In an increasingly real-time world, how can companies better fight fraud? Jennifer Barker, CEO of treasury services at BNY Mellon, explores how greater collaboration could be the best way forward.
Regardless of company size or industry, payment fraud is a growing risk for businesses around the world. The scale of the challenge cannot be underestimated: a recent survey by the Association for Financial Professionals found that 71% of respondents were subject to a payments fraud attempt in 2021.
Data and intelligence are key components of any fraud prevention strategy, allowing fraudulent transactions to be singled out, flagged and prevented. Yet, ensuring companies have access to the type and breadth of data needed for these strategies to be effective is not always easy, with resource and privacy constraints representing key barriers.
At the same time, accuracy is an important factor, because manual intervention is required to determine whether a flagged payment is fraudulent, which takes up time and resources and prevents straight-through processing.
The task ahead for banks and their clients is, therefore, not an easy one. Institutions must strike a delicate balance between providing a toolkit of robust fraud controls and providing decisions that are accurate and quick enough for the 24/7/365 world of today. For many, collaboration could be the key to achieving this.
Embedding validation
Picture the scene: a customer receives a seemingly legitimate invoice – requesting that funds be sent to a new bank account – from a bad actor purporting to be one of their service providers. Without controls in place to determine whether this is a legitimate request, the funds are sent to the fraudulent bank account.
So what is being done to prevent fraud scenarios such as these? The first line of defence is data verification, usually in the form of binary yes/no answers to a set of predetermined questions: does this account exist? Who does the account belong to? Is the account on a list of blocked parties?
Certain types of verification have been around for several years. For example, the automated clearing house (ACH) prenote uses a zero-dollar payment to validate if an account is open before debiting or crediting funds. But while this can help to mitigate against costly returned transactions, an ACH prenote typically takes several days for a potential return.
As real-time payments become more and more of an expectation rather than a nice-to-have, companies are having to balance fraud mitigation techniques with providing timely and competitive payment settlement. In response, banks and third-party providers have developed account validation services that can confirm both account status and ownership in real time, providing a more in-depth picture of return history and account details.
Variable data services
The second line of defence comes after the financial institution processing the payment receives the request, but before it distributes the payment to the receiving account. By combining a variety of inputs, variable data services can develop a score-style judgement, uncovering anomalies and determining confidence levels. This can be achieved by defining a set of rules that reflect a company’s typical business activity.
If a transaction is found to be anomalous against the preset parameters, it will be flagged to the company for manual intervention. For example, if a company typically sends a payment of $100 to a customer each month and the latest payment instead totals $100,000, the payment would be flagged, paused and the company will then be given the choice to either authorise or reject it. Data-driven services such as this can significantly reduce the number of false positives, which create unnecessary work for banks and their clients.
An industry-wide solution
When fighting fraud, having access to the most reliable data and business intelligence available is vital. Two main sources are currently being leveraged. The first is proprietary data from within an organisation or from their correspondent banking network and the second is wider industry data, from third-party companies.
To push the industry’s fraud defences to the next level, however, greater collaboration is needed to ensure industry data is available to all. Shared data networks present an important opportunity to harness the power of data in a way that protects privacy, while enabling cross-border and cross-sector collaboration to solve shared challenges.
Such collaboration is already well underway, with BNY Mellon currently collaborating with Swift to develop strategies and technology solutions to combat fraud through the potential use of artificial intelligence/machine learning (AI/ML) models and privacy-enhancing technologies (PETs).
Recent innovations in PETs offer new ways to derive intelligence from data owned by multiple parties without violating the respective parties’ privacy and sensitivity controls and without the data leaving its current residence. And as the two parties continue their collaboration, it is expected that the AI/ML models will grow in accuracy and reliability, and, ultimately, deliver additional benefits to our clients.
In addition, the Federal Reserve has also developed a publicly available FraudClassifier Model, which helps to define the type of fraud that has occurred such that it can be more easily identified, standardised and quantified in the future.
The future fraud wars
The inclusion of smaller institutions and organisations in data-sharing networks will help to level the playing field across the industry and help to create a more robust fraud prevention ecosystem. And it is the investments of larger banks, like BNY Mellon, in building networks – such as those with Swift and the Federal Reserve – that will drive the industry forward on this front.
But while data collaboration between multiple parties would be a ‘slam dunk’ solution, it can only be successful if banks and third-party providers can overcome the data privacy obstacles involved. There are several different approaches to solving this challenge – from sharing without the data leaving its residence or masking the source of the data, to creating a decentralised data-sharing network using distributed ledger technology or using double-blind machine learning frameworks.
Yet while several of these key questions remain, it is likely that the future fraud wars will be fought with a combination of standardisation and interoperability. It is this approach, centred around collaboration, that will help to minimise vulnerabilities for fraudsters to exploit.
