By Amanda Holden
Canada is already one of the most cashless societies on the globe, but that hasn’t stopped our financial industry from finding more ways to modernize the way consumers and businesses pay for the goods and services they acquire.
Enter the Real-Time Rail (RTR), expected to launch in 2022 and designed to make payments instantaneous. RTR promises to support real-time/instant payments for all Canadians while acting as a platform for innovation. Account-to-account payments will be delivered and received 24 hours a day, seven days a week, 365 days a year.
With RTR, payments will not just be instantaneous, but also irrevocable: a measure that, in theory, makes those payments more efficient and secure.
But the real-time nature of RTR payments raises concerns for anyone familiar with payments fraud. Recent trends that have emerged during the COVID-19 pandemic make it easy to see why.
With physical distancing permeating all aspects of our lives, in-person transactions have declined dramatically. Interac e-Transfers and other forms of digital payments have now become a part of many Canadians’ day-to-day spending. There were more than 61 million Interac e-Transfers in April 2020 alone, with first-time users growing more than 43 percent over the previous year.
Industry observers and payments providers aren’t the only ones observing this trend. Fraudsters have taken notice, too.
A recent study we conducted with Javelin Strategy confirmed what many of us in the fraud and security space already knew: COVID-19 hasn’t changed how fraud is being committed, but it has presented more opportunity for fraud to be successful.
Today’s methods of choice — like phishing, business email compromise and social engineering — have long been go-to tools for fraudsters trying to directly access payment accounts or to trick unsuspecting consumers and businesses into sharing payment data.
However, the sheer volume and diversity of attempts — including everything from email scams to social media and elder scams — has combined with consumers fearful about COVID-19 to make it easier to fall victim to these fraudulent attempts.
The “Fraud Triangle”
Fraud industry participants often talk about the “Fraud Triangle”, which are the three key elements needed for a scammer to successfully defraud a consumer or business. These are:
While COVID-19 hasn’t itself changed how fraudsters target potential victims, it has caused targets to make poor decisions, increased the opportunity for bad actors to find vulnerable targets and, in many cases, made it easier for victims to rationalize sharing highly sensitive payment information.
The issue with irrevocability
Most types of digital payments today — even those that show up in an account mere minutes after sending — are still subject to settlement processes in the back end that can take many days to clear. These checks and balances provide a safety net to consumers, businesses and banks alike to ensure that all payments make it to their intended destination, and that fraud can be identified and managed soon after it happens.
But in a modernized, real-time payments world — like the one we’ll enter into with RTR — not only will those payments be instantaneous, but will also be irrevocable and non-repudiated.
What does that mean? It means you can’t go back and rectify an error!
Say a vendor charged you $100 for an item you purchased that was priced at $10. If that purchase was made with a VISA card today, the consumer could work with VISA to issue a chargeback, returning the funds to the payer. Dispute resolved.
Irrevocable payments won’t allow for that. The onus will be on the consumer to work with the recipient to rectify. And if the recipient’s a fraudster, the consumer will have no recourse to get their money back.
The consumer will be required to be 1,000 percent sure of all elements of a transaction — from the payment amount to the details of the recipient — before hitting send. That’s a lot of work for the average consumer, and plays into the hands of increasingly savvy fraudsters.
While it’s expected that some form of operating regulations and policy will be implemented, those details are scarce at the moment. As it stands today, not only do consumers have to protect themselves, but one would argue there is a responsibility on the financial services to proactively protect risky transaction.
What each organization has in common is the need for as much real-time data as possible to make inline transaction decisions. As organizations mature and can readily access data, the key becomes leveraging a breadth of data, in real-time with deep and agile analytics to create risk scores that proactively protect the organization and their customers.
How can banks fight back?
For banks, the only way to adequately fight fraud in a system designed to be immediate and irrevocable is to make fraud decisions as fast as the payment decision being made. Banks need to understand every transaction in real time, and to identify fraud triggers just as quickly.
Today’s payment processes that leverage days-long settlement processes and delay windows, will be transacted to milliseconds, meaning the banks have less than a second to spare to keep their customers safe.
In the RTR world, data and analytics will be central to helping banks fight fraud. Analytical tools can bring millions of pieces of data together quickly, using machine learning and artificial intelligence to immediately and thoroughly analyze that data, and create an instantaneous risk score that can flag potential fraud as it happens. These tools will be paramount in protecting both consumers and banks from losses.
RTR presents myriad opportunity for payments in Canada, but not without new risks. When those risks happen in real time, it’s absolutely essential that fraud prevention to happens just as quickly (or even faster).
Canadian banks must protect themselves and their customers in a world where payments are instantaneous and irrevocable. They’ll need an approach that is data rich and analytical.
Amanda Holden is a technology, fraud and operations executive with SAS Canada, with over 15 years experience in payments and 25+ years experience in financial services. She is responsible for driving business development and go to market strategies for SAS Fraud and AML (anti-money-laundering) products and services.