Faster Payments: Benefits & Risks

Posted on August 21, 2023

Mary Radley, Principal Consultant, Capco

 

Faster payments are a popular method of transferring funds in a way that is quick and easy for both the sender and recipient. Per the 2022 Federal Reserve Survey, 74% of consumers and 83% of businesses sent or received a faster payment in the past 12 months. Financial institutions that offer faster payments remain competitive in the market by better serving customers in terms of offerings and service. Faster payments allow for the transmission of the payment message and the availability of funds to the payee in real time or near-real time, on or close to a 24/7 basis. Instant payments also settle between financial institutions in seconds, so there is no buildup of interbank obligations.

 

Why are Faster Payments so Popular?

  • The convenience of using mobile app technology or online websites to make transfers.
  • The speed of the transaction enables near immediate transfers to take place, which supports time-sensitive payments.
  • Businesses can pay daily-wage workers instantly for the work they perform each day, providing immediate access to funds.
  • Real-time cash flow and money management for businesses.

 

Faster payments, however, also may mean faster fraud. The Faster Payments Council Fraud Information Sharing Work Group committee, reminds us, “Fraud exists in payments today. Faster payments will not likely show us new fraud, rather just the same bad actors, trying their same tricks.” Understanding the fraud themes may assist in determining inherent risk and identify and employ mitigating controls. Fraudsters have exploited, and will continue to exploit, personally identifiable information (PII) and machine learning to evolve their own attack strategies.

 

Some of the Most Common Frauds in Payments Include:

  • Account takeover (ATO) is often seen in the form of phishing attacks to steal credentials and reset account passwords.
  • Synthetic identity fraud is where fraudsters often use a combination of PII, such as name or Social Security number, and fake information to create a new, believable identity.
  • Social engineering is used by fraudsters where they attempt to deceive or intimidate individuals into revealing PII information.

Faster Payments are especially susceptible to fraud. Fraudsters tend to take advantage of faster payments by pretending to be someone else and prompting individuals or companies to send payment to them. Fraudsters may hack emails or hijack social media.

 

How to Minimize the Risk of Faster Payment Fraud


Set Login Authentication

This can include behavioral biometrics, physical biometric authentication, anomaly detection, usage of complex passwords, multi-factor authentication, knowledge-based authentication, device identification, inactivity locking and logoff.


Monitor Transactions

Monitor transactions in real time to identify any that have unusual characteristics such as frequent payments, large payments, payments to new parties, etc.


Identity Proofing

Confirm customer identity at the time of enrollment where login credentials are issued along with capture of the digital device characteristics, which assists the financial institution to recognize customers when the return to access or transact. Identity proofing should be performed when a customer enrolls in a new device.


Utilize FedNow Anti-Fraud Controls

These became available to financial institutions when the service formally went live in late July 2023:

  • Establish risk-based transaction value limits.
  • Specify certain conditions under which transactions would be rejected, such as by account number (by creating a “negative list”).
  • Use message signing, which will validate that the message contents have not been altered or modified.
  • Leverage reporting features and functionality, including reports on the number of payment messages that were rejected based on a participating financial institution’s settings. (Such information can be used to verify that transactions align with a financial institution’s own records and detect whether a bad actor may have interceded or deleted records.)


 Targeted Customer Campaigns

  • Remind customers they do not require a business account to make and receive payments.
  • Instruct customers to not send any funds through P2P until the item is received.
  • Remind customers to never P2P funds “to yourself”.
  • Instruct customers to be suspicious of someone calling claiming to be their bank.
  • Inform customers that legitimate jobs do not usually involve interview processes which take place solely through text messages, nor do they ask a new hire to pay for their own equipment up front.
  • Caution customers to review the sender’s email address to look for typos and grammatical errors and to assess whether the email appears unofficial or includes a tone of forced urgency.
  • Instruct customers to regularly check bank statements for accuracy.
  • Inform customers of their ability to set up two-factor authentication (2FA) on their P2P account.


Please contact Capco fraud subject matter expert, Principal Consultant Mary Radley, at Mary.Radley@Capco.com if you wish to learn more about Capco’s fraud capabilities.

< Back to Blog