Story image

Immediate payments: The fraud threats and solutions

11 Sep 17

The losses faced by the financial services industry as a result of fraudulent activity are too often seen as just another cost of doing business. With immediate payments coming to Australia later this year, local banks and credit lenders need to be increasingly aware of the heightened risks they are introducing their customers to.

Immediate payments, expected to roll out in this half of the year, will allow customers of different banks to make digital payments in real time, rather than taking the usual two to three days. The technology behind the new system comes in form of the National Payments Platform (NPP) – a joint project between the banks, managed by the Reserve Bank.

To date, Australian banks and credit providers have had the advantage of 24 hours or more to stop fraudulent transactions before they clear, however with inter-bank transactions removing this buffer, a reactive approach to cyber threats will no longer suffice.  

Fraud cases rise in countries where immediate payments rollout

Due to the global nature of fraud, there are incredibly valuable lessons to take from countries including the UK, Singapore, Mexico and Japan, already operating real-time payment systems.

The UK was the first country to transition to an immediate payment environment in 2008 and following the launch, online banking fraud increased from £22.6m to £52.5m in 2008 (around 132 per cent) according to a 2016 research paper Risks in Faster Payments, by Julius Weyman from the Federal Reserve Bank of Atlanta. Online bank fraud increased a further 14 per cent in 2009 to £59.7m.

If we assume a similar increase in online fraud to occur here in Australia, CNP fraud could rise from a total of $378m to approximately $869.4m in 2017 (based on the APCA data). So what are the countermeasures that Australian banks and credit providers can put in place to keep Australians’ bank accounts protected from cyber criminals?

Keeping a step ahead with adaptive anti-fraud solutions

With learnings from the rollout of real-time payment systems in other countries, Australian banks and credit providers are in a position where they can pre-empt potential news threats. Moreover, Australia is in the beneficial position of being able to utilise anti-fraud technologies that have had time to evolve and adapt.

There are several new technologies now available, from machine learning to device authentication and behaviour biometrics that banks can utilise to better protect their customers.

 Smart and autonomous fraud prevention solutions that utilise detection and prevention technologies are ensuring fewer fraudsters are slipping through the net, however in order to ensure genuine customer experience is not hindered, banks need to adopt a holistic approach.

Experian learned this first-hand when working with major players in the UK and South Africa during the implementation of faster payment systems. The biggest issue was that the criminals were adapting faster than the banks; a limiting factor being that many banks’ fraud strategies did not allow for the trial and deployment of new fraud technologies.

By blending any disparate anti-fraud product or service through a single program, banks and credit providers can build a tailored fraud defence. With cyber threats continually evolving – the platform’s strategy design capabilities enable fraud and compliance teams to quickly address new vulnerabilities.

Australian banks face big challenges in the year ahead, and it will take a new level of proactivity – in alignment with a suite of watertight fraud defences – to ensure minimal risk for themselves and their clients.

Article by Suzanne Steel, managing director, Experian A/NZ.

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.