PaymentsJournal

Banks allocate significant resources to fighting fraud, both in prevention and in maintaining reserves for potential losses. No matter how good the performance is, fraud losses remain a burden on their balance sheets.

Instnt, under the leadership of CEO and founder Sunil Madhu, has been at the forefront of developing innovative ways to combat bank fraud. Madhu recently sat down with Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research, in a recent PaymentsJournal podcast to talk about the kind of fraud he’s seeing now, and what banks can do to stop it.

A Fraud for Each Silo

Banks have traditionally had to address various types of fraud in different areas of their operations. For example, first-party and stolen ID fraud are common in lending, while checking and savings accounts are vulnerable to fake ID fraud. Credit cards face challenges with e-commerce fraud, and the bank itself may encounter ACH and chargeback reversal fraud.

To fight this, each line of business puts together its own toolbox pattern. To stop the fraud risk while keeping compliant, each line of business assembles half a dozen vendor tools and data providers from the industry, which they then implement in an orchestration waterfall.

Regardless of how good each of those tools are, the overall toolbox performance is generally very poor. Banks constantly have to retool that toolbox to keep abreast of the different types of fraud. This is how the businesses have been operating for a very long time—in their own operational silos.

Too many financial institutions have come to see fraud as just part of doing business.

“But it’s not just about the fraud loss,” Kitten said. “It’s also about are you funding a terrorist organization? Is there something else behind some of these transactions that you as a financial services entity should be doing the due diligence on? It’s not going to be long, whether it’s in the decision or the Court of public decision or something legislative that comes down before financial institutions are going to be held accountable.”

Challenges from Changing Technology

Fraudsters are increasingly leveraging automation to expand their reach and impact. For instance, a scammer might use a collection of stolen or fake IDs to target numerous businesses, hoping to breach the security of at least one or two.

The financial industry is particularly susceptible to synthetic ID fraud, where fraudsters use fake IDs to open up new accounts and evade detection. In cases of third-party fraud, perpetrators can easily purchase identities of legitimate taxpayers online for minimal cost, bypassing a financial institution’s verification processes.

Within the lending industry, first-party fraud or credit defaults are significant concerns. Compliance regulations like Basel III require financial institutions maintain capital reserves to offset losses from first-party fraud. The requirement ties up capital that could otherwise be deployed for productive purposes within the institution.

“This is very expensive and inefficient use of resources of the institution, and we’re not talking, but small change here,” said Madhu. “We’re talking about hundreds of million or even billions of dollars in terms of first-party fraud loss. If you add the cost of compliance on the back of that, it’s really a terrible cost in terms of not only expenses, but resources allocated in tools they have to acquire and manage.”

The traditional way to stop first-party fraud involves approving the individual for the loan and then monitoring whether they make the initial payment. Typically, a fraudster will fail to make any payments, especially the first one, as they intend to abscond with the money. In contrast, a legitimate borrower would have initiated payment attempts. This type of fraud is commonly referred to as no-pay fraud.

According to the Federal Reserve, no-pay first-party fraud takes 10% to 25% of every dollar receivable for consumer loans, which is a significant amount of money.

“It’s a type of fraud that cannot be reduced to zero because it’s committed by real people,” said Madhu. “But what we can do is use insurance to reshape the loss curve.”

Insurance as a Solution

Fraud loss insurance can not only offset these losses but also prevent businesses from incurring losses in the first place. Rather than having capital set aside for a rainy day, the CFO can convert those reserves into working capital for their businesses. By in...

Payments data has become a crucial cornerstone for any company that processes transactions. Despite the availability of powerful analytics tools, many companies can’t leverage the true potential of their payments data because their information is siloed and scattered across multiple systems.

In a recent PaymentsJournal podcast, Mike Meeks, Chief Technology Officer at BHMI, Jon Protaskey, Director of Software Engineering at BHMI, and Brian Riley, Co-Head of Payments at Javelin Strategy & Research, discussed the approaches that enable companies to tap into the power of payments data.

PaymentsJournal

Transforming Transaction Data

Payments data is consolidated through a secure centralized repository where transaction data is stored, managed, and accessed. The first step is to pinpoint all relevant sources, such as data from authorization systems, information from external transactional systems, and even data from internal CRM systems.

Then the data is extracted using methods like APIs, parsing of structured files, and database queries. That captures a wide variety of payment-related information like transactions, customer details, and financial records.

After extraction, the data is transformed into a standardized format and enriched, where necessary, with details like client participation, programs, relationship with other participants, and billing terms. The data is then integrated into a central repository.

“There was a time when it made sense to have payments data in silos, whether it be for security reasons or simply the limitations of technology,” Riley said. “However, now being able to bring it all together into an actionable form is truly transformative.”

Key Competitive Advantages

Throughout the process, consolidation providers should prioritize data governance, delineation of ownership, implementation of access control, and compliance. Once the consolidation is complete, businesses will have several key advantages.

“The biggest advantage of a consolidated payments data platform is it gives companies a uniform enterprise view of all their transactional data,” Meeks said. “It’s a challenge to implement an enterprise-wide data management strategy that provides access to all payments data regardless of transaction type or source. However, the centralized viewpoint makes it worth the effort.”

A data repository can eliminate challenges like duplicate data or missing data due to silos. It also allows businesses to normalize data from disparate sources to make it more understandable. Payments data consolidation sets up companies to leverage advanced analytics and reporting tools that can generate real-time insights. That enables informed decision-making and improves operational efficiency.

As data is ingested, a company could calculate fees, reconcile transactions from different sources, and link transactions from diverse sources to create transaction life cycles. The business can also process disputes as soon as the data arrives.

“On top of those benefits, there’s a substantial cost savings that goes along with it,” Protaskey said. “Eliminating data silos from redundant systems reduces overall maintenance costs and lowers a system’s complexity. It allows companies to allocate resources more efficiently and focus on innovation and value-added activities, instead of wrangling data and reconciling disputes.”

The Right Repository

Payments data consolidation hinges on the data repository, so it’s important to select the right platform from the start. The process starts with examining disparate systems and detailing how they will be tied together.

“It takes time and expertise to do it right, but putting in the effort to create an effective system is just good data hygiene,” Riley said. “The beauty of the process is once it’s set up properly, the inputs become routinized and the structure can be repeated, or enhanced, as time goes on.”

Because there are a wide variety of data sources that all have unique characteristics, automating data loading can have a significant impact. It simplifies the data-gathering process and takes the load off operations staff.

Data should be continuously loaded through a real-time feed or by chasing an authorization log file. That allows a business to substantially improve their ability to meet tight SLA windows at the end of the business day. It’s also important to have a repository that can ensure data quality. If a transaction record doesn’t pass validation checks, the system shouldn’t stop processing...

In the past, the chief financial officer’s role has been somewhat relegated to the financial aspects of a business. Now, CFOs face a challenging array of responsibilities that include payments modernization, fraud mitigation, and the selection and implementation of technological solutions.

In a recent PaymentsJournal podcast, Jeff Feuerstein, SVP of Paymode-X Product Management and Market Strategy at Bottomline, and James Wester, Co-Head of Payments at Javelin Strategy & Research, discussed the obstacles CFOs face and the role technology plays in the finance office.

The CFO’s Agenda

Though CFOs have a lot on their plate, three key themes highlight their agendas. The first is payments modernization, which is an integral part of a company’s digital transformation. This could include the migration from paper checks to electronic payments. It could also involve the transfer from paper invoices or documents to data that can be leveraged across the enterprise.

“The next big theme is fraud and risk mitigation,” Feuerstein said. “Recent research shows business email compromise has grown over 70% year over year. Fraud is riddling organizations in such a way that CFOs are concerned about when, not if, their company will get hit by an attack. How do we protect ourselves and our businesses?”

Because of the tough interest rate environment, the last priority on CFOs’ agendas is their organization’s cash position. Understanding their working capital enables leadership to fully grasp where they stand at all times and make more informed business decisions. On top of those three themes, CFOs must keep their organizations up to speed with the latest technology, which hasn’t traditionally been a part of the role.

“What’s surprising about some of these discussions is they actually involve CFOs,” Wester said. “In the past, CFOs were tangentially involved with discussions about technology, especially payments, but not in a way where they were decision-makers. CFOs are now coming into these discussions fully informed on what’s going on in the space.”

Companies were often divided between the business side and the tech side, but that division has eroded over the past few years.

“This side spoke business, this side spoke tech, and someone had to translate,” Wester said. “Though there are still times when that divide exists, now everyone in the CFO’s office has a strong understanding of what’s going on in the technology side.”

Obstacles Facing Finance Offices

Another change to the CFO’s role is that, 10 to 15 years ago, the finance office was very focused on the enterprise resource planning as the general ledger.

“There were not as many of what I’d call ‘point solutions,’” Feuerstein said. “Today, you’ve got several different point solutions, whether it be AP automation, AR automation, cash management products, cross-border solutions. CFOs are leveraging all these solutions and tying them together in a way that’s interoperable across the organization. It doesn’t just improve the efficiency of the CFO’s office; it brings revenue to the bottom line.”

One of the main responsibilities of today’s CFO is to understand all the solutions that are offered and how they can be leveraged. Given the number and complexity of those solutions, it can make for a difficult task. But the different perspective can also lead to new insights and improved partner relationships.

“They’re much better equipped to engage with partners,” Wester said. “They know what they should be able to get, and they’re judging those partners accordingly. It holds the partners’ feet to the fire somewhat, because they now have an entirely new constituency they have to serve.”

Though that represents a challenge for partners, it’s an opportunity as well.

“The bar has been raised for partners, and the competitive landscape for them is tougher than ever,” Feuerstein said. “But it also creates opportunities for partners to work with customers who are well-informed and fully understand their solutions. If partners are looking to elevate their game, those are the types of customers they should look for, because it elevates both companies.”

Leveraging Tech and AI

Finance teams are no longer simply cost centers for organizations. Payment strategies delivered by the CFO’s office are driving not just product innovation but also accounts payable automation and revenue back into the organization in the form ...

Instant payments have been a global phenomenon, but the momentum for real-time payments is building in the U.S. There is a growing expectation among both businesses and consumers that when they send funds, the recipient should be able to access them instantly.

In a recent PaymentsJournal podcast, Justin Jackson, SVP, Head of Enterprise Payments, Fiserv, and Robert Clayton, Vice President of Product Management, as well as Albert Bodine, Director of Commercial and Enterprise Payments at Javelin Strategy & Research, discussed the increasing number of use cases for instant payments and the progress that has made toward adoption.

Instant Use Cases

One of the early use cases for instant payments has been in the gig economy, predominantly in the rideshare market. Drivers are constantly refueling, performing maintenance, and buying food and beverages. To keep them out on the road, it would be a great boon for rideshare drivers to refresh their funds throughout the day, any day of the week, through a real-time payments connection.

“There are similar needs in the marketplace space,” Clayton said. “There is a demand for real-time, around-the-clock payments so marketplace sellers can manage their inventory. Marketplaces traditionally have set payment boundaries around sellers, where they must wait a prescribed amount of time or reach a sales threshold before they can request a payout. Real-time payments have tremendous benefits for those sellers.”

The insurance industry is also seeing traction. Often, clients lose their car or house and it could be a massive competitive differentiator for an insurance company if they are able to settle a client’s claim in real-time during an urgent situation.

Instant payments could serve government agencies in a similar capacity. The Southeastern U.S. was recently hit by hurricanes that did significant damage, which created the urgency needed for many to receive disaster funds.

“Federal and state agencies are extremely focused on getting aid to the people who survived these events,” Clayton said. “They need to make those funds available as quickly as possible, but it can’t be location based. Even if the government could deliver checks same-day to disaster victims, many have evacuated or their homes have sustained extensive damage. The ability to pay a person digitally in real-time, wherever they might be, could be an incredibly important force for government agencies.”

Shifting the Conversation

Although the amount of use cases for instant payments has increased, some of the financial institutions that were early adopters of RTP or FedNow aren’t using the rails to their fullest potential. Many of these organizations can only receive instant payments; they don’t have the functionality to send.

“Either they didn’t see the use case or the applicability, or those institutions are concerned about the risks,” Jackson said. “However, that mindset has shifted to where it’s not receive-only, it’s receive-first. They may not be ready to send instant payments now, but they want that capability in the coming months or years. They know they will have customers that want to make instant transfers or pay bills in real-time.”

The risks of sending instant payments, and the potential for fraud, has daunted some U.S. financial institutions because real-time payments are guaranteed credit transactions that are instantly available on the recipient’s end.

“It is a significant hurdle to clear to unwind an instant payment transaction if necessary,” Jackson said. “There is a need to have strong risk and fraud controls, many of which are already in place, but some institutions are still reticent on instant payments because they are not sure how they will handle fraud.”

Instant payment volumes will also hit an inflection point where exponential growth occurs overnight. In that scenario, many organizations are concerned they won’t have the infrastructure to support it.

There are additional concerns in corporations or government entities that are still reliant on paper checks. Many of those organizations have built their financial operations to account for the float between the time a check is issued and the time it is processed. A switch to instant payments would mean those organizations would have to drastically adjust their model.

Though it might cause short-term issues, there are benefits to moving from paper checks to a real-time payments model. Chief among those benefits is an increase in customer or constituent satisfaction if they receive their funds instantly.

“In the case of a natural disaster, if a government agency is able to send funds immediately, it shifts the conversation,” Clay...

Artificial intelligence is fueling a major transformation in the financial fraud landscape. AI has democratized criminal sophistication and fraud at a very low cost of conducting business, generating more malignant actors that financial institutions have to fight against.

What can these institutions do to mitigate increasingly sophisticated frauds and scams? In a recent PaymentsJournal podcast, Kannan Srinivasan, Vice President for Risk Management, Digital Payment Solutions at Fiserv, and Don Apgar, Director of the Merchant Payments Practice at Javelin Strategy and Research, discussed how fraudsters are using generative AI to hone social engineering and bypass authentication, and how we can fight back.

The Deep-Fake Threat

Driven by AI, deep fakes represent a new frontier in fraud. There has been a 3000% increase in deep fake fraud over the last year and 1200% increase in phishing emails since ChatGPT was launched.

Synthetic voices have been around for decades. They used to sound like a hollow robot, but recent advances in technology have allowed voices to be cloned from just a few seconds of audio. They are so realistic that fraudsters were able to use a deep-fake voice of a company executive to fool a bank manager into transferring $35 million to them.

“In banking, especially at the wire desk, talking to the customer is always considered the gold standard of verification,” said Apgar. “So if somebody sends an e-mail and says I want to initiate a wire, they’ll actually have to talk to a banker. But now, if the voice can be cloned, how do bankers know if it’s real or not?”

In business applications, single-channel communication should not be accepted, said Srinivasan. “If you get a voice call from somebody to do a certain thing, don’t just act on that,” he said. “Send an email or a text to confirm that you heard it from that person. Or hang up the phone and confirm through another channel that this is exactly what they wanted.

“We hear stories about a phone call coming in and saying your son has met with an accident and they’re in a hospital, you need to send $8000 for an emergency procedure. They prey on human emotions. We have to make sure that we step back, think about what’s happening, then call your family or friend to make sure that the news is accurate.”

A Range of Use Cases

Imposter scams have also exploded recently across other use cases. Large language models can take a phishing email, customize the content and iterate it until the scamster gets a successful response from the victim.

Sophisticated criminals are creating packages for less-sophisticated criminals to buy. For $100 a month, a would-be hacker can purchase a bot-as-a-service turnkey application. To conduct a fraud operation, they just need to upload the victim’s information, such as their phone number and the impersonating business name and phone.

The bot will automatically call the victim and impersonate the business, often requesting that they read out the one-time password. Once the criminal gets the OTP, they can do whatever they want with it, including logging into the institution under attack, authenticating transactions, and changing passwords.

The entry barrier to committing fraud has come down significantly. “There’s almost a multiplier effect on the attack vectors end,” said Apgar, “because AI is not only making it easier to crank out more and more phishing emails more efficiently, but it also makes them more realistic.”

How Are We Stopping Fraud?

Machine learning models have allowed us to identify pockets of fraud and scam so that we can detect and stop them. Auto machine-learning tools have allowed Fiserv to perform this function at scale.

Srinivasan said that Fiserv is also deploying self-learning models, which will generate models at a more automated pace. Since the models can be generated much more frequently, they can more effectively detect any change in fraud patterns.

“We use more than 500 risk signals to identify any emerging trend and deploy preventative measures against them,” said Srinivasan.

Getting Started

For a financial institution initiating a strategy against AI fraud, the first step is to make an inventory of all the touch points they have and conduct a vulnerability assessment. Determine all the possible risk areas that could be subject to a fraud attempt, such as the new account opening processes or login controls. Don’t forget about money movement, changes in user behavior, and brand-new patterns of usage.

Two other back-end processes are critical for assessment too. The first is customer education on scam awareness. Reach out to consumers via multiple channels to make sure they are aware of the nature of these new scams. When they are ta...