Do quicker payments mean fraudsters are even quicker to attack? – Well, that’s what research has proved time and again.
Which is why we shall now have a detailed look at how real-time payments and related services are enabling faster transactions for users, but opening new opportunities for fraudsters to steal funds.
Do quicker payments mean fraudsters are even quicker to attack? – Well, that’s what research has proved time and again.
Real-time payments have evolved dramatically
Real-time schemes have undoubtedly evolved and now represents significant changes to the world’s existing payments infrastructure.
A couple of years back, Australia launched its New Payments Platform (NPP), which was developed by the Reserve Bank of Australia in collaboration with the nation’s Big Four banks.
The Central Bank of the UAE introduced Immediate Payment Instruction (IPI), which enables one to make an immediate payment or transfer to another bank account in the UAE in real time without any cut-offs.
In India, its called Unified Payments Interface (UPI) - an interface regulated by the Reserve Bank of India and works by instantly transferring funds between two bank accounts on a mobile platform.
Real-time payments open new doors for fraud
Businesses and merchants can use these systems to quickly access capital, but though these systems have clear benefits, they also create new opportunities for fraudsters to steal funds and digital identities.
Fraudsters can utilise ‘account takeover’ (ATO) frauds and application fraud to take advantage of real-time payment trails and access stolen funds – a topic we look at in detail below.
Fraudsters can utilize ATO frauds and application fraud to take advantage of real-time payment trails and access stolen funds
Let’s next examine the different ways fraudsters use such systems to commit crimes and the solutions that could keep funds safe.
Frauds that are turning much popular in the world of real-time payments
• Account takeover (ATO) frauds
Account takeover (ATO) fraud is highly popular among fraudsters who take advantage of real-time payment systems.
ATO fraud is among the most popular among fraudsters who take advantage of real-time payment systems.
• Art of illegal persuasion
It’s also possible criminals might persuade legitimate users to give them their account details, enabling them to transfer money.
This allows fraudsters to cloak the sources of their funds from authorities as they quickly move them between different accounts.
In some cases, legitimate users might even be tricked into transferring their money to fraudsters of their own accord.
These “money mules” are deceived into thinking they are helping people in need, or that they will receive payments for small tasks.
Real world instances of how scammers use ‘money mules’!
In many parts of the globe, the use of money mules has led some young people, including students, to unwittingly launder money or finance other crimes, including terrorism.
Fraudsters also use social media to find their targets!
Fraudsters also use social media to find their targets, which eventually leads to their accounts being used for fraudulent activities. The end result can be devastating for account holders.
In more serious cases, they could even face prison time.
Similarly, many different banks in almost every other country have evidently closed millions of accounts simply on the basis of suspicion of fraud.
• Scams under false pretenses
Another popular method of fraud involves tricksters creating accounts under false pretenses.
In these cases, accounts might be opened with stolen or fabricated identities, and once accessible, they can be used to move money across accounts and withdraw it.
Another popular method of fraud involves tricksters creating accounts under false pretenses.
• Invoice frauds
Invoice fraud is considered a low-risk crime by fraudsters and is increasing at alarming levels because it is difficult to trace.
Invoice fraud involves a fraudster notifying that supplier payment details have changed and providing alternative details in order to defraud you.
It’s done by duping the customer (victim) to change bank details on their system – sometimes via telephonic instructions but mostly via email.
The customer then thinks they have settled their invoice, though they have in fact paid this into the fraudster’s account.
Vulnerabilities in Peer-to-Peer (P2P)
Real-time payments services aren’t the only ones facing vulnerabilities: P2P platforms have also experienced fraud problems as well.
On top of real-time payments platforms, new settlement methods – including mobile wallets and P2P payments providers – enable users to use either cards or ACH transfers to quickly send funds.
These offerings are popular with users because they can instantly send money without having to write checks, count cash or visit ATMs.
In a P2P network, or ‘peer to peer’, the "peers" are computer systems which are connected to each other via the Internet.
Files can be shared directly between systems on the network without the need of a central server. In other words, each computer on a P2P network becomes a file server as well as a client.
You would know them by their popular global platforms such as PayPal, GooglePay or GPay, Apple Pay, Venmo, Zelle, or India’s PayTM.
Collusion between the borrower and the owner of a platform can occur if the lending system is not tightly controlled. The owner of the platform can lend funds to his family members or friends without imposing a proper procedure.
Collusion between the borrower and the owner of a platform can occur if the lending system is not tightly controlled.
By implementing internal control, proper KYC, and credit scoring, P2P lending companies can prevent this kind of fraud from occurring.
Are P2P payments safe?
Though all of the major P2P systems encrypt, or shield, your financial information, some have been subjected to hacks and scams.
However, many apps have fraud monitoring and support teams to help resolve unauthorised transactions. (Review a provider’s security procedures and fraud policies before signing up.)
Today we’ve seen card schemes such as Mastercard and Visa, as well as merchants, add increased verification checks for online purchases.
The introduction of EMV (or chip and pin) for plastic cards has also significantly reduced card-present fraud worldwide. But then again, that is for transactions where cards are present.
According to a report from Aite Group and Iovation, as more US-based merchants become EMV-capable, counterfeit fraud will fall from a high of $4.5 billion in 2016 to less than $1 billion in 2020.
The introduction of EMV for plastic cards has also significantly reduced card-present fraud worldwide.
However, that report also predicts that card-not-present fraud will cost retailers and financial institutions $7.2 billion in the US by the end of 2020.
The report also found that bank account takeover losses will increase from $644 million in 2015 to more than $1 billion by 2020.
The main issue is false positives – transactions that are flagged as atypical but in fact are legitimate. This is a particular problem with sanctions lists, as names similar to those on such lists can be identified as a problem.
Robotics should enable banks to immediately investigate such instances (e.g., the name is the same as a sanctioned party, but address and other details are different) online and clear the transaction immediately if appropriate.
Another area that has shown promise to improve detection is credit scoring.
Societe Generale is building intelligent scoring capabilities on unitary credit transfers.
Based on its knowledge of customers, it sets a certain score and executes instant payments that reach that score; anything below is investigated.
Because real-time and P2P payments are likely to see increased use as consumers and businesses demand quicker access to funds, these systems’ users need to be protected against fraudsters.
As payments become faster, it’s important that anti-theft and anti-fraud responses match – and preferably exceed – their paces.
What precautions can you take against online frauds?
• Keep Financial Data Separate
For business users in particular, use a dedicated work station to perform all company banking activity. Use other computers to access the Internet and conduct non-banking business.
Never share any personal information, especially account numbers, or login and password information via email or text.
• Keep Your Passwords Secret
Do not share passwords and do not leave any documents that contain access to financial data in an unsecured area.
Change your passwords regularly for better protection, using a combination of letters, numbers and special characters when possible.
• Beware of phishing emails.
These emails are designed to prompt you to click links provided within the email to verify or change your account in some way.
Change your passwords regularly for better protection!
Often, the links included in the email are ways for fraudsters to install malicious software (also called Malware), which can be used to obtain personal information.
Equally important is ensuring you are regularly running and updating this software to prevent viruses from infecting your computer.