The pace of implementation of real-time payment systems has picked up in recent years: a new electronic funds transfer service that enables customers of participating banks to transfer Singapore dollar funds from one bank to another in Singapore almost instantly was introduced in March 2014; Australia has committed to launching its system by 2017; and the US Federal Reserve has created a faster payments taskforce.
However, real-time payments can also mean real-time fraud, warns Craig Ramsey, principal product manager transaction banking at ACI Worldwide. He says the solution is to educate customers on the new payment methods and how to use them safely alongside implementing robust but customer-friendly authentication techniques, using tokenization or biometrics.
“Furthermore, banks and credit card companies already have strong real-time protection for credit card transactions,” says Ramsey. “This should be extended to scoring and sophisticated rule strategies using state-of-the-art detection and monitoring software for real-time payments. In addition, the data banks will be able to gather and analyse will give them valuable insights into the business of their customers.”
|Sibos 2015 special edition|
In many cases other data relevant to identifying fraudulent transactions may not yet be available to the fraud detection system, which can lead to false positives and false negatives, explains Aite Group retail banking senior analyst Ben Knieff.
“Depending on the scheme, real-time payments could make reclamation challenging if the criminal has already cashed out the funds. Also, real-time payments can create a lot of pressure on operational teams – some high-risk transactions may need to be processed without review, while varying volumes throughout the day lead to staffing challenges.”
The expected speed of transaction and its irrevocability do not leave much time for screening prior to or after executing the transaction, adds Christophe Vergne, global payment centre of excellence leader at Capgemini, while Celent senior analyst, Gareth Lodge, observes that shortening the end-to-end transaction time to a matter of seconds similarly reduces the time available for all the processes involved “let alone the fraud element, which means stronger authentication is required up front.”
AccessPay’s head of banking, Simeon Parker, accepts that the shift from batch to real-time processing is likely to make a payment system more attractive to fraudsters. “Anti-fraud mechanisms such as multi-factor authentication, tokenization, analytics, rule changes and individual bank policies ensure the overall security and stability of a real-time payments system, but their use differs from bank to bank and by the status of a payment in the transaction chain.”
However, Tristan Hugo-Webb, associate director of the global payments advisory service at Mercator Advisory Group, says the threat may have been overstated. “To limit potential fraud, systems have increased the number of times clearing occurs in a day to reduce the amount waiting, limiting the amount of potential fraud that can accumulate before being caught. In addition, when certain systems are not operating at full capacity or during business hours, there are lower transaction limits.”
High processing volumes, coupled with customers’ expectations of faster payment processing, can be particularly challenging. The introduction of a risk-scoring system based on customer behaviour may slow the overall processing experience, adds David Dunmire, senior vice-president product solutions iGTB. “In this case, banks must consider both their risk appetite and ability to implement controls at other points.”
| Banks and credit card companies already have strong real-time protection for credit card transactions|
The increasing use of real-time payment technology does not require traditional payment providers such as banks to cooperate or even collaborate with new market entrants, but it is very likely to oblige them to do so due to the attention of the regulators, according to Jerry Norton, head of strategy UK financial services at CGI. “In the UK, for instance, the Payments Systems Regulator is encouraging direct access for new players and a transparent access regime by the larger banks to those who do not wish to go direct.”
New technologies, such as blockchain and distributed ledgers, may facilitate the implementation of new payment systems in the medium to longer term, as open questions on latency, security and resiliency are being addressed by their respective providers, adds Carlo Palmers, head of real time payments at Swift.
“Cooperation/collaboration with new market entrants will increase in any case and is not specifically driven by the introduction of real-time technology,” he says. “The revised Payment Services Directive mandates new payment service providers to get access to the payment infrastructures, irrespective of the type of technology.”
Success for payment services resides in critical mass of users (both issuers and beneficiaries) and reach, concludes Teresa Connors, head of client engagement payment services at RBS. “To achieve this it is critical that payment service providers cooperate in defining the scheme (including technical standards) and build the interchange infrastructure in interoperable mode.”