Story image

Immediate payments: The fraud threats and solutions

11 Sep 2017

The losses faced by the financial services industry as a result of fraudulent activity are too often seen as just another cost of doing business. With immediate payments coming to Australia later this year, local banks and credit lenders need to be increasingly aware of the heightened risks they are introducing their customers to.

Immediate payments, expected to roll out in this half of the year, will allow customers of different banks to make digital payments in real time, rather than taking the usual two to three days. The technology behind the new system comes in form of the National Payments Platform (NPP) – a joint project between the banks, managed by the Reserve Bank.

To date, Australian banks and credit providers have had the advantage of 24 hours or more to stop fraudulent transactions before they clear, however with inter-bank transactions removing this buffer, a reactive approach to cyber threats will no longer suffice.  

Fraud cases rise in countries where immediate payments rollout

Due to the global nature of fraud, there are incredibly valuable lessons to take from countries including the UK, Singapore, Mexico and Japan, already operating real-time payment systems.

The UK was the first country to transition to an immediate payment environment in 2008 and following the launch, online banking fraud increased from £22.6m to £52.5m in 2008 (around 132 per cent) according to a 2016 research paper Risks in Faster Payments, by Julius Weyman from the Federal Reserve Bank of Atlanta. Online bank fraud increased a further 14 per cent in 2009 to £59.7m.

If we assume a similar increase in online fraud to occur here in Australia, CNP fraud could rise from a total of $378m to approximately $869.4m in 2017 (based on the APCA data). So what are the countermeasures that Australian banks and credit providers can put in place to keep Australians’ bank accounts protected from cyber criminals?

Keeping a step ahead with adaptive anti-fraud solutions

With learnings from the rollout of real-time payment systems in other countries, Australian banks and credit providers are in a position where they can pre-empt potential news threats. Moreover, Australia is in the beneficial position of being able to utilise anti-fraud technologies that have had time to evolve and adapt.

There are several new technologies now available, from machine learning to device authentication and behaviour biometrics that banks can utilise to better protect their customers.

 Smart and autonomous fraud prevention solutions that utilise detection and prevention technologies are ensuring fewer fraudsters are slipping through the net, however in order to ensure genuine customer experience is not hindered, banks need to adopt a holistic approach.

Experian learned this first-hand when working with major players in the UK and South Africa during the implementation of faster payment systems. The biggest issue was that the criminals were adapting faster than the banks; a limiting factor being that many banks’ fraud strategies did not allow for the trial and deployment of new fraud technologies.

By blending any disparate anti-fraud product or service through a single program, banks and credit providers can build a tailored fraud defence. With cyber threats continually evolving – the platform’s strategy design capabilities enable fraud and compliance teams to quickly address new vulnerabilities.

Australian banks face big challenges in the year ahead, and it will take a new level of proactivity – in alignment with a suite of watertight fraud defences – to ensure minimal risk for themselves and their clients.

Article by Suzanne Steel, managing director, Experian A/NZ.

Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.