Great question. There has been a proliferation of real-time payments fraud, as new near-instant payment platforms, including person-to-person (P2P) transfers and mobile payment platforms grow. The convenience of real-time payments is great news for customers, financial institutions have very little time to clear a transaction.
Fraud schemes include, but are not limited to:
- Fraudsters attempt to fool banks into thinking that they are a new customer or stealing account access by tricking people into making security errors or giving away sensitive personal information.
- In addition to these types of account take-over, criminals utilize push-payment frauds, such as when a customer is tricked into paying invoices that appear legitimate but are fraudulent.
- Crimes including drug trafficking, human smuggling, sex trafficking, tax evasion, and terrorism are also attracted to the irrevocable nature of instant payments.
When successful, the criminals make use of real-time payments to move funds quickly through a maze of domestic and/or global accounts. Therefore, banks will need to move beyond passwords and transition to biometrics, device telemetry, and customer behavior analytics to stay ahead of the evolving payments landscape.
FICO recently surveyed banks to find out which identity and authentication strategies they used. The majority reported that they used multifactor authentication (84 percent). They also increasingly employed a wide range of authentication methods including biometrics, (64 percent), normal passwords, (62 percent), and behavioral authentication (38 percent).
We recommend that financial institutions adopt a combination of multifactor authentication strategies.