Outpacing fraud: The instant payments security challenge

01 August 2024
Knowledge Base

by Marie-Christine Diaz

Following a global trend, the EU’s Instant Payments Regulation mandates the adoption of instant payments in Euros across the entire region within the next two years1.This ambitious initiative promises instant and irrevocable money transfers and greater convenience for consumers and businesses on a 365/24/7 basis. Yet, these lightning-fast payments also create a critical challenge for financial institutions (FIs): outpacing fraudsters in a fraud sophistication race.

Fund transfers will now be easily initiated over a multitude of unsecured digital channels and executed within a mere 10 seconds, dramatically shrinking the window for fraud detection. The convenience, ubiquity and tight execution window, combined with the irrevocable nature of instant payments, provide a perfect opportunity for fraudulent but legitimate transfers with minimum effort.

Conscious of the challenge, the EU regulation mandates FIs to secure instant payments by validating the beneficiary’s name and account. The growth of authorised payment fraud via scams, emails or SMS, coupled with the September 2025 deadline to offer instant credit transfers in Euros2, presents a significant challenge for the financial industry.

With the value of transactions using this technology set to grow worldwide by 289% between 2023 and 20303, the question of how banks will keep their customers and their money safe looms larger than ever.

The black hole: technical debt

While instant payments allow precise cash flow control and quicker settlements, they also provide opportunities to develop innovative financial services that can strengthen the competitive position of financial institutions4. However, to succeed, FIs must undergo a comprehensive digital transformation.

The need for high-speed and always-available environments has exposed critical operational vulnerabilities in their infrastructures and processes, leading to a growing technical debt over the past decades. By 2028, financial institutions globally are projected to spend $57 billion on outdated payment systems, with costs rising 7.8% annually5.

These systems struggle to keep pace with the non-functional requirements of instant payments, such as processing speed, resilience, availability, and security, thereby hampering digital transformation efforts. Firstly, there’s the risk of losing market share to digital-native players or missing out on the growth of digital payments. Secondly, FIs that fail to embrace the necessary digital transformation will miss out on potential revenue streams from payment product innovations (up 42%) and annual cost savings (13%) related to reduced downtime, improved orchestration and streamlined development6.

The ever-growing fraud complexity

Although payments are well protected today by measures like Strong Customer Authentication and multi-factor authentication, fraud patterns have moved from the payment stage to the purchase itself.

Traditional fraud detection systems must now adapt to handle larger data sets beyond the payment itself, rapid data processing and complex calculations. Siloed data, diverse data types and a large patchwork of data sources within and outside FIs are only making matters worse. These shortcomings allow fraudsters to exploit weaknesses and potentially siphon off funds before anyone raises the alarm.

This rings true with the growing number of criminals using and weaponising AI7. Last year saw financial services becoming the third-most attacked sector in Europe, the Middle East and Africa8, with many European Chief Risk Officers (CROs) now listing cybersecurity as the biggest risk in 20249.

To enhance security, several industry initiatives have been developed. To name a few, the structured address field in the ISO 20022 format10, the validation of name and account, the EU’s Digital Operational Resilience Act (DORA)11, industry collaboration for information sharing and advancements in quantum computing.

The status quo impasse

For many, fraud detection relies on in-house expertise developed over years, making the business case for acquiring and integrating new fraud detection software with various systems, particularly challenging. Financial hurdles aside, retraining staff and changing existing operations12 is seen as too disruptive.

This complexity, along with a looming talent shortage13 and viewing legacy systems as a “sunk cost”14, creates a status quo impasse. Yet, to preserve trust and retain customers, FIs must invest in modern, scalable solutions that attract young talent.

Modern solutions not only improve traditional rule-based fraud detection but also adapt faster to new fraud patterns and vast amounts of data, making them a necessary strategic investment.

The data challenge

To stay ahead of evolving fraud tactics, FIs adopting adaptive tools still face a common threat: data. It’s the lifeblood of any effective fraud prevention. Existing systems and data architecture stop FIs from getting the right data, with the right meaning at the right time in a centralised high-performance data lake.

First, FIs must not underestimate the effort required to structure and standardise data based on a common dictionary and make it available promptly. Newer fintech players also struggle to interpret and use customer banking data effectively15. Data standardisation, like ISO 20022 or LEI, is foundational for powerful analytics. Second, getting the data quickly and around the clock represents a real challenge for continuous fraud detection.

Holistic fraud controls

With clean, standardised data, FIs can use AI-powered software to analyse vast amounts of data in real time. These systems excel at recognising intricate and evolving fraud patterns or anomalies that might escape human scrutiny. They continuously learn and adapt to new fraud methods, far surpassing manual updates. Their efficiency and effectiveness grow as data volume and complexity increase and explainable AI models allow formal auditing by regulators.

FIs would also need a layered defence strategy, combining diverse fraud controls to strengthen defences against fraudulent activities. This includes transaction limits monitoring, customer profiling, event sequence monitoring, behaviour anomalies, historical trend analysis and customer segmentation analysis.

By integrating these versatile controls and contextual data, FIs can get an overall risk score for each transaction, resulting in more accurate anomaly detection and the ability to detect hidden fraud patterns. This approach allows FIs to counteract various types of fraud attempts more effectively, while also minimising the risk of rejecting legitimate transactions.

Staying ahead of the curve

The instant payments initiatives worldwide create opportunities as well as a sweet spot for fraudsters. Many FIs remain ill-prepared, burdened by technical debt, and struggle to keep pace with digital-native entrants or deter complex fraud. Yet, regulatory deadlines for additional security measures are approaching and consumer expectations for speed, convenience and security, at no additional cost, are rising.

Modern AI-based fraud solutions are powerful tools against fraud. Combining explainable AI models with diverse contextual datasets allows FIs to create effective, scalable and frictionless fraud risk strategies. However, a strong data foundation and 24/7 integration with existing systems are key to a successful transformation.

The time to act is now. The longer FIs wait, the more vulnerable they become to falling behind the competition, or worse, being outpaced by fraudsters.

The author, Marie-Christine Diaz, is a Business Development Manager at Eastnets.

(*1) ECCEU, Council adopts regulation on instant payments

(*2) European Parliament, Ensuring euro money transfers arrive within ten seconds

(*3) Statista, Market size of real-time payments worldwide in 2023, with a forecast for 2030

(*4) European Parliament, Instant payments: the benefits for customers and business

(*5) The Fintech Times, Outdated Legacy Technology Could Cost Banks Over $57Billion in 2028; Says IDC Financial Insights

(*6) European Central Bank, Payments statistics: first half of 2023

(*7) NCSC, The near-term impact of AI on the cyber threat

(*8) Retail Banker International, Cyberattacks on European financial services more than double in 2023

(*9) EY, Cybersecurity remains the top risk for European banks, as heightened geopolitics increases the perceived threat of cyber

(*10) ISO 20022, Messaging

(*11) Digital Operational Resilience Act (DORA)

(*12) Raconteur, Why banks are struggling to update their ageing IT

(*13) Diginomica, How modern finance systems help banks connect across disparate data sources

(*14)  Juristech, Now Is The Best Time To Upgrade Your Legacy Banking Software

(*15) TechCrunch, Leverage banking data to scale effectively and remain compliant



Leave a Reply

Your email address will not be published. Required fields are marked *