The United States stands on the brink of a groundbreaking leap forward in the realm of payments and instant money movement, as FedNow, the US Federal Reserve's real-time payment system, is scheduled to launch later this month.

Real-time payments (RTPs) are expected to make US domestic transactions and cross-border payments faster and more cost-effective than ever before. It will also mean enhanced visibility and control over cash flow.

While all RTPs can be categorized as a type of faster payments, not all faster payments are conducted in real-time. Invariably, faster payments post and settle transactions faster than traditional payment methods, but they aren’t all instantaneous. However, as the pace of the movement of funds increases, “Faster payments adoption is accelerating in countries around the globe”, said an Aite-Novarica Group report sponsored by Outseer.

The report, titled Faster Payments, Faster Fraud: Solutions to Stop the Madness, surveyed fraud executives at major financial institutions in Brazil, Canada, India, the UK and the US. The objective was to gain insights into the trends associated with fraud on faster payment rails. Aite-Novarica Group further contributed to these efforts by analysing the progress of faster payments in each market.

“Faster payment rails provide a great deal of utility to consumers and businesses alike, but what appeals to customers is nearly irresistible to fraudsters”, observed the survey report. “The adage ‘faster payments, faster fraud’ is still, unfortunately, quite apropos.”

With payments innovation come new opportunities to commit payment fraud, and faster payments have proven to be no exception. Thus, payments fraud remains a significant concern for treasury and finance professionals, with two out of three companies continuing to fall prey to fraudulent attacks, as per the 2023 Association for Financial Professionals (AFP) Payments Fraud and Control Survey.

Majority of financial institutions (FIs) surveyed experienced surge in fraud attacks in 2022:  

Faster payments appear to have led to more criminal activity. Malicious actors have “Performed a series of tried-and-true attacks via account takeover (ATO) and employed social engineering tactics, inducing victims to unwittingly and voluntarily send funds to the fraudster”, the report noted. This has resulted in a spike in fraud attacks as reported by the majority of surveyed FIs.

                                              2022 Payment fraud attack volume vs. 2021

When Aite-Novarica Group queried FIs about the trends associated with various forms of payment fraud attacks, 57% said that “Mule activity over real-time payment rails was up in 2022 vs. 2021, 71% said that consumer ATO using real-time payment rails increased in 2022 vs. 2021, and 62% said that consumer authorized push payment (APP) fraud via real-time payment rails increased in 2022.”

It is pertinent to mention here that the important distinction between these two primary attack vectors is that ATO fraud involves an unauthorized funds transfer from the victim’s account, whereas APP fraud entails tricking victims into authorising the transfer of funds.

Criminals are consistently probing and exploiting the gaps and the weakest links in the security control framework. The report adds that “This is true for most of the fraud typologies related to payments fraud”, like ATO and APP fraud, which were “Highly active attack vectors in countries with faster payment rails in 2022.”

FIs expect this trend to persist, as they anticipate an increase in faster payments volume across consumer, small-business, and corporate payments over the next year.

                                              Trendline of faster payments

Fraud losses: the key driver for investing in real-time payment controls

According to the survey report, “The industrialization of fraud remains problematic on the ATO front, particularly as the pandemic has eased and fraudsters have resumed their focus on traditional forms of bank fraud.”

Fraud is a huge global problem, and losses on account of payment card fraud worldwide exceeded US$32 billion in 2021, nearly $12 billion of which was in the US, according to the Nilson Report, the trade publication that covers the global payment card industry.

In response to queries about the factors driving investments in real-time payment controls, more than four out of five survey respondents (81%) acknowledged that fraud losses and regulatory oversight were primary reasons for such investments. Additionally, 76% identified reputational risk as a crucial factor, while 71% emphasised the significance of customer experience and the potential of a liability shift for APP fraud to their institution as key business-case drivers for such investment.

                                              Business-case drivers

FIs are aware that as payments move faster or in real time, there will be less time to detect criminal activity, yet “57% of the fraud executives interviewed still believe that the benefits of real-time payments to their customers outweigh the risks.”

Given the value associated with faster payments, FIs remain committed to mitigating those risks, with 77% of them planning to make “Major changes to enhance their real-time payment fraud controls over the next one to two years.”

Faster payments are here to stay. This will require corporations and financial services firms to collaborate, adapt and strengthen their control frameworks and points of vulnerability to handle the “Rising tide of industrialized ATO attacks and APP fraud, which continue to rise precipitously”, cautions the report.

In conclusion, “There is no silver bullet: Effectively addressing authorized and unauthorized real-time payments fraud requires a combination of techniques, including transaction monitoring, consortium data, and multifactor authentication”, the Aite-Novarica Group survey report recommends.

It also requires organizations to have ongoing and specific payment fraud training (securetreasury.com) for their employees, which is distinct from general cybersecurity training. This will help in preventing and fighting payments fraud and reducing the impact of such losses in a world of faster and instant payments.