Reducing Risks of Real-Time Payments Adoption

2023 might be a really important year for real-time payments (RTP) development in North America. FedNow, a real-time payments service, is on track to go operational in 2023 in the USA, while the Real-Time Rail (RTR) payment system will be fully launched in Canada, also in 2023. Currently, in their test phases, these payment systems will go mainstream next year, making faster payments more accessible to smaller financial institutions and businesses.

According to research by Cornerstone Advisors done at the end of 2021, 54% of mid-sized banks in the United States are planning to launch RTP over the next 12-18 months, while many large-sized financial institutions have already joined the testing phase. The research also found that regulatory burdens and cybersecurity are among the top concerns for banks and credit unions that are introducing faster payments.  

Canadian businesses are looking at the RTP with interest expecting better operational elasticity and instant fund availability. At the same time, a Pymnts.com survey found that more than half (55%) of Canadian firms that are uninterested in real-time payments are concerned with fraud and 16% of the firms who use RTP confirm that fraud is a major issue.

Is there a safe way for financial institutions to benefit from all that real-time payments have to offer while mitigating the risks?

IBM’s report on cyber attacks found that the financial industry is already spending the second most of any industry fighting off attacks, with an average cost of $5.72 million per data breach. Check Point Research revealed that companies globally face, on average, 925 cyberattacks per week. Those numbers are only expected to rise this year.

Fraud and Cybercrime in Real-time Payments

Real-time payments are a goldmine for fraudsters who need quick access to cash. The payments are irrevocable and criminals can get their funds instantly. So, once the payment is processed it’s too late to stop a fraudulent transaction.

Open banking platforms that process real-time payments use open APIs (application programming interfaces) and VPNs (virtual private networks) to drive communication between financial institutions and businesses in a secure ecosystem. Everyone plays by the same rules, including Know Your Customer (KYC) standards and regulatory compliance. At the same time, there is an added risk – a user’s personal data can be exposed by an attack on the API that the payment app is leveraging, giving fraudsters more opportunities for attacks.

Faster payments also put way more pressure on a consumer who now has to be 100% sure that the recipient of the funds is the right one.

As cybersecurity and fraud are top concerns for RTP adoption among financial institutions and businesses, FedNow will include fraud prevention tools and requests for payment capability as optional features in their first release in 2023. The RTR system will also have a central transaction value limit to mitigate operational and fraud risks. The limit will define the maximum value of a payment that an end-user may receive.

Even with those tools in place, it will remain the responsibility of the financial institution to ensure resilience to modern cyber threats and fraudulent activity.

How Can Financial Institutions Reduce RTP Risks?

In the era of real-time payments, the only way to fight fraud and cybercrime is to make fraud decisions as quickly as possible and to have all necessary real-time transaction data available instantly.

There are no long settlement processes or delays in payments and it should be the same with the fraud attack and cybersecurity blocking tools that businesses use.

As payment fraud, AML, and cybercrime often converge to represent one financial crime, financial institutions can fight bad actors successfully with a powerful combination of real-time payment transaction data, behavioral analysis, machine learning anomaly detection, open APIs, and instant blocking capabilities.

  1. Real-time payment transaction data allows collection and correlation of every link of the end-to-end payment transaction journey – regardless of application, language, payment rail or channel. It provides a one-stop view into the network communications data and application payload messages to spot fraud and cyber attacks in milliseconds.
  2. Behavioral analysis is key to detecting new fraud schemes and attacks that are not yet exposed. Dynamic behavioral analytics can track user interface browsing, account log-in behavior, physical biometrics, device interaction data, mobile fingerprint data, and spend velocity. Suspicious behavior can be automatically singled out to block fraud before it happens.
  3. Machine learning anomaly detection will perform risk scoring, new fraud pattern detection, and predictive modeling. It will enable the automatic creation of a unique ML model for each card, and trigger an alert based on a risk score that is unique for every primary account number (PAN). The purchase pattern of each customer is unique, so the model will be better able to spot real fraud instead of flagging a genuine transaction.
  4. Open APIs and fraud orchestration capabilities will help eliminate siloes, get access to shared information between 3rd parties, avoid alert overload, and optimize fraud management operations through the coordination of decisions from a single platform or hub.
  5. Instant fraud blocking capability is essential for stopping fraudulent activity or cybercrime on the fly, automatically, and in real-time. Some fraud prevention tools can only block at the authorization/banking host. That means that in case of attacks where these are blinded or bypassed by account takeovers, insider fraud, or advanced persistent threats, it is critical to have an alternate method to detect and block the completion of fraudulent real-time payments with precision. This protects against the negative impact of lost revenue, brand damage, and angry customers.

As 2023 will be the year of RTP going mainstream, there is still time to improve business resilience to cybercrimes and fraud. Consumers expect real-time payments to work seamlessly and instantly, and with a lot of competition in the financial industry, they will stay with those brands and companies that meet their expectations.

Mordor Intelligence predicts that the annual growth rate for the real-time payments market will be 29.8% from 2021 to 2026. By making the right investment into strengthening fraud prevention and cybersecurity, financial institutions, fintechs, and businesses can make the most of the RTP development opportunities.