Understanding Today's Wire Transfer Risks
While the rise of wire transfer and ACH (automated clearing houses) fraud is not news, the pure acceleration rate, scale and sophistication of corporate wire and ACH fraud is alarming. For example, the FBI recently took the step of issuing a cyber security advisory in response to the growth of unauthorized and fraudulent multi-million dollar wire transfers from business and government entities to overseas locations.
Wire transfers, previously one of the more secure environments within a financial institution’s operations, pose the greatest risk of loss to a financial institution.
The transfer speed, potential size of such losses and the inability to recover funds once they are transferred to the destination institution all leave financial institutions vulnerable to significant risk.
To fully understand wire transfer risk, it is important to analyze the origin and the destination of the wire transfer. Many financial institutions allow business and consumer customers to initiate wire transfers in-branch, over the phone or online.
In general, wire transfers originating from branch locations are the least risky as fraudsters are generally reluctant to put in a personal appearance. Despite this, it is important that branches have a documented authentication process, including requirements for multiple forms of ID or signature verification.
Financial institutions usually require individuals initiating a wire transfer request over the telephone - typically corporate customers - to be authorized to initiate wires on behalf of the company for the particular accounts. These individuals must be able to provide appropriate security codes or correctly answer previously established security questions.
Yet, internal employees, both within the bank and the corporation, may gain access to account information and passwords to overcome such security barriers.
Similarly, financial institutions that allow customers to initiate wire transfers online open themselves to risk by fraudsters who are able to circumvent online authentication measures.
Many banks are turning to multi-factor authentication techniques such as “something you have” (e.g. a token), “something you are” (e.g biometrics) as well as “something you know” (e.g. a password) to help prevent fraud of this type.
They also are using techniques such as IP profiling to identify fraudulent access. In fact, multi-factor authentication becomes a critical weapon in a bank’s arsenal as criminals continue to develop increasingly sophisticated techniques to conduct fraud.
Criminals have figured out ways to bypass the need to “break” a user’s authentication, such as deploying a Trojan or some other type of malware to perform man-in-the-browser attacks.
These can be completely invisible to the user, who accesses the online bank account and makes a payment as they normally would, but behind the scenes the fraudster can redirect the funds to their own account and even change the amount of money being transferred.
So how can banks best protect their customers from the multiple entry points of today’s wire transfer risks?
The key is an enterprise risk management system that tracks customer behavior patterns such as time, frequency, amounts and destinations of activity. Then when customer activities show variances or anomalies, the system can issue an alert to stop the suspicious transaction in its tracks.
Such a strategy delivers an optimum detection rate and minimum false positive ratio.
Financial institutions face a growing burden to protect their customers from fraud, protect themselves from fraud losses and comply with mounting national and international regulations.
Ironically, while combating fraud, financial institutions are also being pressured by customers and regulators to improve the speed at which payments and transfers reach beneficiaries’ accounts, with many countries now at a near- or real-time process.
This rapid availability and transfer of funds creates additional challenges in terms of recognizing and shutting down fraud before it is too late. Are you prepared to guard against today’s wire transfer risks?
Related Blog Posts
How to be a Payments Trailblazer – The Seven Habits of Highly Innovative Organizations
The new Culture of Innovation Index from Ovum and ACI identified segments—from banks to intermediaries to merchants to corporates—at the cutting edge (of innovation) across the payments ecosystem. But what is most notable about those segments that have reached ‘trailblazing’ status is the apparent lack of commonality between them. No one segment, nor one region fosters better innovation. In fact, what’s driving these segments/organizations to be best of breed is their own culture of excellence. The only thing they have in common is their attitude.
How Italian Banks and Processors Can Capitalize on Digital Transformation
The European payments landscape is in an era of significant change thanks to PSD2 and other macro factors, but there is more than one way to deliver real-time and open payments to meet PSD2 requirements and its technical standards. Banks and processors must manage this alongside their own set of domestic challenges and opportunities.
SWIFT gpi: Leveraging Cross-Border Payments for the Real-Time World
SWIFT gpi represents the evolution of business done over the SWIFT network, bringing correspondent banking into the digital era.
I’ve covered this topic before, but with gpi now reaching the two-year milestone, it’s a good chance to reassess the progress that has been made – and what is needed to drive further adoption.
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
Dedicated Followers of Fintech: Why Transaction Banking Never Goes Out of Fashion
Taking part in a panel at a recent corporate treasury conference, I was introduced as a ‘consumer payments expert’ – not an obvious qualification for sharing stage-time with serious corporate liquidity and cash management folk, but as the talk track was on mobile wallets and Open Banking, I had some reasonably safe and relevant content on which to fall back.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
Can Corporate Banking be as Easy as Ordering Pizza?
ACI recently hosted Greenwich Associates on a webinar to discuss corporate banking. While not a topic that would usually make attendees salivate, the discussion turned toward ordering pizza (maybe, because it was close to lunchtime) and Greenwich highlighted how corporate banking should be as easy as ordering pizza.
Instant + Open Payments = A Winning Combination
I recently joined a panel discussion at EBAday 2018, alongside representatives from across the payments ecosystem, and the clear consensus was that real-time payments will be the new normal. This was evidenced by some of the interactive polls carried out.
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.