In the United Kingdom, digital banking is all around. The easy access to banking apps on mobile devices and the web provides more ways for consumers to make payments and reduces obstacles in the process. At the same time, the launch of Faster Payments enables payments to be completed more quickly — often instantly.
Due to this combination of reduced payment friction and increased transaction speed, fraud is easier to execute, more challenging to spot within a shrinking time frame, and harder to reverse.
Fraudsters Are Social — and Convincing
Payment fraud occurs and doesn’t necessarily require advanced technology or hackers in dark basements. Often, it involves tricking a targeted consumer with a fake version of a real website or ad and using a temporary phone number or email to gain trust and steal money.
It’s most common on second-market e-commerce websites that promote higher-value items. Unless strongly controlled and verified, classified ads may be a clone or redirection from the real items or seller, and they can be an entry point for fraud.
For example, a fraudster may create a duplicate listing for a piece of furniture or a computer at an alternate web address where different contact information is listed. The spoofed page might even appear to be from a well-known brand. A consumer may then engage with the fake ad or reach out to the bogus seller and, eventually, send funds that will never be exchanged for any items.
All of these actions will be based merely on the perception that the company is legitimate, combined with weakly validated trust and an account number that has no relation to the actual seller.
Fraudsters Watch the News but Hope to Never Be Part of the Story
In times of uncertainty, fraudsters look for ways to reach broad targets with more velocity. Take Brexit, for example. As political parties continued to debate deal versus no deal versus all other possible outcomes, some banks have already moved substantial funds out of the U.K.
This headline news is at the forefront of people’s minds — and it’s unsettling. Fraudsters know this, and they prey on fear.
One way they do this is by structuring outreach campaigns that misrepresent banks, insurers, or wealth funds and foment panic. Fraudsters manipulate their targets with spam emails and social media posts to insert themselves into transactions while people consider whether to proactively move funds or make investments. In this way, it’s somewhat ironic that financially minded people can be the first target for fraud if proper precautions aren’t taken.
In the first half of 2018, U.K. bank customers lost more than 500 million euros to fraudsters. More than a quarter of those scams were authorized push payment scams, in which people are duped into authorizing payments to another account.
To address this type of fraud, the U.K. plans to implement Confirmation of Payee, a solution similar to those implemented in other countries such as the Netherlands and Germany. Simply put, CoP reduces the risk of APP fraud by forcing consumers to question whether the accounts they’re transferring to correctly map to the brands, companies, or people they expect.
From a solution perspective, CoP will be an internet-facing (security-minded) web service that leverages the Open Banking Directory to safely exchange CoP requests and validate destination account holders. It will be largely transparent to end users — unless a mismatch is found during payment initiation. From a technical perspective, the CoP server-to-server API will validate the combination of sort code, payee name, and account number against the bank’s payee database as well as an exception database of invalid or flagged accounts.
The real magic happens in the fuzzy matching techniques, which can leverage artificial intelligence to evaluate aliases, Soundexes, titles, prefixes, nicknames, etc. — all in real time. This will drive down false positives and negatives while complying with regulation and delivering a sub-second response.
Performance and scale are critical when you consider the volume of payments being made at any given point in time — and the need for low-friction payments from the consumer perspective. Due to the flexible deployment model of CoP, the service can be delivered to banks for a relatively low cost. And due to the regulatory drivers for this fraud-reducing technology, no additional costs are anticipated for the consumer.
CoP is a very useful safety net, yet even the best safety nets can have holes in their design. So it’s important to recognize that CoP is just one of many measures already being put in place to prevent fraud. Other measures include the Contingent Reimbursement Model Code, which may enable more consumers to get refunds if their bank fails to adopt CoP.
As long as there have been payments, there has been payment fraud. Digitization creates great opportunities for consumers and banks, but it can also make fraud easier to carry out, harder to track, and more complicated to reverse. Along with the continuing expansion of digital solutions, it’s important to implement checks and other safeguards that provide additional oversight, traceability, and validation. Even the savviest consumers can use more protection as they transact online.