Mitigating Real-Time Fraud: What are the minimum best practices?

Mitigating Real-Time Fraud
What are the minimum best practices?

By Neil Kumar, Vice President, Compliance

Let’s start with the obvious: real-time payments will continue to revolutionize the way money is sent and received, making it faster and more efficient than ever to get funds from Point A to Point B. But with convenience and speed comes increased risk of fraud.

Like wires, fraudulent real-time transactions can result in significant financial losses for consumers, businesses and credit unions alike. Before exploring strategies to prevent fraud, let’s first review the different types of fraud that can occur with digital payments.

Authorized Push Payments (APP): A fraudster manipulates a member into sending funds to an account controlled by the fraudster. Common types of APP fraud include romance, prepayment and imposter scams.
Account Takeover: A fraudster gains access to a member's account and uses it to make unauthorized transactions.
Phishing: A fraudster sends an email or text message that appears to be from a legitimate source to trick the member into supplying sensitive information.
Man-in-the-Middle Attacks: A fraudster intercepts communications between a member and a credit union to gain access to sensitive information.
Identity Theft: A fraudster uses stolen personal information to open a new account or make unauthorized transactions.

To mitigate fraud with real-time payments, your credit union will need to take a multi-layered approach. Consider the following proactive steps to protect your credit union and your members from real-time transaction fraud.

Step 1: Implement Strong Authentication

One of the most effective ways to prevent fraud is to implement strong authentication methods. This includes using two-factor authentication (2FA) or multi-factor authentication (MFA) to ensure that only authorized users can access accounts. Both 2FA and MFA require users to supply forms of identification before gaining access to a system or an account. This authentication can include a combination of the following:

Something the user knows (e.g., a password)
Something the user has (e.g., a security token or mobile device)
Something the user is (e.g., a fingerprint or facial recognition)

Step 2: Conduct Risk Assessments

Conducting regular risk assessments can help identify potential vulnerabilities and threats. This includes analyzing transaction patterns and finding any suspicious activity. Risk assessments can also help identify areas where added security measures may be needed.

Step 3: Use Fraud Detection and Prevention Tools

Transaction limits (e.g., daily, weekly, monthly) based on each member’s typical transaction activity are a great starting point to prevent fraud, but there are many other fraud detection and prevention tools available. Machine learning and artificial intelligence (AI) algorithms can help find patterns and anomalies in transactions, making it easier to detect and prevent fraud. These tools can analyze transaction data and flag any suspicious activity, allowing credit unions to take immediate action to prevent fraud.

Step 4: Implement Fraud Alerts

Your credit union should alert the member when suspicious transactions occur to verify whether the transaction is legitimate. Implementing member fraud alerts can help credit unions quickly detect and respond to fraudulent activity. These alerts can be sent via email or text message and can include information on the transaction, such as the amount, time and location.

Step 5: Train Employees

Your credit union employees should be familiar with the best practices to prevent and detect fraud. This includes educating employees on how to identify and respond to suspicious activity, as well as providing them with the tools and resources they need to prevent fraud.

Step 6: Educate Members

Your credit union should also educate members about the risks of fraud and provide them with information on how to protect themselves. This can include providing tips on how to spot phishing scams, or how to recognize suspicious transactions. With peer-to-peer transactions, recommend that members only send these payments to people they know. Once funds are posted to a beneficiary’s account, it becomes the recipient’s property, which can make it difficult to recover. Information on the latest fraud trends should be provided to members as soon as possible.

Step 7: Use Encryption

Encryption is a powerful tool that can help protect sensitive information from being intercepted and used for fraudulent purposes. This includes encrypting all data that is transmitted, as well as storing data in an encrypted format.

Step 8: Monitor Transactions

Performing regular reviews of transactions can help identify any suspicious activity and prevent fraud. This includes reviewing transaction details, such as the amount, location and time of the transaction, as well as the member's personal information. Your credit union should monitor transactions in real-time, looking for patterns or anomalies that may indicate fraud. For example, if a member's account is used to make multiple transactions in a short period of time, this may be a sign of fraud.

Step 9: Collaborate with Other Financial Institutions

Collaboration and knowledge-sharing can also help reduce the risk of fraud. This includes sharing information on fraudulent activity and working together to develop and implement best practices for preventing fraud.

Faster payments are coming. Will you be ready?

With the fast-approaching launch of the Federal Reserve’s new instant payment offering, the FedNow℠ Service, it’s never been more critical for financial institutions – including credit unions – to start preparing. It’s been over 50 years since a new payment rail has debuted, and a transition like this cannot be approached haphazardly.

As an interactive, educational community, Alloya Insights: Faster Payments is expertly designed to help credit unions strategically prepare to join the faster payments movement. Just recently, Alloya’s team of faster payments experts created a proprietary Faster Payments Financial Model, exclusively available to credit unions in the Alloya Insights: Faster Payments community, to help them understand how the implementation of real-time payments will impact them – from staffing to daily operations to income to legacy payments and beyond.

In addition, participants gain access to the community portal, which includes topic briefings, blog entries, webinar recordings, polls, FAQs and planning tools – all of which have been synthesized and published by Alloya’s team of experts. Participating credit unions gain access to exclusive discounts for Alloya’s forthcoming product offerings for real-time payment processing, settlement and liquidity management.

Interested in joining Alloya Insights: Faster Payments? Contact your Alloya representative or visit www.alloyacorp.org/insights to learn more

About the Expert

Neil Kumar
CAMS, CGSS, Vice President, Compliance

Neil Kumar serves as Alloya’s designated BSA Compliance Officer and is responsible for overseeing BSA/AML, global sanctions, fraud and business continuity management (BCM) functions. In addition, Kumar implements risk mitigation strategies to ensure Alloya’s payment processing systems are not utilized to facilitate illicit financial crimes. As a leader of Alloya Insights: Faster Payments, Kumar brings over 20 years of experience in the financial services industry in addition to his knowledge gained through his participation in the U.S. Faster Payments Council’s (FPC) Fraud Information Sharing Work Group. This work group is comprised of various industry experts and has issued industry white papers related to faster payments and fraud. Kumar is a Certified Anti-Money Laundering Specialist (CAMS) and a Certified Global Sanctions Specialist (CGSS) through the Association of Certified Anti-Money Laundering Specialists (ACAMS).