While not yet implemented in the United States, real-time payment (RTP) technologies are making a splash. The ability to make a transaction that is immediately authorized, posted and settled between companies and banking institutions is exceedingly valuable in the current business environment, where fast payments alongside accurate bookkeeping are crucial.
At the same time, while RTPs offer benefits for businesses and financial service providers, they also carry risks. Incidents of financial fraud rose dramatically after the United Kingdom introduced RTPs in 2007, providing a lesson in security and prevention for U.S.-based organizations preparing for the RTP transition.
Fraud across the pond
After faster payment capabilities were introduced in the U.K, it was as if “Christmas came early” for cybercriminals, Uri Rivner, BioCatch’s head of Cyber Strategy, told PYMNTS.com. Overall, fraud rates tripled between 2007 and 2010, and continued to rise even after stronger authentication measures were introduced. From 2014 to 2015, incidents multiplied by six times.
This boost in malicious activity came due to a number of factors, including the fact that the timeline for certain authentication and monitoring processes had to be dramatically reduced.
“[I]t’s no longer … let’s have the transaction go through because we have a few hours to a few days to sift through the transactions and look for anomalous ones and then stop them,” Rivner said. “Now the money is in the destination and out (and gone) with haste.”
What’s more, as payment technology grew more sophisticated, so did the capabilities of fraudsters. Even protections like tokenization and smart card readers could be beat by hackers, who obtained the necessary details to crack these systems through browser attacks and other advanced processes.
“As electronic payment methods improve in speed and convenience, so will the speed at which money can be moved fraudulently,” Lipis Advisors founder Dr. Leo Lipis wrote for The Clearing House. “Thus, tackling the issue of fraud will become more important than ever.”
Preventing fraud and preparing for RTPs
The trend toward real-time payments is not limited to the U.K. Across Europe, Web Services as well as XML- and API-based bank communication solutions are growing in popularity, while SEPA Instant Payment is now established and live in Denmark, Norway, Sweden, and Poland. None of these individual technologies are close to achieving standardization or universal adoption, and the complex combination of various forms of real-time payments technology will likely further complicate anti-fraud efforts.
Although RTP systems are not yet accessible to merchants and consumers in the U.S., preparations are underway to enable these capabilities within the next few years. As businesses and financial service providers get ready to support RTPs, they must also put specific security measures in place to prevent an increase in fraud and reduce the overall risk.
“As payment technology grew more sophisticated, so did fraudsters.”
According to Lipis, one of the best protections to utilize with RTPs is multi-factor authentication, where a transaction cannot be sent unless the secondary code is inputted. As it is near impossible for malicious actors to have access to this single-use code alongside a valid username and password, this measure has the potential to considerably reduce incidences of fraud.
Similarly, after the significant rise in fraud, U.K.-based banks discovered advantages to the use of behavioral biometrics within their payment security processes. Behavioral biometrics enable financial service providers to more easily pinpoint the types of suspicious activity attributed to hackers and malicious software. After this measure was put into place, fraud was reduced by 24 percent, according to PYMNTS.com.
Finally, as the shift toward RTP technology continues, it’s imperative for organizations to have a robust automation solution on their side. This technology helps reduce the level of complexity introduced by RTP, ensuring that both older and emerging ISO payment standards are supported. To find out more, contact the experts at SK Global Software today.