Consumers and businesses are benefiting from the global transition to speeding up the overall payments process with the desired outcome that funds are settling more quickly. The “Faster Payments” schema in the UK, the G3 implementation in Singapore, and the Single Euro Payments Area, or SEPA as it is more commonly known in 28 countries of the European Union and the four members of the European Free Trade Association (EFTA), and other global equivalents, have been implemented or are on track to be so. Certainly the days of waiting up to five days or more for credit or debit to settle are over as that process has now changed to clearing these transactions in only a few hours or as little as 18 seconds. We are seeing that transformative, 21st century change that has been needed in our global payments interactions.
What I also know, unfortunately, is that cybercrime and fraud follows the path of customer preference and speed. It is logical to conclude, then, that as quickly as we like to conduct business, so do the fraudsters. In fact, the fraudsters have become very skilled on channels where information and money move fast. It is imperative that financial institutions’ Cybercrime and Fraud models react swiftly to the “casino-like” attempts and repeated tries to complete a fraud coming from the increasingly sophisticated fraudster communities.
Let’s look at one of these approaches, SEPA, which enables transfers over different channels: over the phone mandates and E-Direct Debit Mandates and Credit Transfers. Data and information exchange for all channel events and payments events benefit from informing the other in the fraud detection process. More exactly, if a fraudster attempts to commit fraud on the phone and fails, an attempt to conduct fraud on the digital channels needs to be profiled and understood in the context of previous attempts by your scoring engines and sub second response times. Why?
The fraudsters have learned well from years of attempts on the wire channel and more recently from faster-moving payment launches. Man in the Middle, Man in the Browser, and Social Engineering are prevalent and active. The same robust “Fraud Hub Detection and Investigations Hub” strategy that the leading banks have taken to protect and enable the business and customers for faster payments, should also be adopted for SEPA.
While much has been commented on in terms of the risk of SEPA, I would like to take it a step further and suggest a fraud strategy checklist for the EU and EFTA member banks. Ask yourself the following questions:
- Have you created a “Fraud Detection and Investigations Hub” to score and manage all Credit (SCT) and Debit (SDD) events end-to-end?
- Have you hired or are you leveraging fraud talents from your E-channels fraud and business teams to ensure your business strategy is adequate?
- Are you planning to record all phone calls for over-the-phone Direct Debit mandates to validate their existence and validity? Are you coupling this with voice biometrics to keep the fraudsters out?
- Does your analytics strategy ensure cross-channel and cross-payment profiling and key indicators of fraud for rapid detection?
- Are you using cyber and device end-point data and information to inform your scoring decisions?
- Are you using third parties to ensure that the quality of the International Bank Account Number (IBAN) and Bank Identifier Code (BIC) or SWIFT code are correct, accurate, and as complete as possible?
- Do you have plans to evaluate Direct Debit mandates at creation before submission?
Certainly, those banks who have put the right questions on the table are building the foundation to enable SEPA and similar approaches, in order to protect the business and customer experience for years to come. This can be just the competitive edge your business can leverage.