Ironically, the promise of “instant payments” has been a long, hard slog. And one of the main reasons for the delay is that many financial firms, payment start-ups and cybersecurity vendors have valid concerns about catching fraud in the system when a payment goes through immediately.
The growing digital infrastructure has made it possible to have real-time payments, which are initiated and settled almost instantly. However, increasing fraud rates surrounding even the most conventional and locked down payments delivery channels (especially in the past two years) has raised the question of how banks, payment and core banking vendors and processors and other payment infrastructure players will successfully spot and mitigate fraud risk when there is virtually no time to do it.
But several financial technology companies (FinTechs), banks and card companies are implementing new technologies and tactics in order to make real-time payments more viable and secure. In just the past five or six months, banks and their payments vendors have made huge steps forward with their use of behavioral biometrics, machine learning and artificial intelligence to speed up the fraud-spotting process, according to Serpil Hall, head of fraud and financial crime prevention at Celebrus.
“It really changes the story,” said Hall, who has been working in fraud prevention and analyzing bank and payments fraud systems for more than 20 years. “Third parties are really differentiating their systems” with these advanced technologies to mitigate real-time payments risk.
Despite these digital advances and the skyrocketing popularity of peer-to-peer payments services like Venmo, PayPal, and CashApp, only a small portion of overall U.S. payments are processed in real-time. The Clearing House’s RTP Network is one of the few real-time payments networks, and counts Avidia Bank, Bank of the West and Citizens Bank among its participants, and national powerhouse banks including Bank of America and Citigroup as corporate advisors. As of the fourth quarter of 2021, the RTP Network had grown by 13% in volume over the previous quarte — but that still only accounts for 37.8 million transactions worth a total of $15.7 billion, still a relatively tiny proportion of U.S. payments.
The Federal Reserve also has thrown its payments hat in the ring, announcing in August 2019 that it would develop and offer up its own real-time payments rail, to be dubbed FedNow. A pilot program of more than 200 financial institutions was launched a year ago, January 2021, but the timeframe for a wider rollout has been pushed, and now is not expected till 2023.
And as more banks and payments processors begin to enter and increase their share of the real-time payments market, more fraud-related vendors are popping up and upping their game so they can pave the way for real-time payments to really take off. And, more often than not, they are using AI to help make decisions quickly. Case in point, San Francisco-based Brighterion, a 22-year-old company that was acquired in 2017 by Mastercard, is using distributed architecture to suss out potentially fraudulent behaviors and patterns in less than 10 milliseconds. (The company counts 74 of the largest 100 U.S. banks as customers, though not all for real-time payments.)
And to match the breakneck pace of fraud prevention technologies, there is a hunger for real-time payments among business and retail payments customers like never before, fed by an increase in online and mobile commerce, a desire to get money in their accounts faster (given economic hard times), a growing devotion to P2P payments and a preference not to handle cash in the face of pandemic. (The average U.S. bill carries as many as 3,000 types of bacteria.)
In the meantime, even as fraud solutions improve to match the speed of real-time, there are still a couple of significant issues. As has been pointed out by many fraud prevention and FinTech experts, the data that these systems have to go through (and fast), often make spotting potential bad behavior and malware all the more difficult. And given how much data is handled in payments, that is a nut that may take a long while to crack.
Also, as Hall pointed out, there is simply the basic block-and-tackling of practicing good cyber hygiene — making sure employees, and even customers, are following basic policies and procedures to ensure security — as simple as picking strong passwords, using multi-factor authentication, and not making payments over an unsecured system.