Updated: Jun 29
This article was originally published in Blockchain Industry Review - a Crypto Curry Club Magazine published monthly and available in soft copy and the printed version.
Written by Guest Contributor, John Bertrand
Director of FinTech specialising in preventing electronic payments fraud, eFraud Detect
Society and Law has reached a check point where the new digital world is evolving so fast, that it is almost beyond the current laws and banking practises. Let’s take a look at fraud in Faster Payments, UK’s instant payment initiative, which is being replicated in over 50 countries, and soon to become available for cross border payments.
Faster payments fraud totalled £330 million in 2019, an annual increase of 30% over 2018. In addition, annual bank investigation costs are estimated at £125 million. This costs the banking industry £9 per year per active bank account. Given the pandemic and the
added acceleration by society to digital, a further increase of 30% in 2020 in faster payments fraud seems probable, increasing the cost to active bank accounts to £12 per year. This makes the practice of ‘free bank accounts’ even more challenging. That is if the banks absorb the total fraud cost. At this time, only 41 percent is being reimbursed. The majority of fraud write offs remain in limbo causing at least 100,000 banks’ customers significant emotional and financial stress.
Fraudsters use a combination of techniques including text, email, too good to be true web sites, offers and telephone calls to create emotional manipulation on the owner of the bank account. Technology enables the fraudsters to operate at large scale, sending thousands of requests to people in Covid isolation; then cold calling to find the vulnerable who are maybe feeling isolated and lonely and applying psychological undermining to get what they want. Website scams are also now easier to fall for than ever. Their goal being to have the owner of the bank account move money to the fraudsters’ bank account using instant payments. All while working from home.
Corporate frauds are 30x higher than the average consumer’s loss of £3,600. No wonder the corporations and SMEs are under constant bombardment from fraudsters outside and inside the company.
Fraud is corrosive to society, individuals and businesses and the Government and banks have initiated programmes to help people endeavour to defend themselves against fraud:
The Take Five Government Campaign encourages bank customers to take and ensure they know who they are paying; but few people actually check internet T’s and C’s.
Banks themselves provide their own warnings and often request the client to tick accept before moving to the next step. The regulators have noted many bank warnings are vague and ineffective.
Banks that have Confirmation of Payee, (6 out of 32 direct faster payment banks) check payee account name, sort code and account number before giving approval.
Banks operating under the Voluntary Code (12 banks) have shown little consistency towards the rules with many fraud reimbursement being inappropriately declined.
A patchwork of generic warnings, individual bank defences and a tendency for the bank to blame the client is ideal for the fraudster. They target the areas of least resistance first.
Banks and clients need to have a clearer, consistent focus on the fraud warnings, responsibilities and next steps. Using technology, artificial intelligence, cloud and APIs can detect and prevent the fraud before the money leaves the client’s bank account.
The point of no return is when the money leaves the bank account. As one banker noted, “once the money has gone, it’s gone!” Recovery can be measured in very low percentages.
There are two parties involved, the client and the bank. Today, the client prepares the payment off the banking app or payment system, sends to the bank and the bank’s computers checks and notes the payment has been arranged. The money is transferred up to two hours later.
Prior to the money being moved by the bank (or trusted third party) there needs to be a risk assessment completed in seconds. Then the high-level risk trans actions need the client and the bank to agree on next steps before any money leaves the account.
University research has shown that 99.6 percent of frauds can be detected in seconds. That is the £330 million in fraud could be reduced to less than £3 million. In 2014, the Digital Policy Alliance using historical faster payments data showed 70 percent of frauds can be identified before payment which would reduce fraud to £100 million.
Technology has improved tremendously over the last seven years. Society, laws, banks and bank clients need to unify against the fraudsters by offering a transparent view of the safety of the instant payment.
Real time, cloud platform for faster payments
All Banks can supplement their fraud activities, even those banks outside the Confirmation of Payee and Voluntary Code, by using the cloud fraud risk detection/prevention platform.
The platform, using APIs, is designed to minimum interference to the existing IT landscape:
reviewing the transaction in real time by using AI to identify the high-risk items
providing a course of action with clear responsibilities for the customer and bank
using bank information gathered from legacy systems to safe-guard clients
enabling all banks offering faster payments to be proactive against fraudsters
Examples of the impact on consumers and corporates/SMEs are:
The bank runs through its usual checks and now with the risk platform provides a proactive, holistic view of the payment process by:
Identifying those transactions with high probability of being a fraud
These payments are revealed through analytics in real time
The bank and client can see the items and can take action
money has not moved from the account
immediate awareness of an active attack
To counter payment fraud, banks, in the past, often insisted on two authorised signatures on a corporate cheque.
Banks can now:
Have another person to reconfirm high-risk transactions
Reducing the threat posed by a single insider (50% of fraud is by an insider)
42% would switch providers for greater security
Key changes at the client:
The electronic banking system responds in real time on the risk of fraud on the transaction and with a dashboard for both to view. (Minimum changes highlighted in yellow)
Key changes at the bank:
Initially an increase in false positives (these are transactions that look like fraud but are not) then a reduction as AI, uses increased volumes of historic data, moves the accuracy towards 99%. The addition of workload to ensuring fraud detection is completed in real time and communications of the high-risk transactions are shown across the bank regardless of silo.
Collaboration with other banks (bi-lateral agreements with anonymised data)
As a second bank uses the platform, with both banks’ permission, the payment transactions across the two accounts, can be seen in detail. This gives a complete view of the accounts in both banks and immediately highlights anomalies. The data is anomalous and in compliance with Information Commissioner’s Office on data protection. In using bi-lateral agreements, with trusted third-parties, banks gain greater insight into the fraudsters and their networks.
Under FCA regulations banks are expected to know their customers and not provide bank accounts for criminal activities. There are 51 million active UK bank accounts and in 2019 635,000 were identified as SARs (Suspicious Activity Reports) and sent to the Home Office.
For the fraudster, cryptocurrencies are additional opportunities and probably more enticing than fiat currencies as they are new to us all. The fraudsters are usually the first to adapt to any new form of payment asset class. For example, the Chinese, inventors of paper money, soon noticed counterfeiting was a problem. They added a deterrent and an incentive printed on the bank note: forgers will be decapitated and those given information to the arrest of forgers will be rewarded.
We should tackle the lack of deterrents against the digital fraudster as instant faster payments is such a fundamental change from the existing payment practises. The Chinese could teach use something and while their approach was clear and focused it is not so easily enforced digitally.
Director of eFraud Detect – aimed at prevening fraud at source. Fraud costed the UK £500 million in 2019 and now grows 30% per year on year. The mission is to detect the fraud before the money is moved through AI, ML, cloud, API and AGILE working. Repeatable in 70 countries with instant payment pr grams. John has been involved in 10 acquisitions and two start-ups and authored 4 books