Unlocking the True Value of Immediate Payments
Monday, October 16, 2017
Posted by Barry Kislingbury
Immediate Payments must be part of an open banking strategy
The question that most banks are asking themselves, as real-time payments schemes gather pace in different markets around the world, is, “How do we enable real-time, digitally-enabled payments in the best possible way?”
To answer that question, banks need to consider FAST payments in the context of the Hierarchy of Payment Needs.
A foundation built for FAST
A secure foundation is a key component of any holistic real-time strategy. The UK experience with real-time payments provides a valuable lesson in terms of understanding the dynamics between real-time payments and fraud. When UK Faster Payments launched there was no industry awareness around the new kinds of fraud that could potentially be deployed against banks and their customers. Unfortunately, the fraudsters knew exactly where the opportunities lay. And today's fraudsters are well versed in banking regulations, and they are aware of how they can exploit the system.
The fact that real-time payments are irrefutable, and that money can be shifted in a series of subsequent real-time (and also irrefutable) payments, means that money appropriated by fraudulent means quickly becomes untraceable. However, the industry has responded well, and the fraud rate for traditional push payments made in real-time is now lower than credit cards (0.007% for UKFP in 2013, compared to 0.063% for cards).
But fraudsters never rest for long, and the UK has seen the rise of a new kind of interception fraud. Criminals are utilizing details gleaned from social media, physical mail and web scrapes to insert themselves into conversations in such a way that it doesn’t appear suspicious or unexpected. They falsify communications from a known service supplier, such as a builder, and provide fraudulent account details to direct payments to their accounts, rather than to the genuine supplier. This is possible because the UK Faster Payments scheme doesn’t check recipient details as they're entered into a transaction request; it only verifies the formatting of the account number and sort code. That said, the implementation of proxies alongside payee confirmation will serve to curb this trend when it goes live in 2018.
Additional services that identify the payee obviously improve the current situation, but that's only one side of identity. New real-time schemes such as The Clearing Houses RTP are being launched with these services as default, alongside the new Request to Pay (RtP) function.
‘Request to Pay’ and digital transformation
With RtP, users will present themselves via biometrics, NFC checks with a smart device at POS, identity and loyalty cards, to correctly route an RtP notification to their device. In this scenario, individual identity becomes even more important. There are a wide range of public bodies, charities and think tanks working on the best way to store that digital identity, including looking at technologies such as blockchain.
As such, banks are presented with interesting challenges around customer data security and management. The UK Faster Payments service will hold some basic details that link to the bank account; however, ownership of that data is likely to still sit with the bank. Under the General Data Protection Regulation (GDPR), banks will face new obligations around the new data needed to enable RtP for immediate payments, and the potential fines for breaches of regulations are not insubstantial.
Some governments are looking at broader schemes to store digital identity for banking, for example within blockchain-based national identity. This becomes a much trickier conversation, however, when we consider consumer (and citizen) rights. How banks manage the transition period between proprietary and national repositories will depend on how well they prepare their bank for digital transformation overall.
Part of that transformation will be helping customers navigate the New Payments Ecosystem, though this isn’t about expecting the customer to understand the technology behind these new services. If we do our jobs well, we will create seamless customer experiences where the technology fades into the background. But at the same time, we must protect customers from the more complex fraud threats that accompany real-time and open payments. And part of that is teaching them how to protect themselves.
Customer protection and education
Younger digital natives are typically less concerned than their older cohorts when it comes to digital identities. Many don't understand that in the age of ubiquitous internet it’s relatively simple for fraudsters to source personal details – according to recent research, those in their 20s are “are more likely than pensioners to be targeted by fraudsters for the first time, because they don't bother to check their bank statements” in the internet-age if you aren’t careful about your sharing practices. And many Gen Yers (and close behind them Gen Zers) also tend to be financially naïve, not cognizant of the fact that their identity is more valuable than the ‘hard’ cash in their account. Some banks have been launching major consumer awareness campaigns, but as we move to a full real-time system, there must be a push for more industry-driven consumer education.
On a more positive note, consumers are open to this education, because they still trust their banks t to deliver significant financial services. This is how it should be; the regulatory pressure is on banks to ensure they secure customers’ money and data properly. Would you trust a lightly regulated fintech to do the same? The opportunity for fintechs in the long run is to be 'backed' by a bank that has done its due diligence, especially when the payments ecosystem reaches full real-time. There’s a lot of discussion around how Open APIs will let fintechs onto the banks’ playing field, but up until now that playing field hasn’t been level. The incumbents will soon be able to offer real-time all the time, including an accurate real-time balance, and this combined with the inherent trust in these major providers will be a potential springboard for banks that take advantage of the momentum.
True real-time and open banking should not only act as an equalizer for established banks and new market entrants, but also for the consumers who are challenged by today’s legacy banking environment. Many customers struggle to manage their budgets in the partially-digital world, where they have a lack of control. The combination of real-time rails with Open API-enabled services, such as Request to Pay, is going to place the power and control back with the people.
Learn more about preparing your bank for real-time and open payments, download the report: How to take your bank from good to great
Related Blog Posts
Securely Growing Online Sales in 2018: An Australian Perspective
Back in November 2017, I participated in a panel discussion for NORA (National Online Retail Association), where I looked at fraud trends in Australia over the previous holiday shopping season and made predictions to help retailers prepare. Now looking back, I am sorry to say that my predictions were painfully accurate.
When Is Processing Payments in The Cloud More Secure?
Back when I started my career, “Jessie’s Girl” by Australian rocker Rick Springfield topped the charts, the federal funds rate was 20 percent and most organizations were reliant upon one or more mainframe computers that were hosted in an internal “computer room.”
More than Half: the Story of Cyber-Attacks and Global Organizations in 2017
Three words. It might not seem enough to cause a rethink of your 2018 cyber-security strategy, but it should. Why? Because according to the latest Forrester report, “Top Cybersecurity Threats for Retailers in 2018,” attackers breached more than half of all global enterprises in 2017.
More. Than. Half.
The Seasons Are Changing (And So Are Fraud and Regulations)
If you smell the air, you can sense the seasons changing; a little crispy cold moving in suddenly, the leaves are reddening and the winds of Faster Payments and PSD2 are kicking up. Smooth transition, right? So, yeah, seasons change, and so do regulatory regimes. In the US, we’ve been largely left to our own discretions about how to run our fraud shops, with some regulatory oversight regarding disputes handling. Historically, financial institution processes around authentication and fraud monitoring (including analytics and strategy) could be anything or nothing, depending on an institution’s risk appetite. Like the seasons, this might be in transition.
Learning Lessons from Large Scale Breaches
At this point, there’s no ignoring it: our financial security is compromised daily. And no doubt, many reading this wouldn’t hesitate to recount all the breaches they have been a part of as consumers; merchant breaches in which replacement cards forced you to update your linked accounts, or data compromises where personal information was stolen and identity theft protection was provided, forcing you to consider freezing new credit originations.
What Australia's $639M Cnp Fraud Problem Means for Retailers
In my role at ACI Worldwide, my fellow fraud consultants and I constantly share information from all corners of the globe. One recent bit of intelligence that immediately caught my eye, and I shared with colleagues across the world, was the staggering cost of card-not-present (CNP) fraud here in Australia.
CNP fraud accounts for 78% of all payments-related fraud in Australia. And to say it is a challenge for retailers—and the industry as a whole—is a vast understatement. With the astounding growth in eCommerce sales, this is not a problem in decline; it is rising aggressively and shows no signs of abating.
PSD2 Carries over to the U.S. – Thanks to the Phone in Your Hand
Let me ask you a favor. Could you put down your phone for just a minute? Unless, of course, you’re reading this on your mobile device.
It can be an uphill battle asking someone to put down their phone these days. I have a tween, so I know the struggle! One of the reasons we’re so reticent to do so is the sheer power contained within these devices. At this point, it controls the music, the temperature, the locks and even the lighting in your home, and that’s not even touching on its entertainment value, or its capabilities as a payment device. The device, in its present form, has been around for ten years now, and in 2017, it’s safe to say there’s no going back.
Filtering the Fraudster
In our new Insight Paper, we focus on how merchants can build an effective fraud filter for their sales funnel – one that is not over-restrictive, leads to genuine sales being accepted, and prevents genuine fraud. Get the balance right and merchants stand to improve their checkout conversion rates and boost their bottom line.
Stop Fraud… or Increase Conversion Rates? with a Fine-Tuned Fraud Engine, Merchants Can Do Both
Preventing fraud and driving high conversion rates are universally important objectives for merchants – but many struggle to adequately balance these two demands. They either employ aggressive fraud prevention strategies to minimize fraud losses, or conversely, reduce checks in order to prevent false positives, improve customer experience and ensure sales targets are met. Neither exclusive approach works in the long run; focusing on only one will prove costly on multiple fronts.
Eta Transact: Time to Break Out… and Cross Borders to Reach New Customers
It’s before lunch on day one of ETA Transact17 in Las Vegas; exhibitors are still putting the finishing touches on their stands in the main hall, so it’s the perfect opportunity to sit in on some of the breakout sessions, part of the educational program put on by the Electronic Transactions Association. And ‘breakout session’ seems particularly apt in this case, as panelists from ACI Worldwide, Planet Payment, and arvato launch into a discussion on how merchants and payment providers can ‘break out’ of their domestic markets and take advantage of the huge opportunity in cross-border eCommerce.