Considerations for creating a digital world with more secure real-time payments
The convenience of electronic payments has become a vital part of our daily lives. However, along with this convenience comes the growing threat of electronic payment fraud, where cybercriminals exploit digital payment systems to steal funds or sensitive information. Real-time payments fraud is just one of the many forms of electronic payments fraud, which takes advantage of instant payment platforms to carry out unauthorized transactions or trick individuals into parting with their money. This type of fraud takes advantage of the immediacy of real-time payments, making it harder to detect and stop fraudulent transactions before they happen.
In this blog, we’ll break down the basics of real-time payments fraud, explaining what it is, how fraudsters exploit these systems within digital banking solutions, and who is most at risk. We’ll also cover effective strategies to mitigate risks and provide practical tips to help individuals and businesses avoid becoming victims of this fast-growing form of fraud.
What is Real-Time Payments Fraud?
Real-time payments have revolutionized the way we transfer money, offering speed and convenience like never before. Real-time payments are ubiquitous, and with good reason – 90% of consumers want the flexibility of real-time transfers between their financial accounts (Visa Direct NA Product Consumer Preference Research). However, anything that has this level of demand, also comes with risk.
In our recent Banking on Security: Check & Real-Time Payments Fraud webinar, we explored how real-time payments fraud occurs. Cybercriminals exploit instant money transfer systems to steal funds, using tactics like phishing, account takeovers, or social engineering, often leaving victims with little recourse since the transactions are nearly impossible to reverse. As more consumers and businesses adopt real-time payment systems, understanding the growing threat of real-time payments fraud within both business and retail banking solutions becomes critical to safeguarding financial transactions.
Top Forms of Real-Time Payments Fraud
Financial institutions are encountering several types of real-time payments fraud, as cybercriminals exploit the speed and finality of these transactions. Some common examples include:
- Account Takeover (ATO): Fraudsters gain unauthorized access to a user’s account through stolen credentials or phishing schemes, then initiate real-time payments to siphon funds before the user or bank can react.
- Social Engineering Scams: Scammers manipulate victims into sending real-time payments by pretending to be trusted individuals, companies, or government agencies. Examples include business email compromise (BEC) or impersonating a family member in distress.
- Authorized Push Payment (APP) Fraud: In these cases, victims are tricked into authorizing payments to fraudsters, believing they are making legitimate transactions. Because real-time payments are irreversible, once the funds are sent, it’s difficult to recover them.
- Synthetic Identity Fraud: Fraudsters create fake identities using a combination of real and fabricated information to open accounts, which they then use to commit real-time payments fraud.
- Merchant Fraud: Fraudulent businesses or vendors collect real-time payments for goods or services that they never intend to deliver, taking advantage of the instantaneous and non-reversible nature of real-time payments transactions.
Payments Fraud’s Impacts Across Generations
Payments fraud affects people across all generations, but the impact varies based on each group’s familiarity with technology, their financial habits, and susceptibility to scams.
- Millennials and Gen Z tend to be more tech-savvy and frequent users of real-time payments systems. They often embrace digital wallets, mobile banking, and instant payment apps. However, their frequent use of these platforms makes them prime targets for phishing attacks, social engineering schemes, and account takeover fraud.
- Baby Boomers and Gen X on the other hand, are often less familiar with the ins and outs of real-time digital payment systems. While they tend to be more cautious online, when they do engage with real-time payments, they may be more susceptible to sophisticated scams. Fraudsters often exploit this cautious nature by mimicking trusted institutions and individuals to trick them into sending money or revealing sensitive information.
In terms of severity, older generations often face greater financial losses because they typically have more substantial savings, while younger consumers are victimized more frequently, but with smaller financial losses per incident. However, since real-time payments are irreversible, both groups suffer significant consequences when they fall victim to fraud, as recovering lost funds is often difficult or impossible.
Older people lose more money to scams than their younger counterparts: an average of $803 for victims in their 70s compared to $460 for those in their 30s, based on reports to the Federal Trade Commission.
The Risks for Financial Institutions
Real-time payments fraud poses significant challenges for financial institutions that have not yet started to invest in advanced fraud detection systems. The speed of real-time payments transactions leaves little room for error or time to flag suspicious activity, making these institutions vulnerable to attacks. Once a transaction is processed, the funds are typically irretrievable, which increases the pressure on banks and credit unions to detect fraud in real time. However, with limited access to the sophisticated fraud detection technologies that larger financial institutions deploy, these smaller entities may struggle to keep pace with increasingly sophisticated cybercriminals.
The financial and reputational damage caused by real-time payments fraud can be particularly detrimental to community banks and credit unions, which rely heavily on the trust and loyalty of their members or customers. The cost of reimbursing victims, implementing tighter security measures, and conducting investigations can strain the resources of these institutions, which are often already operating on tighter margins. This dynamic has forced many institutions to reevaluate their risk management strategies and invest in partnerships with fintech providers or adopt new technologies to better protect their account holders within their digital banking solutions.
3 Key Steps to Combating Real-Time Payments Fraud
In our recent Banking on Security: Check & Real-Time Payments Fraud webinar, Mark Majeske, SVP, Faster Payments at Alacriti shared his firsthand experiences, best practices and prescriptive advice around real-time payments fraud, and how to get ahead of fraudsters in an effective and strategic manner.
- Assess: Assess your current fraud solution and capabilities for ACH and Wire payments.
- Identify: Identify existing gaps in your current digital banking solutions by analyzing instant payment risk and fraud needs, and implementing real-time transaction analysis and decisioning.
- Tip: Utilize Consortium Data. By leveraging data that has been pooled across multiple financial institutions, you will gain greater insight into cross-institutional fraud patterns and emerging risks, allowing you to more readily detect and prevent real-time payments fraud within your institution.
- Augment: Consider new types of fraud detection capabilities for a layered approach, including transaction-based analysis, individual analysis and device analysis.
Bonus Tip: Preparation Prior to Public Announcements
Oftentimes when financial institutions start offering a new payment channel or rail (such as RTP and FedNow) to their members and customers, it is announced on the payment channel’s website. That information is public for anyone on the internet to see, including fraudsters. Fraudsters often take advantage of this and specifically target these institutions that are new to these payment channels because the institutions may not have implemented the necessary fraud prevention measures prior to going live.
Recommendation for Financial Institutions: Ensure that all possible security measures are in place prior to going live with new payment rails. It is advised to keep transaction dollar limits small in value to start, and increase them over time, or offer them as a customized limit setting for certain clients.
Leveraging Trusted Providers to Protect Your Digital Banking Solutions
Financial institutions can effectively manage risk and prevent real-time payments fraud by partnering with trusted payment security providers, who offer advanced fraud detection tools and solutions that help identify and stop fraudulent transactions before they occur. Here are some of the providers that Alkami integrates with:
- Appgate: Appgate, focuses on the comprehensive detection and prevention of electronic fraud, enabling financial institutions to discover and eliminate threats at scale. Appgate predicts fraudulent activity using behavioral and transactional analysis and machine learning to prompt action when suspicious activity is observed.
- BioCatch: With BioCatch, financial institutions can leverage real-time behavioral biometric data to detect risk of account takeover and to recommend interdiction. BioCatch correlates application, behavioral, device, and network signals as contextual equals, not layers, which illuminates valuable risk signals to mitigate vulnerabilities in the digital journey and increases confidence that the authorized user is accessing an account.
How ABNB Federal Credit Union is Combatting Real-Time Payments Fraud
Also during the Banking on Security webinar, Cassandra Tucker, Director of Operations from ABNB Federal Credit Union (ABNB) shared her experiences with preventing fraudulent instant payments transactions by employing the following strategies:
- Utilizing BioCatch and their behavioral analytics capabilities to detect fraudsters
- Implementing risk scoring to restrict online banking sessions if risk score meets certain thresholds
- Requiring multi-factor authentication (MFA) for all transactions (SMS or voice verification)
- Eliminating email as an MFA verification channel (This approach drastically reduced ABNB’s fraud rates)
- Leveraging software that completes transaction and user analysis
- Thoughtfully managing limits to mitigate the risk of financial losses
(On Risk Tolerance) The key is to manage those losses, and keep them within acceptable limits, the same way you would for every check, ACH or wire channel.
– Cassandra Tucker, Director, Operations, ABNB FCU
Safeguard Payments Without Sacrificing A Great User Experience
While real-time payments fraud is a prevalent concern, it should not deter financial institutions from embracing the benefits of innovative payment strategies. By understanding the risks and proactively implementing effective solutions and practices, financial institutions can safeguard their processes without sacrificing the advantages of real-time payments. Leveraging advanced fraud detection tools, educating account holders, and maintaining a watchful approach will help reduce the risk of fraud while keeping your institution in control. With the right measures in place, financial institutions can continue to offer fast, efficient payment services while ensuring the security and trust of their account holders.
Watch our Webinar: Banking on Security
Watch the recording of our webinar, Banking on Security: Check & Real-Time Payments Fraud where our panel of experts, representing diverse perspectives from product development, compliance, and real-world client experiences, shared their firsthand accounts of detecting, managing, and mitigating fraud. Regardless of your role within your institution, this webinar will equip your team with the knowledge and tools necessary to strengthen your fraud defenses.