of course, is data — data that can be mined and analyzed to protect all stakeholders in a real-time payments ecosystem.

“As you get more granular, you have many more transactions than would be seen in a ‘normal’ environment,” he said. FIs have to contend with and examine channels and data points such as mobile devices and biometrics, which can be utilized to fight fraudsters.

That’s where FIs need machine-learning capability, he said, because a human being cannot correlate all of that data in the service of fraud prevention. Machine learning is getting to a level where it can learn by connecting with other machine learning solutions, said Martins. Those models, across FIs, can form a network of protection, of sorts, that some have termed Machine Learning 2.0 or Network Intelligence.

The regulatory environment still is evolving, he said — and while merchants (and consumers) want the least amount of friction in place, the regulator “needs to find a balance” between security and convenience “to make the whole environment secure … In order to make and sustain that reliability in the system, the regulators will need to make sure all the players in the middle are doing their part.”