It will be vital for financial institutions, regulatory bodies, technology providers and consumers to take a collective approach to combat the rise of fraud with the adoption of RTP in Canada. Although fraud cannot be entirely eradicated, controls should be implemented to help mitigate fraud risks and losses.
As seen in the US and the UK, fraud losses increased 164% in less than two years after the launch of RTP services.17 However, resilience is critical: as controls continued to be strengthened after launch, attack rates and fraud losses gradually plateaued. As more data became available to fine-tune controls, the losses stabilized, while methodologies would continue to evolve into a push-and-pull battle with controls.
Bad actors will continue to attempt to circumvent controls. However, jurisdictions with implemented RTP systems have experienced that stronger controls typically lead to reduced fraud losses. A key takeaway from the launch of Faster Payments, the UK’s real-time payment service, was that investment in fraud detection technology ahead of the RTP service launch is critical.17
Depending on your fraud program’s maturity, certain tools to combat fraud at launch can prove to be more vital, and more effective, than others. It will be imperative to launch fraud controls simultaneously with the launch of RTR, continually enhance the controls post launch and collaborate with ecosystem participants beyond launch to counteract the evolving fraud vectors that extend beyond the ecosystem. This is especially true when considering a cost-benefit analysis, and your organization’s risk approach and appetite.
The following tactics aim to highlight a number of approaches financial institutions can take to better prepare for the launch of the RTR and to stabilize fraud losses post launch.
1. Regulatory framework
1.1 Collaboration with government and regulators
To be prepared for RTR, it’s important for financial institutions to work collaboratively with government entities and regulatory bodies to introduce policies that address and support real-time fraud monitoring capabilities. By aligning the policies with the needs of RTR fraud capabilities, financial institutions can enhance their ability to detect and prevent fraudulent activities. Further, institutions and Canada’s Anti-Fraud Centre can enhance collaboration and data sharing to develop more detailed reporting and enable enhanced knowledge sharing to the public.
1.2. Well-defined transaction liability model
Financial and reputational incentives can be key drivers for participants to actively adopt fraud prevention measures and take responsibility for keeping the payment ecosystem secure. While it is essential to establish a clear assignment of liability for the transaction, considering a shared liability model will encourage collective responsibility for fraud.
1.3. Established data sharing and privacy requirements
Effective fraud prevention relies on a robust network of fraud analytics. To achieve this, it is important to have clearly defined data-sharing and privacy requirements. This promotes the development of advanced fraud detection and prevention mechanisms, employing real-time analytics to identify suspicious patterns or activities.
2. Industry collaboration and intelligence sharing
2.1. Real-time data sharing
It is crucial to establish real-time data sharing between sending and receiving institutions to enable the real-time exchange of transactional data, allowing for immediate detection and prevention of fraudulent activities. It is equally vital to create close collaboration between business and cyber-intelligence teams and establish a joint command centre for the continuous updating of controls and effectively communication of these changes to customers.
2.2. Shared risk list/database
A centralized database for participating institutions to collaborate and share information regarding known fraud incidents, fraudsters’ modus operandi and emerging fraud trends will be effective in combating fraud. By collectively sharing this information, institutions can proactively identify potential vulnerabilities and take preventive measures to mitigate the risk.
2.3. Cross-sector collaboration
Collaboration involving participants such as financial institutions, law enforcement agencies, technology providers and regulators will allow for collective efforts to be made in identifying fraud patterns and resolving vulnerabilities that may span across different sectors. This collaborative approach will offer stakeholders an exchange of experience , resources and leading practices, leading to a more broad and robust fraud prevention strategy.
3. Operational readiness
3.1. Efficient monitoring and reporting
To cope with the expected surge in fraud alert volumes, financial institutions will need to implement efficient monitoring and reporting mechanisms by using advanced analytics and machine learning capabilities to automate the process of detecting suspicious transactions, generating alerts and escalating high-priority cases for further investigation. By streamlining these processes, institutions can optimize their resources and response times so they can take timely actions to help mitigate potential fraud risks.
3.2. Controls to backstop mass fraud
To be prepared for unforeseen potential mass fraud incidents, it is essential to have controls in place to backstop participating banks and other participants. This entails establishing centralized controls at the network level, contingency plans, response protocols and collaboration frameworks to swiftly address and contain any large-scale fraud events. These actions collectively serve as a safety net and provide assurance for the participants in the event of a significant fraud incident.
3.3. Extended support
To support the implementation of always-on 24/7/365 payments and effective fraud monitoring, it’s essential to provide extended support systems. This includes ensuring that the necessary technical infrastructure and operational teams with the right skills are in place to handle the increased demands of continuous payment processing and real-time fraud monitoring.
4. Real-time analytics and technology
4.1. Strong multi-factor authentication
By implementing robust multi-factor authentication measures, financial institutions can significantly reduce the risk of unauthorized access or fraudulent transactions, providing an additional layer of protection to real-time payments.
4.2. Automated technology
Automation streamlines various aspects of payment processing, including transaction monitoring, data analysis and response mechanisms. By automating these processes, financial institutions can expedite the detection and prevention of fraudulent transactions, reducing the reliance on manual intervention and significantly reducing the time required to address potential threats. By using machine learning and artificial intelligence, banks can analyze transaction data to learn and adapt to new fraud patterns, enabling real-time detection and prevention.
4.3. Real-time fraud engine and machine learning capabilities
By integrating real-time fraud engines that use advanced algorithms and machine learning capabilities, financial institutions can constantly analyze and evaluate transactional data and fraud patterns in real time. This may enable them to swiftly identify and flag suspicious activities, allowing for detection and immediate flagging of RTP fraud attempts.
5. Training and awareness
5.1. Strategy for customer awareness
Financial institutions can create stronger awareness among end users by sharing information on the risks associated with RTP fraud and security tips, including creating strong passwords, being cautious of phishing attempts, regulary monitoring account activities and staying up to date with fraud and scam educational campaigns, newsletters and emails.
5.2. Workforce training and continuous enhancement
Continuous training and professional development initiatives ensure that the workforce remains skilled and equipped to handle the evolving challenges in real-time processing. Providing employees with training on various types of RTP fraud, including common fraud schemes and red flags to spot and stop fraud will ultimately enhance the overall efficiency and security of the payment ecosystem.
5.3. Forum establishment
Establishing a dedicated fraud forum comprising representatives from financial institutions, technology providers, government agencies and relevant industry bodies will serve as a platform for discussion, knowledge exchange and the development of leading practices in real-time processing. It will help enable the industry participants to share details on new fraud patterns and threats and to collaborate on innovative solutions to enhance the security of RTP.
Conclusion
In the ever-evolving landscape of RTP, the battle against fraud remains an ever-present and increasing challenge. As technology advances, so do fraudsters’ tactics, highlighting the need for continuous vigilance and innovation in fraud prevention strategies.
Customers should not be the first line of defence; banks must take a proactive approach and adopt renewed real-time fraud preventions to catch RTP criminals in action. By fostering collaboration among stakeholders, embracing modern technology and employng robust regulatory frameworks, we can safeguard the integrity of RTP.
Fraud will persist, so participants must remain committed to combating fraud to ensure the successful evolution of a secure and trustworthy payment ecosystem, so that the benefits of real-time payments can be fully realized.
Like what you’ve seen? To learn more about our latest thinking and services, visit our Payments and FinCrime resources.