Search Payments Views

Stakeholders Respond to Fraudsters’ Affinity for Instant Payments

Payments Views

March 21, 2023

Joanna Wisniecka and Bethany May

A joint post by Joanna Wisniecka and Bethany May

Rise in instant payments systems incites rise in fraud
Instant payments systems (IPS) are proliferating globally, conferring benefits to economies and ultimately, end users. These systems are making digital payments faster, easily accessible, and in some countries, more affordable than other existing payments methods. As IPS have gained traction, fraud schemes have increased – fraudsters are savvy, and relish the opportunity to attack a novel payments system where payments are instant and irrevocable.

IPS are facing increasingly sophisticated and ever-changing fraud schemes that can be classified into two categories:

  • Unauthorized push payment fraud: Fraudulent payments initiated by fraudsters after gaining access to legitimate end-user accounts. These payments appear as having been initiated by the rightful account owner.
  • Authorized push payment fraud: Fraud which materializes when an account owner authorizes a payment as a result of social engineering tactics, most often a scam.

Authorized push payment fraud is an especially troubling trend which is on the rise globally. As a result, IPS stakeholders are responding.

Advancing IPS fraud mitigation techniques
For end users – consumers and businesses – to benefit from these systems it is imperative that they are able to trust that their funds are not at risk of being stolen. To create and preserve trust we are observing a multi-pronged approach, with regulators, IPS participants (referring in this post to banks and non-banks that provide transaction accounts to end user and are eligible to participate in the IPS), IPS network operators, and third-party providers working towards the shared goal of increasing the safety and security of these systems.

Regulators are playing a more active role
Regulators tasked with overseeing financial institutions and consumer protection are taking note of the acceleration of fraud incidence and loss as IPS adoption increases. In response, we are seeing regulators take a more prescriptive approach towards IPS participant accountability and controls.

Recently, the UK government proposed to reclassify fraud as a national security threat reflecting its status as the most commonly experienced crime in the country; authorized push payment fraud due to social engineering in particular is a major and growing problem. The UK is also evaluating new regulations that would place more liability on financial institutions in cases of authorized push payment fraud. Specific to IPS, the Central Bank of Brazil, which is responsible for payments regulations and Pix system’s operating rules, has taken a highly prescriptive approach to participant requirements around authentication and fraud reporting. Even in the U.S., which tends to take a more principles-based approach to regulation, the calls are becoming louder for increasing consumer protections in cases of authorized push payment fraud and strengthening requirements and oversight of participants’ risk management practices.

Payments systems are enabling participants to mitigate fraud
As pressure on IPS participants to better manage (and prevent) fraud increases, we are starting to see IPS increasingly incorporate risk management tools directly into their core system. IPS are doing this carefully, balancing the need to strengthen controls across all participants without the IPS itself taking on the decisioning responsibility and the potential liability that comes with it.

The approach to risk management at the IPS participant level varies, but typically involves monitoring transactions to identify suspicious payments and prevent the processing of such transactions. If tools are provided by an IPS, participants may be able to do this more effectively. For example, Brazil’s Pix system requires stakeholders to report information on confirmed fraudulent transactions and makes the data available to other stakeholders, who can use this data to monitor their transactions (e.g., participant B learns of a bad actor identified by participant A and uses the data to prevent a fraudulent transaction by the bad actor). The U.S. FedNow system, expected to launch this summer, will enable participants to screen transactions against negative lists. We anticipate this approach to continue, with more IPS playing a similar role and offering fraud mitigation tools to participant.

IPS participants must mature their capabilities
Not all IPS participants are the same. They vary in type (e.g., financial and non-financial institutions), size (e.g., community banks to large, global financial institutions), and in their ability to manage payment risk. With increasing regulatory pressure, however, all participants will be required to achieve a higher level of minimum risk mitigation requirements. Given the sophistication and persistence of fraud rings, these minimum requirements will result in controls that will continue to increase in both sophistication and speed.

Savvy participants are improving their ability to identify, manage, and respond to fraud incidents with the goal of moving from a reactive posture to prevention. We expect a continued focus on and need for effective transaction monitoring solutions, proven end user fraud education strategies, customer authentication, and reporting capabilities.  This spells opportunity for solution providers with innovative risk management solutions. 

What’s next?
Risk management trends in instant payments are consistent with evolution of other payments systems (e.g., card systems). Looking ahead, we believe various parties will take on a greater role to reduce risk of fraud incidents in IPS.

In spite of this growing awareness and requisite need to take action, there is belief across all stakeholders that the benefits of IPS outweigh these risks. In order to realize the benefits, we expect to see:

  • Regulators develop more prescriptive requirements in regulations
  • Instant Payments Systems expand their fraud mitigation services to support participants
  • Participants invest in controls that are effective in a 24/7/365 push payment environment
  • Providers continue to emerge with innovative payments risk management solutions

To all the stakeholders out there, we’re rooting for you.

Recent Payment Views

Payments Post #3: Glenbrook’s April Roundup

Payments Post #3: Glenbrook’s April Roundup

Welcome back to Payments Post. Last month’s edition was all about banks; this month’s is about “paying by bank”. Or to be a bit more semantically precise, account-to-account (A2A) payments. We were particularly interested in Visa’s Visa+ initiative, iDEAL’s apparent...

read more
Ready for U.S. Faster Payments 2.0?

Ready for U.S. Faster Payments 2.0?

Today's U.S. faster payments market is not the one we envisioned. In market for five-plus years now, RTP® and Zelle® laid the foundation of faster payments in the country but, as with most new payment systems, challenges inhibit adoption. Volumes in both networks have...

read more
Where are fast payments systems headed in the U.S.?

Where are fast payments systems headed in the U.S.?

We are in the early stages of fast payments here in the U.S. Zelle and RTP are live and the FedNow Service is about to launch. In the near-term, I expect fast payments ecosystem stakeholders will stay hyper focused on simple yet critical enablers of connectivity and...

read more
Payments Post #2: Glenbrook’s March Roundup

Payments Post #2: Glenbrook’s March Roundup

Surprise! We spent a lot of the past month thinking about banks. March confronted us with stumbling blocks for fintechs and their sponsor banks, a bank-led battle for the checkout page, and a clearer view of the path forward for U.S. fast payments. Let’s dive into it...

read more
Opportunities in U.S. Fast Payments

Opportunities in U.S. Fast Payments

At Glenbrook, we believe that efficient and inclusive financial services are vital to economic growth. In support of this mission, we have worked on fast payments initiatives in 55 countries or regions to date. For example, we have developed principles for inclusive...

read more

Glenbrook Payments Boot CampTM workshop

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot CampsTM workshops tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

GlenbrookTM Company Press

Comprehensive books that detail the systems and innovations shaping the payments industry.

Launch, improve & grow your payments business