Fraud Management in Payments
Managing payment fraud a joint responsibility between financial institutions and customers
In past decades, criminals defrauded banks by forging signatures on withdrawal slips. Today, they do so predominantly online, with such speed and sophistication that their actions often go undetected. As cyber-criminality proliferates, fraud has risen at record levels. Some 15.4m Americans were victims of identity theft or fraud in 2016, with losses topping $16bn. Even with strengthened Know Your Customer rules, it can be hard to track funds once they have been taken: often the trail goes cold. This is a risk not only in terms of direct financial losses: banks also face a huge legal and investigative burden, and an erosion of confidence in their brands.
Identifying fraudulent transactions among millions of legitimate payments is an enormous challenge. McKinsey & Company, a consultancy, notes that financial institutions are disadvantaged by the speed at which cyber-criminals operate; by poor and incomplete data; and by a lack of information-sharing. It notes that many still lack the technology required to safeguard their vast repositories of data, and respond with analogue solutions such as phone calls to validate their customers’ transactions. However, technological innovations ranging from big data to biometrics are presenting new ways for forward-looking institutions to detect and deter fraud.
The first defence is to understand and predict where the crime might occur, and prevent it before it does. Increasingly, financial institutions do so using data and analytics: the more information that they expose to advanced analytics, the greater their capacity to identify breaches will be. Today’s streaming analytics permit banks to watch transactions in real time, identify unusual behaviours such as a spending splurge, and intervene as the crime occurs. Historical and industry-wide data can be mined to discover criminal patterns, which in turn are applied to current activities. Like banks, retail companies which operate increasingly in the cloud can now aggregate and analyse their sales data to identify unusual customer behaviour.
Some financial institutions are exploring the potential of blockchain, a shared ledger that is decentralised and resistant to tampering, to reduce fraud. IBM, a technology company, notes that it can help financial institutions protect themselves by allowing information to be shared in real time. When identity information is placed on a permissioned blockchain framework, only known participants can verify transactions. By tracing the entire sequence of wire transfers, it could help banks to locate, and therefore return, stolen money.
Fast-evolving biometric technologies can also reinforce authentication and payment processes. The most popular kind, fingerprint identification, has opened mobile phones since Apple introduced Touch ID in 2013. Many customers now use theirs to log into mobile banking, pay for goods at a point-of-sale, or even withdraw cash at ATMs. As new solutions such as iris, facial and palm vein scanning advance, the value of biometrically-enabled mobile payments was expected to rise to $2bn last year, from $600m in 2016. Several banks now authenticate their telephone customers using their voices, which are less fallible than traditional questions. Biometrics can be spoofed too, but by combining them with other forms of authentication, such as a PIN-code, banks can better protect their customers against fraudulent transactions.
While such technologies offer the best hope of averting fraud, banks also need their customers to protect themselves, for example by making sure they transact over a secure connection, or by verifying emails that look official, but could be sent by phishers. Together, such efforts can deter the worst criminality; but they will never prevent it altogether.