Story image

Immediate payments: The fraud threats and solutions

11 Sep 17

The losses faced by the financial services industry as a result of fraudulent activity are too often seen as just another cost of doing business. With immediate payments coming to Australia later this year, local banks and credit lenders need to be increasingly aware of the heightened risks they are introducing their customers to.

Immediate payments, expected to roll out in this half of the year, will allow customers of different banks to make digital payments in real time, rather than taking the usual two to three days. The technology behind the new system comes in form of the National Payments Platform (NPP) – a joint project between the banks, managed by the Reserve Bank.

To date, Australian banks and credit providers have had the advantage of 24 hours or more to stop fraudulent transactions before they clear, however with inter-bank transactions removing this buffer, a reactive approach to cyber threats will no longer suffice.  

Fraud cases rise in countries where immediate payments rollout

Due to the global nature of fraud, there are incredibly valuable lessons to take from countries including the UK, Singapore, Mexico and Japan, already operating real-time payment systems.

The UK was the first country to transition to an immediate payment environment in 2008 and following the launch, online banking fraud increased from £22.6m to £52.5m in 2008 (around 132 per cent) according to a 2016 research paper Risks in Faster Payments, by Julius Weyman from the Federal Reserve Bank of Atlanta. Online bank fraud increased a further 14 per cent in 2009 to £59.7m.

If we assume a similar increase in online fraud to occur here in Australia, CNP fraud could rise from a total of $378m to approximately $869.4m in 2017 (based on the APCA data). So what are the countermeasures that Australian banks and credit providers can put in place to keep Australians’ bank accounts protected from cyber criminals?

Keeping a step ahead with adaptive anti-fraud solutions

With learnings from the rollout of real-time payment systems in other countries, Australian banks and credit providers are in a position where they can pre-empt potential news threats. Moreover, Australia is in the beneficial position of being able to utilise anti-fraud technologies that have had time to evolve and adapt.

There are several new technologies now available, from machine learning to device authentication and behaviour biometrics that banks can utilise to better protect their customers.

 Smart and autonomous fraud prevention solutions that utilise detection and prevention technologies are ensuring fewer fraudsters are slipping through the net, however in order to ensure genuine customer experience is not hindered, banks need to adopt a holistic approach.

Experian learned this first-hand when working with major players in the UK and South Africa during the implementation of faster payment systems. The biggest issue was that the criminals were adapting faster than the banks; a limiting factor being that many banks’ fraud strategies did not allow for the trial and deployment of new fraud technologies.

By blending any disparate anti-fraud product or service through a single program, banks and credit providers can build a tailored fraud defence. With cyber threats continually evolving – the platform’s strategy design capabilities enable fraud and compliance teams to quickly address new vulnerabilities.

Australian banks face big challenges in the year ahead, and it will take a new level of proactivity – in alignment with a suite of watertight fraud defences – to ensure minimal risk for themselves and their clients.

Article by Suzanne Steel, managing director, Experian A/NZ.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.