Instant payment needs real-time fraud detection
The rise of instant payments
Instant payment are the future of money movements.
The way consumers and companies move money is quickly changing.
No one wants to wait 3 to 5 days for the funds to settle in their accounts anymore. Instant payment brings the right level of convenience and user friendliness.
With this payment method
- money transfer has to be completed under 10 seconds
- the service is accessible 24/7
- the amount limit is 100,000€ (but banks can decide of their own limits)
However, if consumers like the speed and irrevocability of instant payments, so do fraudsters
With instant payment comes instant fraud
There are two main types of fraud on SCT Instant payments.
- With the authorization of the user
Fraudsters use so-called “social engineering attacks” where they persuade victims to share their screens or personal information received from their banks. Users unknowingly reveal key information about their accounts that fraudsters use to rob them. Alternatively, fraudsters also try to contact customers and dupe them into authorizing the payement themselves.
Most common techniques are phone number spoofing, robocalls and personalized text messages to initiate payment through the banking app.
- Without acknowledgment of the user
The most common technique is account takeover. This happens when a criminal gets access to compromised user’s credentials. This is often done via phishing or malware that collects information from online logins or breach on 3rd party websites. Once the fraudster has accessed the customer’s account, they can set up and make payments without the customer’s knowledge.
The speed of instant payments raises challenges in combatting fraud
Instant payment makes financial crime both easier to commit and more difficult to trace.
Weight of legacy and lack of real-time fraud fighting solutions
With regular SEPA payments, risk team had hours to perform checks. Moving to a real-time payment model means that there is only a few seconds during which the transaction can be reviewed, verified and authorized. Since there is such a short amount of time to come to a decision, the pressure to reliably process large volume of transactions in real-time is high.
The fact that SCT Instant is available for consumers 24/7 raises an additional challenge for banks and traditional institutions, requiring automated processes to operate around the clock.
High risk of loss for the consumer
Once a real-time payment has been accepted by the payee’s financial institution, the transaction is often considered irrevocable. The irrevocability of instant payment is a manna from heaven for fraudsters who can instantly make use of the transferred funds.
How can you tackle instant payment fraud?
Real-time money movements plead for more agile fraud prevention techniques and high performing software.
Use real-time fraud detection software
Batch systems where incoming transactions were reviewed on a regular frequency and released only after having performed the needed checks, no longer make sense.
With SCT Instant, fraud rules have to be well calibrated and fintechs should prioritize solutions that can perform needed verifications in a very short time.
Marble tool is designed by default for real-time. All your risk scenarios can run in real-time and return a response very quickly. We can also accomodate batch requests (more often used for AML purposes).
Make use of all your data and analyze it in real-time
The ability to quickly analyze huge amount of data and to respond effectively is critical to managing fraud risk.
There are several types of data that you can make use of in order to detect fraud or suspicious behaviors:
- transaction informations: date, amount, sender, receiver, SCT Instant text label…
- account activity data: date of account opening, new password, beneficiary IBAN change…
- behavioral data: log-in, unusual transaction volume…
Set up the right rules
With all this data at hand, financial institutions also need to set up the right rules : Not too generic to avoid flagging regular users and generating too many false positives. Not too specific as they might miss new fraud schemes.
Automate your risk scenarios
You should consider allowing certain alerts to result in automatically rejecting a transaction, banning a user or taking an action without needing human approval. The use of predefined blacklists or watchlists will help you react quickly.
Marble is a real-time fraud and compliance decision engine.
Our solution is specifically designed for fintech companies and financial institutions. We are developing a no-code rule builder to help ops and risk team easily create their own detection models and quickly adapt to new threats without relying on engineers.
Working on risk, financial crime, financial ops at fintech companies? We would love to chat with you.
