Interview

Eastnets talks: tackling instant payments fraud, compliance, and customer trust

Thursday 13 June 2024 13:37 CET | Editor: Bethiah Negussie | Interview

Marie-Christine Diaz, Business Development Manager for Payments EU at Eastnets discusses instant payments fraud and the surrounding ecosystem—compliance, customer experience, and trust.

 

What are the biggest threats and challenges related to payments fraud?

One of the biggest challenges is cybersecurity over a multitude of channels. Open Banking and PSD2 in the EU opened the door to a variety of digital channels for payments, providing both convenience and ubiquity. Although regulators have imposed measures such as Strong Customer Authentication (SCA), multifactor authentication (MFA), mandatory encryption, transaction risk monitoring and reporting of suspicious activities, the challenge of trust still remains, particularly when transacting on unsecured or unverified marketplaces.

How have fraud tactics evolved over the last decade?

These security measures have been effective in protecting account owners from typical attacks that impersonate them. Consequently, the modus operandi of fraudsters is shifting. Traditional methods like brute force attacks, software automation with bots, trojan horses, malware injections that redirect to counterfeit websites, and keystroke hacking are giving way to more subtle tactics. These new tactics focus on identity theft through social engineering, leveraging relationships, credulity, through phishing, scams, and emails to initiate legitimate payments to the fraudster accounts.

What are the easiest patterns for fraudsters today? 

Fraud levels are now surging as these sophisticated methods evolve. The focus has shifted from the fraudulent attacks being on the account owner to the beneficiary, with fraudsters increasingly impersonating legitimate recipients to divert funds. For instance, account takeovers, CEO fraud, and authorised push payments with stolen credentials are prevalent because they are easy. Fraudsters change beneficiary accounts or payment terms in invoices and letters of credit and guarantees.

Which are the challenges in combatting these new fraud threats? 

While most fraud methods leave detectable clues that can be easily tracked by traditional monitoring tools, nowadays fraudsters are devising more intricate fraud scenarios to operate under the radar, using intermediaries like money mules to transfer funds for a commission, creating fake synthetic digital identities, and utilising generative AI. 

The main challenge in combating these threats is the continuous evolution and increasing sophistication of fraud attacks that involves multiple channels, entities, and transactions. Acquiring robust security solutions that can correlate various information in real-time, like Eastnets solutions, will help industry players to stay ahead of emerging threats.

What unique challenges arise when addressing instant payment fraud? 

When it comes to instant payment, there are several challenges emerge that change the landscape of transaction security. Instant payments must be executed within a few seconds (10 seconds in Europe),  are guaranteed and irrevocable once accepted. Therefore, upon reaching the beneficiary account, funds become immediately accessible for utilisation by the beneficiary. Although currently there may be a transfer limit, like in Europe, a limit of EUR 100.000, the expectation is that overtime these limits are removed. This can potentially heighten the risk of fraudulent activities with higher scale and impact. 

Additionally, with instant payments, funds can be transferred anytime on a 365/24/7 basis. Banks and PSPs will need systems and the processes to monitor fraud seamlessly during operational windows that are typically unattended. Furthermore, detecting fraudulent activities within 10 seconds poses a challenge and demands advanced control mechanisms and real-time monitoring capabilities. The need for faster resolutions magnifies the complexity of fraud detection protocols, needing more resources, more sophisticated detection tools and advanced data analytics.

What are the new forms of fraud related to instant payment? 

As the fraud is shifting to other vulnerable areas, like the beneficiary details in Approved Pushed Payments (APP), regulators are imposing the verification of the beneficiary's name and account. 

This is also crucial to ensure trust in real-time cross-border transactions as part of the G20’s objectives and reflected in the One-Leg Out Instant Credit Transfer (OCT Inst) scheme rulebooks.

Currently, no single provider offers a single interoperable payee verification on a European or cross-border scale. To address this, Eastnets partners with key Validation of Payee (VOP) providers across multiple regions, complementing its portfolio with comprehensive validation services.

What technologies are currently envisaged for fraud prevention with compliance in instant payments?

Rule-based systems have been effective for years in tackling transaction fraud, sanctions screening, money laundering and more, at Eastnets. However, nowadays, fraud prevention needs to go beyond merely profiling transactions or entities in silos and include additional contextual information. 

Eastnets Intelligence uses AI models and generative AI to enhance fraud detection across its rule-based products. Different AI models are selected and combined to support specific fraud use cases, enabling the detection of complex relation that rule-based systems might miss. In addition, richer exogeneous information available through APIs offer a more precise and holistic risk scoring in real-time. For example, anomalies detection in trade finance include transaction linking analysis, ultimate beneficiary owner (UBO) behaviour analysis, trade goods price validation with external source and ship geo-localisation. Furthermore, Eastnets' generative AI tool acts as a copilot, aiding the investigator via an interactive chatting channel.

What are the key advantages of these solutions? 

Implementing AI-based solutions can offer advantages and address several critical needs within the industry. First, AI can reduce the human effort by providing a fraud prediction score that is more accurate, global and of better quality, thereby eliminating false positive cases and enabling fraud experts to focus their efforts solely on genuine fraud cases that are complex to deter. Second, AI accelerates the investigation process by consolidating richer contextual data concerning the transaction and the entities involved into a single, intuitive interface in real-time, at their fingerprints. This enables fraud experts to quickly visualise and assess potential problems without having to navigate through multiple systems or tools. Third, AI-powered systems operate on scalable infrastructures that function 24/7, processing large volumes of both structured and unstructured data integrated from multiple sources and systems via API.

As a result, maintenance costs are drastically reduced through an ongoing learning process to optimise rules, models, and thresholds. This reduces reliance on static rules and allows for calibration based on expert decisions, ensuring scalability with increasing data volumes.

What are the key pitfalls to avoid?

Adopting AI in fraud prevention also presents pitfalls to navigate carefully. Firstly, ensuring the quality and reliability of the source data is crucial. This aspect requires significant time and effort to ensure accuracy, correct interpretation, and rationalisation of data sources. Secondly, there is the pitfall of risk  in machine-based decision-making. The role of AI in the investigation process can vary. It might be used to get a simple diagnostic based on data comparison or filtering, to get suggestions and advice (acting as a co-pilot), or to fully delegate the detection and investigation tasks. Each of these AI roles, from ‘diagnostic setter’ to  'advisor' to  'decider', carries different levels of risk. Financial institutions must carefully evaluate these risks prior to the implementation.

How to avoid these pitfalls?

When launching the AI based solutions, several considerations must be taken into account. To mitigate risks, there are four key measures: first, constantly monitor the performance of the AI models and adjust them, to ensure a progressive move from assistance to full delegation. Second, assess the degradation of the models through the increase of false positives. Third, ensure a constant transparency of the decision-making process as well as the ability to explain the different steps taken. Finally, monitor and correct the “hallucinations” of the AI assistant, where decisions are made without proven factual data.

What advice would you give to payment facilitators regarding fraud solutions?

For payment facilitators operating in the realm of instant payments, a comprehensive approach is crucial. Firstly, payment facilitators should thoroughly review their existing processes, including their tools and rule-based systems, to identify areas for improvement. Incorporating additional and frequent controls along the payment chain is essential. Using holistic, richer and contextual information is a must, as is implementing controls that are dynamic and adaptable over time to keep up with evolving fraud tactics.

Additionally, employing systems that are open, with API access, flexible, and scalable, such as Eastnets solutions, can greatly enhance the effectiveness and efficiency of fraud prevention measures. 

Finally, continuously monitoring the risk, validating and refining AI models will ensure that fraud detection systems remain accurate and effective over time, adapting to new patterns and threats as they emerge.

What lies ahead on the horizon for payments fraud, and what should the industry be preparing for?

When considering the trajectory of fraud in the future, it is important to recognize the evolving landscape shaped by digital innovations such as Open Banking and instant payments, and cloud technology. Though the benefits of these services are well acknowledged, these innovations bring a set of vulnerabilities, presenting the challenge of navigating uncertain risk assessments and detection complexities beyond the boundaries of the institution, which is a sweet spot for fraudsters.

However, amidst these challenges, Intelligence solutions based on AI models and generative AI seem to be a promising avenue. These technologies can process very large datasets that human beings are unable to process in a short timeframe, provide a more precise risk score that reduces false alerts and assist the fraud expert in accelerating in resolving cases faster with intuitive visuals at their fingerprints. This, in turn, improves customer experience and focuses the attention of the investigator on real fraudulent cases.

Nevertheless, the effectiveness and trust of AI in preventing fraud depends on the establishment of a strong regulatory framework that provides the required transparency.

Additionally, industry players across the globe are coming together to share information on suspicious customers, joining forces in the global fight against financial scams. We have seen this initiated by Spain’s three largest banks – Banco Santander, BBVA, and Caixabank – to consolidate their anti-fraud efforts into a single tool to share information on fraudulent activities and implement effective countermeasures, all while ensuring that the shared data remains private and secure. In Singapore, the financial regulator has recently launched its COSMIC (Collaborative Sharing of ML/TF Information & Cases platform) to combat money laundering, terrorism financing, and proliferation financing around the world.

Ultimately, success in fraud prevention depends on technological advancements, regulatory foresight, and industry collaboration that can protect consumers' and enterprises' assets as well as preserving the stability, trust, and reputation of the financial sector.

About Marie-Christine

Maria Christina Diaz, Business Development Manager for Payments-EU at Eastnets is a seasoned payments professional. Marie-Christine Diaz, Business Development Manager for Payments-EU at Eastnets is a seasoned payments professional. She is responsible for the development of the Payments business in Europe at Eastnets since January 2023. Previously, she had various Market and Product Manager and consulting roles at SWIFT, where she developed the low-value and high-value payments business over the last 20 years. More recently, she worked on the Instant Payment business, multi-network interfaces portfolio, and resiliency services.

About Eastnets

Eastnets is a global provider of compliance and payment solutions for the financial services sector. Eastnets is a global provider of compliance and payment solutions for the financial services sector. Through its experience, expertise, and technology Eastnets enables safe and secure participation in the global financial economy for over 800 financial institutions globally, including 15 of the top 50 banks, and 22 of the world’s Central Banks. For more than 40 years, Eastnets has worked to keep the world safe and secure from financial crime by helping its partners manage risk through Sanction Screening, Transaction Monitoring, analysis, and reporting, as well as consultancy and customer support.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: instant payments, artificial intelligence, generative AI, fraud detection, fraud prevention, compliance, AML, transaction monitoring, banks, PSP, financial institutions
Categories: Fraud & Financial Crime
Companies: EastNets
Countries: Europe
This article is part of category

Fraud & Financial Crime

EastNets

|
Discover all the Company news on EastNets and other articles related to EastNets in The Paypers News, Reports, and insights on the payments and fintech industry: