Real-time payments (RTP) are incredibly popular with consumers, and for understandable reasons – they’re quick and convenient. But they’re also irreversible. And that’s just one of the reasons that they’re finding favour with a far less desirable type of user: scammers.
Wherever there is money there are fraudsters and this is particularly true when money is changing hands via new technology or process. Real-time payments and faster payment systems (FPS) are prime examples of this, and unless organisations act quickly and decisively, the opportunities offered by both could be reduced or even negated by the problems caused by fraud and scams.
Although the terms RTP and FPS are often used interchangeably, they are not the same thing. Faster payment systems such as Zelle, ACH, or CHAPS are (as the name suggests) rapid ways to move money, usually clearing on the same day. RTP, on the other hand, is designed to be instant.
While FPS payments may be processed in batches at the end of the day, RTP is instant. As well as being desirable for customers – 45% of US consumers prioritise RTP as a deciding factor in opening a new account – RTP brings significant benefits to businesses, with the ability to receive funds instantly allowing them to better manage cashflows and forecast more efficiently.
Economies, attitudes, cultures, and technology infrastructures vary massively across the globe. While RTP is the norm in some territories, it’s only coming over the horizon in others.
In the UK and the EU, RTP is a well-established concept, with consumers expecting the ability to pay and receive funds in real-time as a standard. The US is seeing a massive surge, thanks to apps such as CashApp and Venmo, and India – a territory that has generally had a reputation for being a cash-based economy – with over 25 billion real-time transactions being processed in 2020 alone.
Meanwhile, real-time payments accounted for just 3.2% of overall non-paper-based transactions in the UAE in 2021. That figure is projected to triple by 2026.
The staggered adoption of RTP across the world is a major complicating factor for organisations trying to tackle the scammers who see real-time payments as a world of opportunity. Scam victims who are tricked into making a payment quickly find out that they have no way of stopping or reversing a transaction once it’s been initiated.
But the major challenge with RTP is that it’s being rolled out in different ways at different speeds in different parts of the world. It’s being deployed at a local level; scammers function on a global level.
What that means is that businesses (and their customers) who are new to the concept of RTP are up against highly sophisticated bad actors who have had plenty of practice honing their techniques and technologies in areas where RTP is already heavily adopted.
Going back to the UAE as an example: scammers are using territories such as the UK as a training ground. Not only that, but they are also looking to the ongoing adoption in the US to understand how businesses adapt to RTP – and tailor their strategies accordingly. What this adds up to is a success rate for the scammers that is alarming.
Why are they so successful, so often?
Many scams revolve around social engineering techniques, with scammers coercing their victim into initiating a transaction – for example, after telling the customer that their account has been compromised and that they need to transfer their funds to a new one. Or they might persuade them to read out a passcode sent via SMS and from there on, the fraudster will have little problem either initiating the transaction themselves or even staging an account takeover (ATO) attack.
This is a particular concern. Banks and FIs are investing sizeable amounts of money in trying to combat the myriad attack vectors of fraudsters and scammers, and real-time payments are no exception. But the most common step-up authentication, SMS OTPs, is also one of the easiest for scammers to get around. In a digital-first era, relying on analogue, out-of-band OTPs for account security is the equivalent of locking and bolting the front door and leaving the window open.
Organisations with an eye on RTP need to meet the scammers head-on: the way things stand, fraudsters are the ones who have the flexibility to take advantage of new fraud vectors. That means thinking about and tackling the issue with digital technologies to tackle what is a digital threat. In other words, relying on timeworn infrastructures and outdated and insecure SMS OTPs isn’t going to do the trick.
Digital-first solutions such as Callsign provide a robust defence against the frauds and scams that follow in the wake of RTP, by layering threat and device intelligence with highly advanced behavioural biometrics – the ICO and UK Finance’s recommended approach to Strong Customer Authentication.
And Callsign’s Dynamic Interventions is designed to combat real-time scams in real-time. By passively analysing customer behaviours and recognising high-risk activities such as trying to transfer large sums to a new account, Callsign can deliver contextual prompts to nudge the customer and prevent the scam from taking place. It’s very hard for a scammer to talk around a message that they weren’t anticipating that outlines their actions.
RTP’s popularity is already huge, and that’s only set to increase. But if businesses are to enjoy the benefits brought by real-time payments, they need to ensure that they’re taking the fight back against the scammers.
And the way to do that is to ensure that their infrastructures and solutions match the bad actors. The scammers will always try and stay ahead of the curve – but by adopting an approach such as Dynamic Interventions, organisations can instead throw them a curveball.
451 Research has published a Vanguard Report, commissioned by Callsign that examines the potential for growth and the problems of fraud associated with RTP. Download your complimentary copy here.
Bhavesh Vaghela is the VP of Global Product Growth at Callsign. With over 15 years of experience in strategy, product leadership, and digital transformation. He is passionate about creating products that positively impact society with expertise across defence, banking, fintech, and cybersecurity.
About Callsign
Callsign makes digital life smoother and safer by helping organisations establish and preserve digital trust so people can get on with their digital lives. The first true representation of identity online, Callsign positively identifies users by their unique characteristics, replicating real-life recognition signals with AI models. The only solution to identify people across every journey, channel, and brand, Callsign makes digital identification seamless and secure, helping drive business growth.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now