A survey of 45 bankers in Asia Pacific revealed that fraud is on the rise as real-time payment platforms proliferate.
The proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for 78% of surveyed banks, according to FICO.
In addition, 22% predict that fraud will rise significantly in the next 12 months, with an additional 58% anticipating moderate rise in fraud.
Dan McConaghy, president of FICO in Asia Pacific, commented that real-time payments brings convenience – which is good for customers. However, it is giving banks ‘zero time’ to clear transactions or payments.
He warned not to expect too much from AI technologies. “AI can't slow down the clock, but it can help create systems that are radically quicker to recognise a transaction that smells likely to be fraudulent,” he noted.
Weak authentication strategies
The FICO survey revealed that 40% of banks named social engineering as the number one fraud concern when it comes to real-time payments. Account takeovers were ranked second, with false accounts and money mules also rated as problems.
When asked which identity and authentication strategies they used, 84% said they use multifactor authentication. Biometrics is also popular with 64% affirming use of this technology, just edging traditional password approach to identifying customers. Surprisingly only 38% were using some form of behavioural authentication.
With only 46% combining one or more of these approaches, it leaves many exposed to attack vectors such as identity theft, account takeovers, cyberattacks.
McConaghy said criminals are targeting banking customers rather than banks. By extracting sensitive information, through social engineering, from unsuspecting customers, a criminal can then make use of real-time payments to move funds quickly through a maze of global accounts before real customers can report the theft.
Counter measures against real-time fraud
New forms of biometric, multifactor and behavioural technologies allow banks to stop payments being made, even if an account appears to be using the correct but stolen password or entering the right, but intercepted, one-time-password.
"Beyond this type of account take over, we also have authorised push payment fraud, such as when a customer is tricked into paying what they think is a legitimate invoice like a fake school bill or payment to a tradesperson," said McConaghy.
"This type of social engineering is harder to stop but better KYC, link analysis to find money mule accounts and behavioural analytics to flag new accounts for a regular payee, are all examples of how to tackle it."
