Payment firms pool resources to combat real-time fraud

One of the challenges of real-time payments is the lack of time in which to spot fraud. Adding to the risk is the growing amount of payment data from sources that aren't always connected to each other.

"Where things sometimes fall apart is the fact that we still have data that is collected at different points in the transaction," said Sudhir Jha, a senior vice president at Mastercard and head of Brighterion, a Mastercard artificial intelligence subsidiary. The payment data is not always available in aggregate form, which makes it harder to vet real-time payments for fraud, Jha said.

Real-time transactions, while a small part of the overall payments market, are expected to become more widely adopted in the years ahead. That will create a greater opportunity for fraud, since near-instant settlement removes what could otherwise be a two-day window of opportunity to detect a scam.

In the absence of time, the payments industry has doubled down on the need for data. The Federal Reserve created a Fraud Definitions Work Group in 2019 with the goal of unifying the terminology for reporting fraud. The resulting FraudClassifier Model focuses more on the authorized party and the fraud type than details of the payment itself. Instead of trying to determine if an individual transaction is fraudulent, such as by determining whether it involved a stolen credit card, banks and merchants can pool data in a common format to identify whether there is a string of fraudulent activity — encompassing multiple banks, retailers and victims — with a single common factor.

Beyond this, payment companies are working to create systems that bring together issuers, acquiring banks and merchants in a way that benefits all parties. Mastercard, for example, is working to combine various sources of data to improve the artificial intelligence that supports digital payment security, according to Jha. By adding more data sources, AI can potentially spot signs of fraud earlier.

More than 70 billion real-time payments were processed globally in 2020, a 41% increase over 2019, according to ACI Worldwide's most recent report on real-time payments, which projects a global compound annual growth rate of nearly 24% from 2020 to 2025. In the U.S., the percentage of real-time payments is expected to increase from about one-half of 1% of all electronic transactions to more than 3.5% between 2020 and 2025. Overall, the share of paper-based payments in the U.S. is projected to fall from 24% to 17%, while the share of all electronic payments is expected to rise to 80% from 75%, according to ACI.

While real-time payments are a relatively low percentage, they will require new fraud prevention measures given the slim window for reaction, according to ACI.

The threat of real-time payment fraud should lead to greater collaboration among companies involved in payment processing, according to Marc Trepanier, principal fraud consultant at ACI Worldwide and one of the report's authors.

"Real-time fraud detection presents some strong opportunities to leverage learnings from more mature markets, particularly when it comes to industry-level cooperation," Trepanier writes in the report. He recommends that companies pool data anonymously to protect privacy and to improve machine learning to spot fraud quickly.

Mastercard aggregates data from issuers, merchants, acquirers and other partners to add more data to its artificial intelligence, Jha said. The goal is to vet a series of payments for a track record that includes consumer activities across different merchants, he said.

"Real-time payments will move toward a broader audience, but there is a fraud piece that comes with that," said Marge Hannum, chief risk officer for Mercury Financial, a financial institution with offices in Wilmington, Delaware, and Austin, Texas.

Mercury works through the $2 billion-asset First Bank & Trust in Brookings, South Dakota, to issue Mastercards. It also partners with Mastercard to share data to mitigate digital payments fraud.

"The more information that can go into AI, the less risky the payments will be. We need to have more cooperation," Hannum said.

Real-time payments in the U.S. come largely through The Clearing House's RTP network. The RTP network has nearly 200 bank members and is expected to add more in 2022 as Fiserv starts to bring its clients on board. The Federal Reserve's real-time rail, FedNow, is expected to launch in 2023 or later.

The Clearing House works with member banks and with card networks to monitor transactions in real time, said Lee Kyriacou, vice president of real-time payments for The Clearing House in New York. Right now most of the digital payment fraud is coming via more traditional e-commerce transactions, which settle in about two business days.

Most of the current real-time payments are "push payments," meaning "all you can do is send money" with the account information, which reduces the potential for fraud, Kyriacou said.

"Eventually RTP may be leveraged in an e-commerce system, but right now e-commerce payments happen mostly within the traditional card networks," Kyriacou said.

As real-time processing starts to expand and use cases proliferate, it will become more important for banks to communicate with users about the differences in types of digital payment — real-time versus more traditional e-commerce transactions — and to know who is on the other end of the transaction.

"AI is almost always used as a tool to detect payments, real time or near-real time," said Avivah Litan, a vice president at Gartner in Potomac, Maryland. False positives can be tricky, she said. "With real-time payments these challenges are magnified. But when combined with stronger authentication and rules, false positives and true negatives can be minimized."

When working with third parties, banks and other firms need to ensure those parties provide clear explanations on how their AI models work, Litan said. This transparency can make it easier to fine-tune models as needed, she said.

"Enough sharing isn't taking place," said Armen Najarian, chief identity officer at Outseer, a data security company in Palo Alto, California. The technology exists to grab data from different sources in real-time and build models or graphs to detect potential payment fraud. The more data from more sources that can be accumulated, the better the opportunity to improve the machine learning or AI that contributes to real-time payment fraud detection, which Najarian argues should persuade businesses to cede some proprietary concerns in the name of safety.

"The 'give to get' model is the way of the future as far as maintaining user experience and security," and it's the best way to protect real-time transactions where data that can spot a bad transaction resides with four or five different parties, Najarian said. "Real-time payments aren't like buying a box of plastic bags from Amazon. The stakes are much higher."

For reprint and licensing requests for this article, click here.
Payments Technology
MORE FROM AMERICAN BANKER