Four in five Asian banks are losing money to fraud as real-time payments rise — and it will only get worse in 2020

Four in five Asian banks are losing money to fraud as real-time payments rise — and it will only get worse in 2020
Fraud is rising as more real-time payment systems get introducedUnsplash

  • A new survey by US-analytics firm FICO shows that every four in five banks believe that the introduction of real-time payments has resulted in increased more fraud.
  • More than half of the banks surveyed feel that fraud is set to increase in the coming year.
  • The common way for hackers to beat the system is by using social engineering, which tricks users into revealing their sensitive information.
Real-time payments platforms — like the United Payments Interface (UPI) in India — is aimed at making the payment process easier. However, four in every five banks in Asia are losing money to fraud as result of real-time payments become common.

FICO, a US analytics company that uses predictive trends and data science, conducted a survey where 78% of executives said that the introduction of real-time payments resulted in an uptick in fraud losses.

Losses are only set to increase, the question is to what degree. More than half the respondents felt that fraud will rise moderately over the next 12 months, however, 25% of executives believe that it will increase significantly.

Four in five Asian banks are losing money to fraud as real-time payments rise — and it will only get worse in 2020

Dan McConaghy, president of FICO in Asia Pacific, feels that the only way for banks to face the coming threat is to move beyond one-time-passwords (OTPs) and passwords. While the use of artificial intelligence (AI) might not slow down the clock, he feels that it will still help garner quicker responses and be more efficient at sniffing out fraudulent transactions.

The art of social engineering
Hackers aren’t trying to directly breach banking systems. Instead, they’re letting the customers do the work for them by tricking them into revealing their sensitive information.

"Criminals are trying to fool banks into thinking they are new customers or stealing account access by tricking people into making security mistakes or giving away sensitive information. When they are successful, criminals are making use of real-time payments to move funds quickly through a maze of global accounts," explain McConaghy.

According to FICO, 40% of Asian banks name social engineering as their number one concern when it comes to real-time payments fraud.

"We have authorized push payment fraud, such as when a customer is tricked into paying what they think is a legitimate invoice like a fake school bill or payment to a tradesperson. This type of social engineering is harder to stop," said McConaghy.

Others concerns that plague real-time payments are account takeovers, false accounts and money mules. According to McConaghy, better KYC, link analysis and behavioural analytics can help tackle the problem.

The dark side of the internet
Online fraud is only one problem. According to Asian banks, drug trafficking, human smuggling, tax evasion and terrorism also attracted the attention on real-time payments. Cross-border payments, in particular, are an issue.

"To tackle fraud and money laundering schemes that exploit real-time money movement you need to leverage all the available technologies, automate as much as you can and introduce models that can identify outlier transactions and customer behaviour so your teams can spend their time investigating the riskiest of the red flags," said McConaghy.

In order to tackle the misuse of real-time payments, more than 90% of Asian banks feel that convergence between their fraud and compliance functions would be helpful.

See also:
Jeff Bezos phone hack shows hackers are winning in the 'arms race' between governments and tech firms according to analysts

TCS was hacked for its clients by China’s cyber spy campaign: Report

Indian nuclear plant hack is only one small part of a much 'bigger' operation, according to a cybersecurity expert