Turning the tide of payments fraud: Navigating and managing the evolving threats
The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
Colin Parsons, Head of Product Management, Fraud and Scams Prevention, Verafin
How can financial institutions navigate and manage evolving payment fraud threats?
Payments fraud, and in particular Authorised Push Payment Fraud (APP), is a problem impacting the entire industry. Events that bring together some of the best minds and ideas that are focusing on these problems, like CeFPro’s Fraud and Financial Crime Europe, are a good starting point. Being able to share best practices with colleagues and other industry partners allows all of us to grow and learn.
From my own experience, it is very apparent that we need good sources of data to be able to understand the problem, and more importantly benchmark our Payments programs. Thankfully the UK is a leader in this space. The data provided by UK Finance helps all players in the industry address the challenges of fraud. Other jurisdictions around the world could learn from this model.
What are the roles of mules and the opportunities created by them to combat fraud?
Mules are critical to a fraudster’s ability to facilitate payments fraud. Whether by creating accounts with the intent to defraud or recruiting vulnerable individuals, mules are the path for fraudsters to move funds. The need for mule accounts is also a vulnerability for fraudsters. They need to put time and effort into grooming these accounts to successfully complete APP fraud, meaning if the industry can address potential mule accounts, we can reduce the fraudsters return on investment.
The industry needs to better profile when a payee may be a potential money mule. Many institutions do this through some form of new payee analysis. This may occur at the account level (has this payor sent to this payee in the past) or at the institution level (has anyone at my institution sent a payment to this payee account in the past). This approach has a major challenge in that in can produce a significant number of false positives resulting in customer friction and increased operational costs. This is where consortium-based counterparty analytics can be so powerful. We have found that using a consortium-based approach can improve detection rates and false positives significantly.
The industry also needs to work together to remove suspected mule accounts once they are identified. One of the challenges with an effective detection strategy is that when a fraudulent transaction is stopped the institution with the mule does not have a way of knowing that a fraudulent payment was destined to one of their accounts. The act of stopping the payment removes the feedback loop the payee institution would need to deal with the mule. Creating a notification service for a potential mule account is critical to remove these risky accounts from the network.
How can institutions prepare for a possible liability shift?
Any change in liability should be seen as a potential opportunity for the industry to work together to solve payments fraud. Ensuring your payment solutions have real-time invention capabilities is the first step. More importantly, leveraging consortium-based counterparty data to help identify potential mules is critical to ensuring that you are identifying APP fraud, while also managing costs and customer expectations. The expectation will be that each financial institution is doing all you can to protect your customer. That includes a highly effective detection strategy that includes consortium-based analytics.
Ensuring you have good scripting for your teams to assist with the difficult customer conversations will also be critical. Finally, documenting any conversations you may have with the customer within your case management system – regardless of what the customer ultimately decides to do – will be important to show that you did your due diligence on that payment.
What is the importance of profiling customers to identify receiver of payments and identify mules?
The industry has seen a significant shift in fraud over the last decade. Authentication controls implemented over this time have made pure Account Take Over fraud much more difficult to do. Fraudsters have realised that it is easier to have your customer send the payment versus trying to do it themselves – hence the rise in APP fraud. This shift to APP fraud also changes how we need to address the problem. Just looking at your customer is no longer enough.
Instead, we need to shift the focus to the payee and look for indicators that your customer might be sending funds to a mule account. This is where consortium-based approaches really shine. They give more insights into a payee account than an institution would have on their own. Profiling for potential mules is critical in this approach. But just as important is identifying those low-risk accounts that you may not be aware of so that you can reduce unnecessary false positives, avoid customer friction and reduce operational costs.
In what ways do you believe that payments fraud will continue to evolve?
Customers, both retail and commercial, expect payments to be fast and frictionless and they want to be able to do them at any time from any device. As an industry we have responded to this need with systems that allow payments to move in seconds anywhere and at any time.
Fraudsters have realised the power of APP fraud, and responding to this shift in approach is challenging for an institution to manage on their own. Education, although important, only goes so far. Removing the incentives for fraudsters is critical which means highly effective detection strategies will be needed for payments. The opportunity for managing fraud though a consortium-based approach is clear, and I expect to see consortium-based approaches more broadly adopted across the industry. Otherwise, APP fraud will be a preferred method for fraudsters as there is an endless supply of potential victims for them to target.
Colin Parsons will be speaking at our upcoming Fraud and Financial Crime Summit, taking place on September 20-21 at One America Square.
You may also be interested in…
Have you made your free account?