One of the biggest challenges is cybersecurity over a multitude of channels. Open Banking and PSD2 in the EU opened the door to a variety of digital channels for payments, providing both convenience and ubiquity. Although regulators have imposed measures such as Strong Customer Authentication (SCA), multifactor authentication (MFA), mandatory encryption, transaction risk monitoring and reporting of suspicious activities, the challenge of trust still remains, particularly when transacting on unsecured or unverified marketplaces.
These security measures have been effective in protecting account owners from typical attacks that impersonate them. Consequently, the modus operandi of fraudsters is shifting. Traditional methods like brute force attacks, software automation with bots, trojan horses, malware injections that redirect to counterfeit websites, and keystroke hacking are giving way to more subtle tactics. These new tactics focus on identity theft through social engineering, leveraging relationships, credulity, through phishing, scams, and emails to initiate legitimate payments to the fraudster accounts.
Fraud levels are now surging as these sophisticated methods evolve. The focus has shifted from the fraudulent attacks being on the account owner to the beneficiary, with fraudsters increasingly impersonating legitimate recipients to divert funds. For instance, account takeovers, CEO fraud, and authorised push payments with stolen credentials are prevalent because they are easy. Fraudsters change beneficiary accounts or payment terms in invoices and letters of credit and guarantees.
While most fraud methods leave detectable clues that can be easily tracked by traditional monitoring tools, nowadays fraudsters are devising more intricate fraud scenarios to operate under the radar, using intermediaries like money mules to transfer funds for a commission, creating fake synthetic digital identities, and utilising generative AI.
The main challenge in combating these threats is the continuous evolution and increasing sophistication of fraud attacks that involves multiple channels, entities, and transactions. Acquiring robust security solutions that can correlate various information in real-time, like Eastnets solutions, will help industry players to stay ahead of emerging threats.
When it comes to instant payment, there are several challenges emerge that change the landscape of transaction security. Instant payments must be executed within a few seconds (10 seconds in Europe), are guaranteed and irrevocable once accepted. Therefore, upon reaching the beneficiary account, funds become immediately accessible for utilisation by the beneficiary. Although currently there may be a transfer limit, like in Europe, a limit of EUR 100.000, the expectation is that overtime these limits are removed. This can potentially heighten the risk of fraudulent activities with higher scale and impact.
Additionally, with instant payments, funds can be transferred anytime on a 365/24/7 basis. Banks and PSPs will need systems and the processes to monitor fraud seamlessly during operational windows that are typically unattended. Furthermore, detecting fraudulent activities within 10 seconds poses a challenge and demands advanced control mechanisms and real-time monitoring capabilities. The need for faster resolutions magnifies the complexity of fraud detection protocols, needing more resources, more sophisticated detection tools and advanced data analytics.
This is also crucial to ensure trust in real-time cross-border transactions as part of the G20’s objectives and reflected in the One-Leg Out Instant Credit Transfer (OCT Inst) scheme rulebooks.
Currently, no single provider offers a single interoperable payee verification on a European or cross-border scale. To address this, Eastnets partners with key Validation of Payee (VOP) providers across multiple regions, complementing its portfolio with comprehensive validation services.
Rule-based systems have been effective for years in tackling transaction fraud, sanctions screening, money laundering and more, at Eastnets. However, nowadays, fraud prevention needs to go beyond merely profiling transactions or entities in silos and include additional contextual information.
Eastnets Intelligence uses AI models and generative AI to enhance fraud detection across its rule-based products. Different AI models are selected and combined to support specific fraud use cases, enabling the detection of complex relation that rule-based systems might miss. In addition, richer exogeneous information available through APIs offer a more precise and holistic risk scoring in real-time. For example, anomalies detection in trade finance include transaction linking analysis, ultimate beneficiary owner (UBO) behaviour analysis, trade goods price validation with external source and ship geo-localisation. Furthermore, Eastnets' generative AI tool acts as a copilot, aiding the investigator via an interactive chatting channel.
Implementing AI-based solutions can offer advantages and address several critical needs within the industry. First, AI can reduce the human effort by providing a fraud prediction score that is more accurate, global and of better quality, thereby eliminating false positive cases and enabling fraud experts to focus their efforts solely on genuine fraud cases that are complex to deter. Second, AI accelerates the investigation process by consolidating richer contextual data concerning the transaction and the entities involved into a single, intuitive interface in real-time, at their fingerprints. This enables fraud experts to quickly visualise and assess potential problems without having to navigate through multiple systems or tools. Third, AI-powered systems operate on scalable infrastructures that function 24/7, processing large volumes of both structured and unstructured data integrated from multiple sources and systems via API.
As a result, maintenance costs are drastically reduced through an ongoing learning process to optimise rules, models, and thresholds. This reduces reliance on static rules and allows for calibration based on expert decisions, ensuring scalability with increasing data volumes.
Adopting AI in fraud prevention also presents pitfalls to navigate carefully. Firstly, ensuring the quality and reliability of the source data is crucial. This aspect requires significant time and effort to ensure accuracy, correct interpretation, and rationalisation of data sources. Secondly, there is the pitfall of risk in machine-based decision-making. The role of AI in the investigation process can vary. It might be used to get a simple diagnostic based on data comparison or filtering, to get suggestions and advice (acting as a co-pilot), or to fully delegate the detection and investigation tasks. Each of these AI roles, from ‘diagnostic setter’ to 'advisor' to 'decider', carries different levels of risk. Financial institutions must carefully evaluate these risks prior to the implementation.
When launching the AI based solutions, several considerations must be taken into account. To mitigate risks, there are four key measures: first, constantly monitor the performance of the AI models and adjust them, to ensure a progressive move from assistance to full delegation. Second, assess the degradation of the models through the increase of false positives. Third, ensure a constant transparency of the decision-making process as well as the ability to explain the different steps taken. Finally, monitor and correct the “hallucinations” of the AI assistant, where decisions are made without proven factual data.
For payment facilitators operating in the realm of instant payments, a comprehensive approach is crucial. Firstly, payment facilitators should thoroughly review their existing processes, including their tools and rule-based systems, to identify areas for improvement. Incorporating additional and frequent controls along the payment chain is essential. Using holistic, richer and contextual information is a must, as is implementing controls that are dynamic and adaptable over time to keep up with evolving fraud tactics.
Additionally, employing systems that are open, with API access, flexible, and scalable, such as Eastnets solutions, can greatly enhance the effectiveness and efficiency of fraud prevention measures.
Finally, continuously monitoring the risk, validating and refining AI models will ensure that fraud detection systems remain accurate and effective over time, adapting to new patterns and threats as they emerge.
When considering the trajectory of fraud in the future, it is important to recognize the evolving landscape shaped by digital innovations such as Open Banking and instant payments, and cloud technology. Though the benefits of these services are well acknowledged, these innovations bring a set of vulnerabilities, presenting the challenge of navigating uncertain risk assessments and detection complexities beyond the boundaries of the institution, which is a sweet spot for fraudsters.
However, amidst these challenges, Intelligence solutions based on AI models and generative AI seem to be a promising avenue. These technologies can process very large datasets that human beings are unable to process in a short timeframe, provide a more precise risk score that reduces false alerts and assist the fraud expert in accelerating in resolving cases faster with intuitive visuals at their fingerprints. This, in turn, improves customer experience and focuses the attention of the investigator on real fraudulent cases.
Nevertheless, the effectiveness and trust of AI in preventing fraud depends on the establishment of a strong regulatory framework that provides the required transparency.
Additionally, industry players across the globe are coming together to share information on suspicious customers, joining forces in the global fight against financial scams. We have seen this initiated by Spain’s three largest banks – Banco Santander, BBVA, and Caixabank – to consolidate their anti-fraud efforts into a single tool to share information on fraudulent activities and implement effective countermeasures, all while ensuring that the shared data remains private and secure. In Singapore, the financial regulator has recently launched its COSMIC (Collaborative Sharing of ML/TF Information & Cases platform) to combat money laundering, terrorism financing, and proliferation financing around the world.
Ultimately, success in fraud prevention depends on technological advancements, regulatory foresight, and industry collaboration that can protect consumers' and enterprises' assets as well as preserving the stability, trust, and reputation of the financial sector.
About Marie-Christine
Marie-Christine Diaz, Business Development Manager for Payments-EU at Eastnets is a seasoned payments professional. She is responsible for the development of the Payments business in Europe at Eastnets since January 2023. Previously, she had various Market and Product Manager and consulting roles at SWIFT, where she developed the low-value and high-value payments business over the last 20 years. More recently, she worked on the Instant Payment business, multi-network interfaces portfolio, and resiliency services.
About Eastnets
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now