Unlocking the True Value of Immediate Payments
Monday, October 16, 2017
Posted by Barry Kislingbury
Immediate Payments must be part of an open banking strategy
The question that most banks are asking themselves, as real-time payments schemes gather pace in different markets around the world, is, “How do we enable real-time, digitally-enabled payments in the best possible way?”
To answer that question, banks need to consider FAST payments in the context of the Hierarchy of Payment Needs.
A foundation built for FAST
A secure foundation is a key component of any holistic real-time strategy. The UK experience with real-time payments provides a valuable lesson in terms of understanding the dynamics between real-time payments and fraud. When UK Faster Payments launched there was no industry awareness around the new kinds of fraud that could potentially be deployed against banks and their customers. Unfortunately, the fraudsters knew exactly where the opportunities lay. And today's fraudsters are well versed in banking regulations, and they are aware of how they can exploit the system.
The fact that real-time payments are irrefutable, and that money can be shifted in a series of subsequent real-time (and also irrefutable) payments, means that money appropriated by fraudulent means quickly becomes untraceable. However, the industry has responded well, and the fraud rate for traditional push payments made in real-time is now lower than credit cards (0.007% for UKFP in 2013, compared to 0.063% for cards).
But fraudsters never rest for long, and the UK has seen the rise of a new kind of interception fraud. Criminals are utilizing details gleaned from social media, physical mail and web scrapes to insert themselves into conversations in such a way that it doesn’t appear suspicious or unexpected. They falsify communications from a known service supplier, such as a builder, and provide fraudulent account details to direct payments to their accounts, rather than to the genuine supplier. This is possible because the UK Faster Payments scheme doesn’t check recipient details as they're entered into a transaction request; it only verifies the formatting of the account number and sort code. That said, the implementation of proxies alongside payee confirmation will serve to curb this trend when it goes live in 2018.
Additional services that identify the payee obviously improve the current situation, but that's only one side of identity. New real-time schemes such as The Clearing Houses RTP are being launched with these services as default, alongside the new Request to Pay (RtP) function.
‘Request to Pay’ and digital transformation
With RtP, users will present themselves via biometrics, NFC checks with a smart device at POS, identity and loyalty cards, to correctly route an RtP notification to their device. In this scenario, individual identity becomes even more important. There are a wide range of public bodies, charities and think tanks working on the best way to store that digital identity, including looking at technologies such as blockchain.
As such, banks are presented with interesting challenges around customer data security and management. The UK Faster Payments service will hold some basic details that link to the bank account; however, ownership of that data is likely to still sit with the bank. Under the General Data Protection Regulation (GDPR), banks will face new obligations around the new data needed to enable RtP for immediate payments, and the potential fines for breaches of regulations are not insubstantial.
Some governments are looking at broader schemes to store digital identity for banking, for example within blockchain-based national identity. This becomes a much trickier conversation, however, when we consider consumer (and citizen) rights. How banks manage the transition period between proprietary and national repositories will depend on how well they prepare their bank for digital transformation overall.
Part of that transformation will be helping customers navigate the New Payments Ecosystem, though this isn’t about expecting the customer to understand the technology behind these new services. If we do our jobs well, we will create seamless customer experiences where the technology fades into the background. But at the same time, we must protect customers from the more complex fraud threats that accompany real-time and open payments. And part of that is teaching them how to protect themselves.
Customer protection and education
Younger digital natives are typically less concerned than their older cohorts when it comes to digital identities. Many don't understand that in the age of ubiquitous internet it’s relatively simple for fraudsters to source personal details – according to recent research, those in their 20s are “are more likely than pensioners to be targeted by fraudsters for the first time, because they don't bother to check their bank statements” in the internet-age if you aren’t careful about your sharing practices. And many Gen Yers (and close behind them Gen Zers) also tend to be financially naïve, not cognizant of the fact that their identity is more valuable than the ‘hard’ cash in their account. Some banks have been launching major consumer awareness campaigns, but as we move to a full real-time system, there must be a push for more industry-driven consumer education.
On a more positive note, consumers are open to this education, because they still trust their banks t to deliver significant financial services. This is how it should be; the regulatory pressure is on banks to ensure they secure customers’ money and data properly. Would you trust a lightly regulated fintech to do the same? The opportunity for fintechs in the long run is to be 'backed' by a bank that has done its due diligence, especially when the payments ecosystem reaches full real-time. There’s a lot of discussion around how Open APIs will let fintechs onto the banks’ playing field, but up until now that playing field hasn’t been level. The incumbents will soon be able to offer real-time all the time, including an accurate real-time balance, and this combined with the inherent trust in these major providers will be a potential springboard for banks that take advantage of the momentum.
True real-time and open banking should not only act as an equalizer for established banks and new market entrants, but also for the consumers who are challenged by today’s legacy banking environment. Many customers struggle to manage their budgets in the partially-digital world, where they have a lack of control. The combination of real-time rails with Open API-enabled services, such as Request to Pay, is going to place the power and control back with the people.
Learn more about preparing your bank for real-time and open payments, download the report: How to take your bank from good to great
Related Blog Posts
Slam the Brakes on Gas Pump Fraud and Rental Car Scams This Memorial Day Weekend
The process of secretly reading data off credit and debit cards (aka skimming) could be netting criminals as much as $3 billion a year in the US, according to Bankinfosecurity.com.
As we look forward to Memorial Day weekend here in the U.S., travelers are getting ready for road trips to their favorite destinations. Whether it’s a beach party in Miami, snorkeling in Catalina Island, or even a staycation, payments – and more specifically, payment fraud – is a huge consideration for travelers, especially during the holiday weekend. I sat down with one of our payments fraud experts, Seth Ruden, to talk about what travelers must look out for regarding payment fraud and how they can keep their money safe. Here’s what he told me.
Cutting the Cost and Complexity of Merchant Payments – But Not the Customer Experience
New research from ACI and Ovum, released this week, highlights that many merchants in 2018 are investing in creating operational efficiencies in their payments systems. But the question is, as they strive to simplify systems and cut costs, will customer experience suffer?
Despite the Hype, Machine Learning, Models, Behavioral Profiling and the Customer Experience are Still Fundamental
Think about the last time you got a fraud decline. Where were you? In the grocery store? Buying airline tickets? On holiday? Shopping in the same place you’ve been a dozen times, but across the border? How frustrating was that, what did it do to your perspective, your mood, your confidence in your financial institution? This can be embarrassing and inconvenient, stressful and alarming for the consumer. There are few things that can be more disruptive in our day-to-day lives then the lack of access to your funds, or the care taken by your financial institution after a fraud occurs. According to ACI’s Global Consumer Fraud Survey, 20% of people may decide this is too much and move along to another financial institution.
Cross-Border eCommerce Expansion: A Fraud Perspective
For merchants that are expanding their online presence overseas, enabling the right locally-preferred alternative payment methods and connecting to local acquirers can be a critical determinant of success. But without considering fraud management strategy in tandem with payments strategy, the road to cross-border success could be a bumpy (not to mention costly) one.
The 12 Biggest Security Threats to Payments
Consumers ask a lot of you in terms of convenience, speed and, above all, security. This puts the pressure on you to offer a pain-free consumer experience that is also highly secure. And when you accept payments, you need to secure all parts of your organization. Here’s an actual example: one major breach occurred when an air conditioning vendor was hacked, allowing hackers to access the corporate network and finally the point of sale network. This highlights the importance of understanding the threat landscape we face today.
Maintain Vs. Invest: What the Digital Era Ushers in for Banks
Taking place this week in Brussels, the European Credit Research Institute (ECRI) will host a high-level debate on how policymakers can build on the process of digitalisation of banks to raise competitiveness in light of increased competition from fintech start-ups and tech giants.
Ursinus College: The Future of Campus Commerce is in the Cloud
Sixty-eight percent of schools are moving eCommerce to the cloudi. As Ellucian Live begins to descend upon San Diego this week, ACI’s Gene Scriven took a moment to chat with Ellen Curcio, Director of Student Accounts at Ursinus College, about the future of campus commerce.
Be sure to catch Ellen and Gene, as well as ACI partner and host Ellucian at the event on Wednesday, April 11, for a panel discussion on “The Future of eCommerce in the Cloud.”
Fraud Awareness Month Canada
A couple years ago, I penned a blog post to commend the Canadians on what made their culture so resilient to fraud that it developed the lowest fraud rates in the Northern Hemisphere. It got a bit of circulation and created significant positive feedback. This time, I would like to bring awareness back to Canada about a potential threat as it relates to the increasingly popular Tap payment channel.
Telcos Have a Unique Opportunity to Drive Mobile Payments
We are witnessing a significant and inevitable shift in digital payments towards mobile commerce. In the next ten years, we will see an exponential expansion in the number of devices and applications we will use to make mobile payments. You could pay for your groceries on your mobile, for delivery at home, then two days later receive a message from your fridge alerting you that the milk is running low. By the time you get back home, a new bottle of milk could be waiting for you, thanks to real-time delivery, even by a drone.
Securely Growing Online Sales in 2018: An Australian Perspective
Back in November 2017, I participated in a panel discussion for NORA (National Online Retail Association), where I looked at fraud trends in Australia over the previous holiday shopping season and made predictions to help retailers prepare. Now looking back, I am sorry to say that my predictions were painfully accurate.