Banks as varied in size as JPMorgan Chase and Carver Federal Savings Bank have added technology designed to vet users and
The impetus is a fraud threat that covers nearly all types of payments. Sixty-five percent of organizations were victims of payments fraud attacks in 2022, the
There is a role for banks to play in combating payment crime. Eighty percent of organizations are likely to turn to banks to address payment fraud over other sources, according to the AFP.
While technology companies are rushing to address speed in
"The attacks and scams around fraud are evolving pretty quickly," said Pete Redshaw, a practice manager at Gartner.
Carver turns to the cloud
The $657-million asset Carver is using a cloud-native Jack Henry fraud and anti-money-laundering system that is designed to accrue information in real time or near-real time.
Using machine learning, the platform, called Financial Crimes Defender, bundles vetting and suspicious activity tracking for checks, deposits, transfers, ACH payments and real-time processing.
Carver wants to make it easier to change fraud tools and policies based on shifting threats. Older fraud prevention platforms that ask users questions, rely on static rules or slowly update payment volume don't do this well, the bank contends.
"When you have hard and fast rules, the bad guys can guess the rules. So batch processing is easy to beat for the crooks," said Patrick Brennan, vice president of information technology at Carver. "For most digital payments, real time or not, the money is out the door before you can spot anything."
The Jack Henry platform accesses the Federal Reserve's
Jack Henry had already sold technology to enable real-time payments for
"You have to aggregate real-time protection to all channels," said Rene Perez, national director of sales for financial crime solutions at Jack Henry. "Technology advances have opened the door to do real-time prevention in a wider way."
One issue that real-time fraud prevention and cloud hosting can address is unusual spikes in volume that can overwhelm older fraud methods, Perez said.
"You may have a system designed to vet 5,000 payments per minute, with each payment needing to be vetted in less than a second," Perez said, adding that most current fraud prevention systems can manage that volume. "But if you get 100,000 per minute that's where you have issues."
By using the cloud, banks can anticipate a surge in payments and can adjust capacity accordingly, according to Perez.
"In the case of a credit union or community bank, there may be an event in a smaller town, a festival or a concert," Perez said. "That's a case where you could anticipate a spike in payments."
Using the cloud should enable faster changes to security risk policies and technology, while making it easier for Carver's remote staff to use, Brennan said.
"I'm an IT guy and I hate to say it, but I get nervous when people say we're going to transition something to the cloud," Brennan said. "But from the perspective of the user, it's much easier to access. And we have a remote workforce. We're located in Harlem but have people who live in Dallas using this."
JPMorgan adds identity checks
In a separate deployment, JPMorgan Payments has signed a deal to use technology from identity verification firm Trulioo to expand verification for people and businesses. JPMorgan Payments, which processes $9 trillion a day in over 160 countries and 120 currencies, will combine know-your-business and know-your-customer compliance in a single location. Additionally, the integration will enable JPMorgan to add real-time access to hundreds of government data sources, public records and other documents.
"Fraudsters always look for ways to exploit digital platforms. The challenge for companies is to identify and stop them without imposing unnecessary friction on good users," said Michael Ramsbacker, chief product officer at Trulioo. "The evolution of the integrated identity verification platform gives companies the capabilities they need to be flexible and adapt to new threats."
JPMorgan did not provide comment for this story.
Accurate identity verification and onboarding at scale require a combination of vetting techniques, which can include passive fraud detection, matching personally identifiable information with credible data sources and active measures such as identity document verification, Ramsbacker said.
Payment attacks are becoming smaller but more frequent, Gartner's Redshaw said. That requires banks to both add faster-acting technology to vet and spot fraud, and to update the technology more frequently.
"Fraudsters used to snare as many people as possible, up to a million through a mass theft," Redshaw said. "Now it's, 'try to get about 20 people,' and then change the attack so the existing protections can't stop it. So the protections have to change along with that threat."
As payments become increasingly digital and real-time, more advanced fraud management techniques are necessary even before the transaction takes place, according to Meng Liu, a senior analyst at Forrester, adding that it can be difficult to recover funds once a theft has occurred in a real-time network or other channel that relies on faster processing.
This has given rise to a market for identity verification, which contributes to a "no action/no friction" user experience to minimize obstacles for customers while proving identity. The trend is toward less document submission or question answering, and toward more passive methods that focus on customers' behavior, biometrics or device information.
"Machine learning and AI-based risk models are more powerful than traditional rules-based models, as they possess self-learning capabilities and can quickly and effectively adapt to new fraud patterns," Liu said, adding that Forrester estimates there is a high adoption rate of AI-based transaction management models (over 70%) among financial services companies. "It is crucial to find ways to prevent fraud in the initial payment phase."