Looking Forward: Fraud in 2021

As a new year is about to begin, I’m sure most of us are glad to see the back of 2020. Unfortunately, the events of 2020 will continue to cast a long shadow over daily life for years to come.

2020 in Fraud: How it started

We had predicted 2020 to be an absolutely pivotal year for payments, with payment initiatives around the world either in full swing or coming to fruition. Examples include the flurry of new instant payment solutions launching, Request-to-Pay solutions being built atop of them and the industry pivoting toward ISO 20022 in a short period for everything from Swift to Wires to Instant. Where in the past we saw pockets or ripples of change in countries around the world, in 2020 we were seeing change in virtually every bank, in every country. In short, we predicted 2020 to possibly be the most important ever for much of the payments world.

Then COVID-19 struck.

2020 in Fraud: How it’s going

Operations-wise, banks proved to be robust, a testament to the extensive disaster recovery planning that banks do. Even so, some assumptions proved to be on the conservative side – we expected lockdowns, just not national ones, and in multiple countries at the same time.

It wasn’t just how we worked, but of course the way the whole population worked and shopped changed, too. Payment habits changed literally overnight – in the UK, Link, the national ATM network, saw a 60 percent drop in cash withdrawals the day of the first lockdown, while use of contactless and contact-free payment solutions soared. Linked to that was the change in spending habits, with a dramatic shift to e-commerce and a dramatic fall with anything travel or tourism related. Predictable volumes and patterns of payments changed overnight. Key for banks will be understanding which of these are temporary (I’m sure we’re all eagerly waiting to socialise in our favourite bars and restaurants!), which come back over time (tourism and business travel) and what may now be a permanent switch (the joy of your shopping appearing magically at your door). And of course, of those, what might they want to change.

While no one would want to claim anything positive from the tragic events, it has to be acknowledged that the events of 2020 have massively accelerated banks’ digital plans. Many discovered that while they had started the journey, they still had a long way to go.

2021: A critical year for payments

2021 then will be a critical year for payments. The need to change is greater than ever. There is a backlog of work, most of which has a deadline in the near future…and there is more to come. In Europe, the regulator announced plans to make Instant Payments mandatory for every bank in Europe. In countries around the world, Request-to-Pay (Request-for-Payment in the U.S.) were due to be launched this year. Built on top of real-time rails, they offer better integration into a businesses’ financial value chain, automating reconciliation and offering a range of payment options. We’re also seeing many fintechs building things on top of the Request-to-Pay, further extending its functionality. The customer experience is improved for all, but it’s not without its potential pitfalls. For example, how will someone know that a request is from who they say it is? This is addressed in many schemes, but the lack of familiarity will likely allow some fraudulent activity, and we are perhaps reminded of the quote – “No plan survives contact with the enemy.” While we can plan for every eventuality, history tells us that fraudsters often find the weak spot we hadn’t considered.

We do know of some of the weak spots, and we’re doing our best to tackle them. One way is through the SCA deadline (Secure Customer Authentication) rules in PSD2. Yet there remain issues. The original deadline was extended across Europe to December 31, 2020, but many countries have already announced extensions – with the UK announcing two in 2020 alone. This has resulted in a dizzying array of dates for enforcement – France started gradual enforcement for some transactions as early as April 2019, but won’t apply full enforcement until April 2020; next door, Belgium starts full enforcement 1 January 2021; and Switzerland and the UK won’t start until September 2021. No journey this complex is smooth, but this certainly poses challenges we perhaps didn’t anticipate.

With so much uncertainty and change, and combined, it’s inevitable we will see an increase in fraud attempts. At the same time, when the change in habit happened, some banks found that their underlying models didn’t adjust quickly enough, with many false flags. Given that this also happened at the same time as staff suddenly having to work remotely, this caused issues to both access the model but also to respond to investigations.

Doubling down on fraud

With tough economic conditions predicted, it’s even more important to double down on fraud prevention, as banks need to protect revenue and margin. Perhaps more importantly, it needs to be seen more holistically, as there will be a rise in those who have genuine hardship. Being able to distinguish between “can’t pay” and “won’t pay” has always been key to how a bank prioritised their debt recovery efforts, but now we’ll see an increase in “never intended to pay.” The latter is highlighted in how many false claims there were for government assistance. Was it fraud? Were they mule accounts, or accounts targeted to be taken over? Or could it have just been an error in how the payments were posted? Many banks struggled with this in normal times – with banks needing to implement and execute en masse, and in a short period of time, it truly highlights the challenges banks face.

2021 is a pivotal year for payments. At the same time, it is likely to be as pivotal for fraud detection and prevention. The increased velocity to instant payments, changing payment types and uncertain economic conditions all provide the potential for fraudsters. Banks need to ensure they are ready for this change.