Securing Real-Time Payments: Back to Risk Mitigation Basics

By Donna Turner

Fast, safe and easy money movement. That is the expectation from consumers today. Secure, frictionless, real-time payments. That is what financial institutions need to provide their customers. Banks must protect these real-time payments—but not the same way they secure ACH transfers or wires. They need to blend the basics of fighting fraud with new tactics, capabilities and processes to keep pace with digital payments.

Securing a new platform like Zelle, which delivers on the promise of real-time payments by allowing money to be moved from one U.S. bank account to another, typically in minutes, means going beyond traditional money movement fraud mitigation solutions. Banks need to implement real-time fraud detection capabilities specific to the digital channel.

Getting back to basics refers simply to the well-established practices of preventing, detecting, resolving and learning, and how to successfully apply this to real time payments. In preparation for launching a real-time payments platform, at a minimum you’ll want to ensure:

  • The tools are in place to prevent fraud (authentication tools at enrollment, login and in your servicing centers), and your customers are educated to be safe as they adopt real-time payments
  • Contact information—notably email addresses and mobile information—is current and accurate for your customers. Stale data has been eliminated.
  • With your projected volumes, you have planned and trained the required staff in detection, claims and analytics.
  • You have a launch plan to control your risk in line with your institution’s risk appetite.
  • You have real time detection and decisioning tools, transaction logic and rules tested and ready to go.
  • The claims team is knowledgeable and ready to apply the liability rules and processes for seeking recoveries on fraudulent transactions.
  • You have analytical basics in place to provide insight on how the fraud happened to prevent recurrence.

Beyond the initial preparations, authentication is key to ensuring you are interacting with your true customer and not fraudsters. Regularly review and update your authentication strategy not just for real-time payments but also across all digital channels. Determine what you need to update but remember to balance the risk needs with the customer experience.

Multifactor authentication is essential to help balance customer friction with appropriate fraud solutions. You can incorporate passive authenticators, such as data from the mobile network operators that cross-check the customer’s mobile number directly with the carriers. Device binding can also associate specific customers with their known devices they have previously used to log in with. Active authenticators, such as a one-time passcode texted to a customer, can be used for added security if the passive authenticators identify a red flag.

Have a real-time fraud-detection system in place. You no longer have days or even hours to investigate a transaction. Ensure you have interdiction capability and can delay suspicious transactions long enough for follow-up prior to releasing the funds.

Layers of security are important because there is no one perfect solution to fight fraud. By implementing a layered authentication approach, banks can step up or step down the amount of friction required to complete a transaction.

Update your customer information system with current email addresses and mobile numbers. One method of doing this is to ask customers to confirm the data on file the next time they sign in to mobile or online banking. It may be important to be able to contact your customer to confirm whether transactions are legitimate. This also helps ensure payments aren’t misdirected to the wrong customer based on an old mobile number on file.

Finally, plan for the worst. Fraudsters are savvy and know banks are most vulnerable just following their real-time P2P launch, so assume your bank will be targeted by fraud in those first few months. Consider capping transactions to limit exposure while you assess risk. Develop a plan and monitor fraud levels carefully to determine how things are going and be ready to pivot as necessary.

Deploying fast, easy and safe payments starts and ends with a solid real-time fraud mitigation strategy, that encompasses planning, investments and actions surrounding preventing, detecting and resolving fraud when it happens. Taking these steps can help ensure a frictionless experience for your customers—and more importantly, ensure their payments are sent safely and securely.

Donna Turner is chief operations officer at Early Warning Services. More information on the insights in this article is available in EWS’s ebook Fraud Risk Management in Real-Time Payments.