Instant Payment Fraud Is No Match for Real-Time Fraud Detection/Prevention Solutions
To combat financial frauds, banks, credit unions and payment processors are turning to advanced technologies with real-time monitoring capabilities that enable both fraud detection and prevention. For financial institutions’ risk officers and managers, it is important to understand how today’s cybercrime landscape is evolving, and how the application of today’s leading-edge technologies can help mitigate risk and reduce fraudulent attacks including those involving instant payment frauds, account takeovers (i.e., unauthorized payment fraud), payment scams (i.e., unauthorized payment frauds), money laundering, and terrorist financing.
Market Overview
In its Q1 2023 Digital Trust & Safety Index – Payment fraud data and insights, Sift reported that over 70% of all financial institutions reportedly lost at least $500,000 to payment fraud in 2022, and 91% of financial institutions risk specialists surveyed indicated an increase in their institutions’ year over year fraud rates. The increased wave of financial frauds has not been lost on government regulators. The Security Exchange Commission (SEC); Federal Trade Commission (FTC); Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury; Financial Industry Regulatory Authority (FINRA); Office of the Comptroller of the Currency (OCC); Federal Deposit Insurance Corporation (FDIC); and the National Credit Union Administration (CUA) all have a role in fraud-related regulations and guidance. The OCC, Board of Governors of the Federal Reserve System, FDIC, FinCEN and the NCUA released a statement in which they encouraged financial institutions to apply innovative approaches to meet their Bank Secrecy Act/anti-money laundering (AML) compliance requirements and help strengthen the financial system against criminal financial activity. Towards this goal, the OCC and U.S. Department of the Treasury regularly issue alerts and advisories regarding institutions or individuals suspected of being engaged in fraudulent activities and high risks for money laundering and/or terrorist financing transactions.
Regulators have cited certain frauds on which financial institutions need to focus. They include frauds pertaining to new accounts opened online or by phone, Small Business Administration (SBA) loans relating to the Paycheck Protection Program and Economic Injury Disaster Loans stemming from the pandemic, Business Tax Credits, and imposter schemes wherein criminals pretend to represent a government agency or another organization and offer services with the intent to steal money or information.
A concerted effort and comprehensive approach to risk management is expected of financial institutions as evidenced by the many laws in place requiring this. In addition to the Bank Secrecy Act and the USA Patriot Act which expanded money laundering detection and reporting requirements, the National Defense Authorization Act (NDAA), enacted on January 1, 2021, included major reforms to the U.S. anti-money laundering regime. In addition to U.S. banks and credit unions, branches, and agencies of foreign banks, as well as brokers/dealers of securities, mutual funds, future commission merchants, and non-bank financial institutions (i.e., casinos, real estate entities and precious metal dealers) also have AML and anti-terrorist financing compliance requirements.
Instant Payments and FedNow
Under the Electronic Fund Transfers Act (EFTA), the FedNow service was introduced. Expected to launch in July 2023 (as of this writing), it is the Federal Reserve’s new instant payment service which will enable the customers at participating banks and credit unions to send and receive money within seconds on a 24/7/365-days a year basis. This is in contrast to standard online transactions, for example, transfers made through the Automated Clearing House Network (ACH), which are processed in batches and can take one to three business days to complete. FedNow was initiated as a measure to help thwart instant payment related frauds and provide protection against unauthorized charges and errors. When discrepancies between a payee’s name and unique identifier are found, the payer would be notified and warned before authorizing the transfer.
Once launched, FedNow will mandate financial institutions of all sizes to complete a certification process ensuring their preparedness to address instant payment related frauds by applying effective operational and communications tools.
Recent Threat Developments
Along with ransomware, phishing, denial of service and malware attacks, financial institutions are subject to an increasing number of new cyber threats targeting the so-called “weakest link.” Social engineering and other tactics are more frequently capitalizing on weaknesses introduced by humans, as well as flawed processes and/or IT system vulnerabilities. Kryptik and Emotet malware, CoinMiner, Tiggre and Obfuse are all on the rise. Other new threats include island hopping whereby threat actors advance through a supply chain with the intent of reaching a connected financial institution and then exploiting its systems to commit financial fraud.
Bank-on-Bank Fraud
In December 2022, a large bank in Europe pled guilty to committing fraud on U.S. banks in a multi-billion dollar scheme to access the U.S. financial system. Based on court documents, the bank defrauded U.S. banks regarding its AML controls and its high risk customers, including some from Russia, in order to access the U.S. financial system. The Department of Justice noted that the bank lied and deceived U.S. banks in order to pump billions of dollars of suspicious and criminal funds through the U.S. financial system.
In the Department of Justice’s Office of Public Affairs’ official news release, Deputy General Lisa O. Monaco stated, “Today’s guilty plea and two billion dollar penalty demonstrates that the Department of Justice will fiercely guard the integrity of the U.S. financial system from tainted foreign money – Russian or otherwise.” She continued, “Whether you are a U.S. or foreign bank, if you use the U.S. financial system, you must comply with our laws. We expect companies to invest in robust compliance programs – including at newly acquired or far-flung subsidiaries – and to step up and own up to misconduct when it occurs. Failure to do so may well be a one-way ticket to a multi-billion-dollar guilty plea.” The SEC also announced a separate settlement with this bank in relation to a parallel proceeding in which the bank agreed to pay $413 million.
With the proliferation of all types of financial frauds, it is imperative that banks, credit unions and regulated financial organizations utilize the advanced technologies now available, and which have proven very effective in detecting and preventing financial including instant payment frauds.
Financial Fraud Fighting Technologies
Many financial institutions still use legacy systems and have not upgraded to more modern platforms, citing the broad impact changes to their core platforms and applications would have throughout their channels and operations. However, in addition to compromising the resiliency of banks, credit unions and other financial service providers, operating with legacy systems makes regulatory compliance more difficult, and places financial institutions at greater risk for financial frauds. Moreover, these systems often find it especially challenging to detect and prevent instant payment fraud that occur in seconds. At the same time, the amount of data to be processed in a short time has grown exponentially. New players, payment systems and processes require fraud prevention systems to reliably process ever larger transaction volumes in real time. This is because the high speed of order processing means there is little time left to check for potential fraud.
Coming to the rescue of financial institutions in their fight against fraud are new software programs, encompassing Artificial Intelligence (AI), particularly in the most advanced form – Hybrid AI. The Hybrid AI approach encompasses the combination of knowledge-driven AI methods such as fuzzy logic-based scorecards and dynamic profiling with data-driven Machine Learning (ML) methods. Classic ML, without its knowledge-driven counterparts, is especially dependent on the maturity of the ML models they use. These must be intensively trained before they can be used for the first time with a reasonable hit rate. The time required is not available to financial institutions in the age of instant payments.
Combining the best of both worlds, Hybrid AI can perform the essential functions needed to detect and prevent financial frauds. Among these functions are:
• Customer onboarding and screening
• Corporate onboarding and screening
• Transaction monitoring and screening
• Transaction fraud detection
• Anti-money laundering sanction monitoring
• Watchlists screening
Furthermore, AI and ML cannot only learn about emerging fraud models to stay one-step ahead of criminals, but above that, abnormal, suspicious activities reflecting deviations in customer behaviors, transactions and locations can be detected and compared with comprehensive, large-scale fraud data in real time. ML, in combination with advanced algorithms, analytics and intuitive rule management controls, enables improved transaction monitoring which serves to reveal financial fraudsters and covert relationships among criminals. It also reduces false-positives by identifying criminals versus honest customers. Additionally, it supports enhanced risk-response red flag alerts. Thus, Hybrid AI takes risk monitoring and financial fraud to a new level.
Hybrid-AI driven solutions also deliver robust case management capabilities by providing all critical historical data necessary for making optimum decisions. With their comprehensive case management tools, they support case investigations covering a fraud’s complete life cycle. By providing a comprehensive history, workflow management and fully-centralized audit trail, along with a sound framework for defining research processes and case resolution (i.e., investigation resources, timeframes, escalation paths and alerts), they serve as a central repository for financial fraud case activities.
Easy Implementation
While some solutions can be extremely costly and require considerable infrastructure work, today’s advanced, holistic Hybrid-AI solutions feature flexible designs that enable easy connection with any of an institution’s IT systems. They also readily accommodate system upgrades and, due to their centralized platform, can support transaction monitoring in branches across a financial institution’s entire network in multiple locations. These solutions are also easy to learn with intuitive rule management, thereby eliminating the need for numerous employee training sessions and the associated costs which could rise to seven figures. Multiple languages and alphabets, such as Chinese and Cyrillic characters, are also supported. Future-ready, these solutions can utilize data from any source including wearable biometrics, IP addresses and web session data.
Closing Remarks
When it comes to instant payments, Hybrid-AI solutions effectively address the speed and irrevocability of instant payment and related fraud losses by providing financial institutions with dynamic real-time fraud detection and prevention. Through the technology, transactions can be detected within milliseconds, triggering appropriate mitigation measures, concurrent with applying knowledge gained from the solutions’ leveraging of all available data (i.e., transaction, customer, merchant) to provide a complete risk picture thereby also strengthening risk-based authentication. In addition to applying these advanced technologies, financial institutions are urged to supplement them with sound internal controls including the development of a separate fraud policy outlining whistle blower procedures, employee conduct, and those actions the institution should take when fraud is suspected or identified. Effective cybersecurity measures should be implemented along with consistently applied fraud detection audits, customer account verifications, reviews of non-financial transaction reports for irregularities, and reviews of employee accounts for unusual activities (e.g., fictitious loans, large deposits or transfers, missed loan payments, etc.). By applying today’s advanced technologies and implementing sound fraud policies, financial institutions can position themselves for reduced fraud incidences and related losses.