Securing your transactions: Outsmarting the hackers

In the digital age, the security of financial transactions is a top priority. The threat of account takeovers (ATO) where fraudsters gain unauthorized access to online accounts, and authorized push payments (APP) fraud which involves tricking individuals and businesses into making payments or sharing personal details under false pretenses, is escalating. The operational characteristics of instant payments (fast, irrevocable, simultaneous clearing and settlement) makes them an especially enticing target for fraudsters. The overall size of the APP fraud problem can be appreciated when you consider that total losses rose 49% from $6.9 billion in 2021 to $10.3 billion in 2022¹ and if we consider for example the UK, of the £240M lost to this type of fraud, over 80% is attributed to instant payments²

Two initiatives, the UK’s Confirmation of Payee (CoP) and Europe’s Verification of Payee (VoP), are addressing this issue by ensuring payments are directed to the correct recipients. Notably, VoP is not a standalone initiative. It’s a key component in strengthening the banking industry and competing with alternate payment methods such as card payments, as it’s bundled with the new EU regulations for instant payments recently mandated by the European regulator.

There are key characteristics that must be looked for when selecting a CoP or VoP solution to tackle the spike in ATO and APP fraud which is already accompanying the growth of instant payments.

Advancements in Name Matching Algorithms

While traditional fuzzy logic algorithms like the Levenshtein algorithm have been employed for name matching, the banking industry is now transitioning to more advanced techniques. One such method is phonetic fingerprinting, a technology offered by companies like Fincom. This technology leverages advanced phonetics and computational linguistics to match names, even when they’re misspelled, formatted differently, or in multiple languages. Such advancements significantly diminish false positives and the associated operational costs. As the liability for misdirected payments is now shifting to the Payment Service Provider (PSP) responder, or is split between the PSP requester and responder, there’s increased incentive for financial institutions to minimize such errors.

Real-time, 24x7 availability

In our fast-paced world, speed is crucial. To manage high demand and the rising prevalence of instant payment schemes, banks need to respond rapidly. A response time of no more than 300 milliseconds is deemed sufficient to meet these demands. The European Payment Council (EPC), which oversees the rulebook and specifications, has stipulated a maximum of 3 seconds for the PSP response time, with 1 second as the preferred timeframe. Fraud defense mechanisms like CoP and VoP must provide a 24x7, scalable, secure service, with high availability and resilience to ensure responses within the required timeframe.

Increasing use of Machine Learning and Generative AI techniques

In addition to advancements in name matching techniques discussed above, keeping pace with the increased sophistication of attack vectors requires solutions that employ the latest AI techniques. For example, ML-based risk models assess the likelihood of a transaction being fraudulent. They consider factors like transaction history, behavioral patterns, and contextual information, and Generative AI models learn from user behavior patterns, identifying deviations that could indicate potential fraud and use techniques such as Generative Adversarial Networks (GANs) to synthesize data and improve model robustness.

Importance of Partners

With the growing sophistication of fraud attacks and the enticement of instant payments as a target, it is essential that financial institutions employ specialist solutions designed by domain experts. There are several fintechs, such as iPiD, that offer regulatory compliance, robust data security, and effective alerting to aid swift and informed decision-making. It is also essential that consideration is paid to the ease of integration of CoP and VoP solutions within the broader payments ecosystem.

The Financial Impact of CoP and VoP

The significance of these initiatives is underscored when considering the financial impact both of errors in payment processing and fraud. If we consider cross-border payments, which incur the most friction, failed payments cost the economy an estimated $118.5 billion per year in fees, labour, and lost business – with the average bank spend being over $360,000³. According to SWIFT, potential errors in payee information are the most common cause of cross-border delays, with the following main reasons⁴:

• Formatting Errors: Approximately 34% of exceptions on the SWIFT network result from formatting errors, such as incorrect account formats or routing codes.
• Account Issues: 21% of payment exceptions arise from account-related issues, including closed accounts, blocked accounts, or mismatched account names.
• Invalid or Missing Data: Another 17% of payment exceptions occur due to invalid or missing data, such as regulatory information.

CoP and VoP solutions validate much of this account information up front and so will have a major impact on the fail rate whether it comes from genuine errors made by the legitimate payer or bad actor activity such as ATO and APP fraud.

Given the millions of transactions occurring daily, the financial implications are clear, and the indirect impact from a poorer customer experience and reputational damage must also be considered. The challenge lies in monetizing this service, particularly in Europe, where the EPC mandates that 6,000 PSPs provide this service free of charge. While the liability shift (i.e., if the PSP responder makes an error, it would be liable for it) presents a significant risk to the introduction of a safe and robust mechanism, the potential to generate revenue from this service may come from value-added features that can be sold as premium services.

Conclusion

The CoP and VoP initiatives are making significant progress in increasing client trust by reducing payment error and fraud, and associated costs. By adding an extra layer of verification, they not only enhance the efficiency of payment processing but also bolster customer confidence in the banking system. As we transition towards a future of instant, seamless, and interoperable cross-border transactions, these initiatives will undoubtedly play a key role in protecting against both genuine errors and ATO and APP fraud, and ensuring your money reaches the right hands. These services are fortifying the account-to-account payment methods and, coupled with faster payment schemes where money can move as swiftly as card transactions, are transforming the way we conduct business.

¹ Internet Crime Complaint Center 2022 Internet Crime Report (https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf)

² UK Finance 2023 Half Year Fraud Update (https://www.ukfinance.org.uk/system/files/2023-10/Half%20year%20fraud%20update%202023.pdf)

³ LexisNexis True Cost of Failed Payments 2021 Global Research Study (https://trustyoursupplier.com/wp-content/uploads/2022/06/True-Cost-of-Failed-Payments-Global-Report-2021-1_compressed.pdf)

⁴ SWIFT eBook – Be part of Reducing friction in cross-border payments (https://www.swift.com/campaign/payments/frictionless-payments)