by Craig Ramsey
The entire EU financial system is on countdown. By January 9th 2025, it will be a legal requirement for the region’s payment service providers to receive real-time credit transfers in Euros thanks to the new Instant Payments Regulation. Time is ticking and there are countless challenges to overcome. But the single biggest issue of all is consumer protection from fraud. To explain, a real-time payment is a credit transfer that makes funds available in a payee’s account within ten seconds of a payment order being made. Once received, it’s irreversible and the money can be withdrawn immediately.
This leaves precious little time for fraud checks. Specifically, Authorised Push Payment (APP) fraud, where a third party convinces someone to make a payment with the intention of taking the money and disappearing – instantly.
Who is responsible?
This begs the question of who is responsible for fraud protection. Is it the instant payments system itself – the rails on which the payments messages travel? Arguably, it’s not. That’s a bit like suggesting a railway line is responsible for the actions of a faulty train. The payment rails have one job: to carry payment messages. They’re not responsible for the services surrounding them.
Is it the consumer? Perhaps. Individuals do have a responsibility for ensuring they’re paying who they think they are. But in the UK, which has a mature real-time payments system, this responsibility’s been removed. Consumers who become victims of APP fraud will usually get their money back from the bank. While undoubtedly protecting consumers, this could have the perverse impact of making people less wary. After all, if they’ve got nothing to lose, why take precautions? For example, a consumer might see some brand-new trainers being sold unbelievably cheaply on a second-hand clothing website. They might think it seems too good to be true. But they might decide to make the payment anyway on the off chance it’s a great deal. If the trainers never turn up, the bank must make the refund and the consumer’s lost nothing.
What about merchants? Well, they’re less likely to experience fraud in a real-time payments world because they’re often the payee receiving funds, not the payer. Also, most APP fraud occurs in peer-to-peer payments, which have nothing to do with merchants. In summary, the payment rails aren’t responsible, consumers aren’t responsible – and might actually exacerbate the problem – and merchants are less likely to be affected by APP.
This leaves the banks, more specifically acquirers, which are traditionally the ones who oversee transaction security. It’s those organisations which need to tackle the issue of fraud protection and offer consumer protection.
What can banks do?
There’s lots that banks can do to protect against real-time payment fraud. For example, contextualised decisioning. This is where biometric data, digital identities, confirmation of payee checks and telecoms information come together to allow banks to monitor transactions and spot fraud as it happens. This data can create behavioural profiles, lists and rules to inform risk-based authentication decisions. Machine learning is also available to increase decision making speed for the real-time world. This will decrease the number of false positives and improve operational efficiency, enabling banks and financial institutions to catch more fraud.
Consumer education and engagement is also vital. Banks must be able to send customers a simple SMS, push alert or email instantly when a fraudulent transaction or scam is suspected. This step is important for monitoring outgoing transactions.
Who covers the cost?
However, the tools and techniques required for this level of fraud prevention require investment. Yet the EU’s new Instant Payments Regulation makes it clear that any charges for real-time payments must not be higher than those for standard credit transfers. This means banks must make greater investment at a time when revenue sources are stressed, and operational costs are high. The required funding will need to be drawn from banking income, which ultimately means it will be consumers and businesses using banking services who will indirectly pay.
An alternative would be to share the cost. For the governments introducing real-time payment mandates such as the EU’s to allocate funding for banks to ensure an even playing field. This would ensure even the smaller players, which might struggle with the additional costs, have the resources needed to make real-time payments a fair and safe system for all. The counter argument to this might be that it simply sifts the cost from a consumer or business to a taxpayer, who are essentially the same people. However, we need to keep in mind that real-time payments remove friction, enable faster liquidity, boost economic growth, and drive financial inclusion.
In short, combatting fraud and protecting consumers pays for itself through a more vibrant economy. Which is why the fairest way to make real-time payments a success is through government intervention. Yet making this a reality is far from certain and debate about who will shoulder the cost rumbles on. However, we need a consensus soon because the entire EU financial system is on countdown. By January next year, the regulation will be upon us.
The author, Craig Ramsey, is Global Head of Real-Time Payments at ACI Worldwide.