Join the Community

22,256
Expert opinions
44,229
Total members
397
New members (last 30 days)
197
New opinions (last 30 days)
28,760
Total comments

Building a Real-Time Cyber Security Response to Real-Time Payment Fraud

The real-time payments industry is evolving and expanding. Today, real-time payments reach 65% of demand deposit accounts, and they are increasingly faster and more reliable. In the next five years, 99% of corporations generating more than $1 billion in revenue will use real-time payments. The news is exciting for the industry, but as adoption of payments technology increases, theft and fraud exposure grows in step. Real-time payments require a real-time cyber security response. With a growing number of cyber threats and increasing regulation, banks and financial institutions need to evolve cyber security measures. 

Cyber Threats Are Increasing

In the last five years, ransomware has risen to the top of cyber threats, and it has remained there. The prevalence of ransomware and other phishing-based attacks like BEC (business email compromise) has been driven by the democratization of hacking on the dark web. People with little to moderate hacking abilities can utilize a variety of tools to make easy money. As a result, hackers don’t need to be very creative; they have ample opportunities available and the infrastructure to pursue them. Hackers continue to attack the edges of a payment transaction, understanding, for example, that an attack won’t be flagged until it reaches a certain dollar amount or number of transactions. From a fraud perspective, this is ever-evolving, and fraud protection measures must continue to rework the edges to defend against attacks. 

Artificial intelligence is also helping to amplify cyber crime. Armed with automation now enhanced by AI, hackers have access to vast amounts of data and increasingly effective tools and therefore have a lower barrier to entry to launch attacks and increase cyber crime profit margins. As a result, the volume of cyber attacks has increased. This is especially critical for the real-time payments industry because real-time payments are not only targeted, but also the preferred payment method for hackers, providing easy and instant access to cash. Once a payment transaction is complete, it cannot be reversed. This is a growing problem, and the real-time payments industry must respond.

Meeting Regulatory Requirements

Despite organizations' attempts to counteract nefarious activity, protections only go so far, as they are driven by business cases at each organization. It comes down to the old adage: “You don’t put a $10 fence around a $1 cow.” The same is true in cyber security. If losses from fraud and cyber attacks cost $2 million per year, but a robust security program costs $10 million, a financial institution may opt to absorb the loss into its business model. 

Still, banks must meet regulatory requirements for payment protection and privacy—and those regulations are constantly evolving as state and federal governments look for ways to protect consumers and mitigate losses. Banks must uphold these regulations, despite the cost. This is where third-party partnerships are important to implement required prevention tactics. Payment technology vendors sit in the middle of the transaction and can meet bank guidelines for fraud prevention. 

Baseline requirements will always include controls designed to add friction (and thus cost) to fraud and cyber attacks, like robust authentication (e.g. multi-factor authentication), encryption, and networking controls. However, reactive planning is key to mitigate impacts from any incidents that do occur, including incident response plans, business continuity plans, and cyber insurance. In addition, some banks and partners will elect to implement even stricter policies to ensure safety and show legislative bodies that cyber crime response is happening without government intervention. For example, payment application Zelle recently said that it would reimburse some instances of losses due to certain scams. By partnering with the right technology platforms, companies can ensure both the required and elected guidelines are met. Third-party vendors are already at the forefront of providing solutions to these problems. 

Implementing Best Practices

Stopping cyber crimes and fraud is challenging. After all, hackers are well-armed and simply repeat an attempt until they find success. However, there are best practices that organizations can implement to help to reduce fraud attempts and meet government regulations. Behavioral monitoring is the gold standard in fraud prevention, and that hasn’t really changed even as hackers have become more sophisticated. 

As part of a complete BSA/AML (Anti-Money Laundering) program, behavioral monitoring includes Know Your Customer (KYC) and Know Your Business (KYB) practices. KYC and KYB are guidelines and procedures organizations use to verify users, business partners and other corporate entities, utilizing a mix of third-party applications, automation, and manual analysis. Certainly, technical controls like multi-factor authentication, encryption, and data back-ups are all important baseline components of a data protection program that mitigates fraud impacts. These best practices are going to remain, but expanding regulations will continue to demand more of businesses as governments look for more ways to protect consumers. 

The good news is that defenses are also improving with automation enhanced by AI, to predict and respond to evolving threats as they happen. Hackers are using AI tools to scale cyber crimes, and businesses must defend against those attempts with similarly adaptive tools enhanced by AI as well. Third-party vendors (and partners using them) lead the way here as well, as they compete with each other to provide high-quality services at the best value.

Incorporating new methods in cyber security best practices is an important step toward limiting exposure and staying ahead of regulatory intervention. Real-time payments are only expanding. It is an ongoing war, and real-time cyber security is the best defense.  

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,256
Expert opinions
44,229
Total members
397
New members (last 30 days)
197
New opinions (last 30 days)
28,760
Total comments

Now Hiring