One of the challenges of real-time payments is the lack of time in which to spot fraud. Adding to the risk is the growing amount of payment data from sources that aren't always connected to each other.
"Where things sometimes fall apart is the fact that we still have data that is collected at different points in the transaction," said Sudhir Jha, a senior vice president at Mastercard and head of Brighterion, a Mastercard artificial intelligence subsidiary. The payment data is not always available in aggregate form, which makes it harder to vet real-time payments for fraud, Jha said.
Real-time transactions, while a small part of the overall payments market, are expected to become more widely adopted in the years ahead. That will create a greater opportunity for fraud, since near-instant settlement removes what could otherwise be a two-day window of opportunity to detect a scam.
In the absence of time, the payments industry has doubled down on the need for data. The Federal Reserve created a
Beyond this, payment companies are working to create systems that bring together issuers, acquiring banks and merchants in a way that benefits all parties. Mastercard, for example, is working to combine various sources of data to improve the artificial intelligence that supports digital payment security, according to Jha. By adding more data sources, AI can potentially spot signs of fraud earlier.
More than 70 billion real-time payments were processed globally in 2020, a 41% increase over 2019, according to
While real-time payments are a relatively low percentage, they will require new fraud prevention measures given the slim window for reaction, according to ACI.
The threat of real-time payment fraud should lead to greater collaboration among companies involved in payment processing, according to Marc Trepanier, principal fraud consultant at ACI Worldwide and one of the report's authors.
"Real-time fraud detection presents some strong opportunities to leverage learnings from more mature markets, particularly when it comes to industry-level cooperation," Trepanier writes in the report. He recommends that companies pool data anonymously to protect privacy and to improve machine learning to spot fraud quickly.
Mastercard aggregates data from issuers, merchants, acquirers and other partners to add more data to its artificial intelligence, Jha said. The goal is to vet a series of payments for a track record that includes consumer activities across different merchants, he said.
"Real-time payments will move toward a broader audience, but there is a fraud piece that comes with that," said Marge Hannum, chief risk officer for Mercury Financial, a financial institution with offices in Wilmington, Delaware, and Austin, Texas.
Mercury works through the $2 billion-asset First Bank & Trust in Brookings, South Dakota, to issue Mastercards. It also partners with Mastercard to share data to mitigate digital payments fraud.
"The more information that can go into AI, the less risky the payments will be. We need to have more cooperation," Hannum said.
Real-time payments in the U.S. come largely through The Clearing House's RTP network. The RTP network has nearly 200 bank members and is expected to add more in 2022 as Fiserv starts to bring its clients on board. The Federal Reserve's real-time rail, FedNow, is expected to launch in 2023 or later.
The Clearing House works with member banks and with card networks to monitor transactions in real time, said Lee Kyriacou, vice president of real-time payments for The Clearing House in New York. Right now most of the digital payment fraud is coming via more traditional
Most of the current real-time payments are "push payments," meaning "all you can do is send money" with the account information, which reduces the potential for fraud, Kyriacou said.
"Eventually RTP may be leveraged in an e-commerce system, but right now e-commerce payments happen mostly within the traditional card networks," Kyriacou said.
As real-time processing starts to expand and use cases proliferate, it will become more important for banks to communicate with users about the differences in types of digital payment — real-time versus more traditional e-commerce transactions — and to know who is on the other end of the transaction.
"AI is almost always used as a tool to detect payments, real time or near-real time," said Avivah Litan, a vice president at Gartner in Potomac, Maryland. False positives can be tricky, she said. "With real-time payments these challenges are magnified. But when combined with stronger authentication and rules, false positives and true negatives can be minimized."
When working with third parties, banks and other firms need to ensure those parties provide clear explanations on how their AI models work, Litan said. This transparency can make it easier to fine-tune models as needed, she said.
"Enough sharing isn't taking place," said Armen Najarian, chief identity officer at Outseer, a data security company in Palo Alto, California. The technology exists to grab data from different sources in real-time and build models or graphs to detect potential payment fraud. The more data from more sources that can be accumulated, the better the opportunity to improve the machine learning or AI that contributes to real-time payment fraud detection, which Najarian argues should persuade businesses to cede some proprietary concerns in the name of safety.
"The 'give to get' model is the way of the future as far as maintaining user experience and security," and it's the best way to protect real-time transactions where data that can spot a bad transaction resides with four or five different parties, Najarian said. "Real-time payments aren't like buying a box of plastic bags from Amazon. The stakes are much higher."
