A post relating to this item from Finextra:
27 May 2008 | 14738 views | 0
The UK's faster payments service, designed to provide customers with near real-time transfer of phone, Internet and standing order payment instructions - has finally gone live.
Dear online fraudsters, I've got some good news and some bad news.
The good news is that Christmas comes early this year: on May 27th the UK banking industry launched the much anticipated Faster Payment scheme, in which inter-bank money transfers are instantaneous. Let me actually re-phrase: that's
great news for you.
I bet you're all excited about the new opportunity presented by Faster Payments because you know that one of the most effective weapons the banks have been using against online banking fraud is no longer at their disposal.
This weapon is Time.
Now, please excuse me while I explain this to the non criminal elements reading this blog. Why is time so important to fraudsters?
The previous, slow process of sending money from one bank to another may have been cumbersome and not very friendly to the end user, but it did give sufficient time for the banks to investigate high risk transactions, and stop the money from leaving the
bank. Typically the bank had between 24 to 72 hours to investigate and freeze risky transfers.
Suppose a bank processes 1,000 transactions per day that meet a high-risk criteria: they are a payment to a newly established destination account, and the amount is higher than five thousand pounds.
Until now, the bank could have let all these transactions go through, and then during the next 24 hours have a team of fraud analysts review them by calling the users to confirm the activity. If the money transfer wasn't authorised by the user, the bank
had sufficient time to stop the money from going out.
This can no longer work in Faster Payments. In a Faster Payment, once the transaction is cleared, funds leave the bank. The only way to stop fraud is to decline the suspicious transaction, or delay it until it is reviewed. In both cases, the end result is
that the user will not be able to transfer the funds in real time.
Following the previous example, to stop the same amount of fraud, the bank would have no choice but to delay ALL of the 1,000 transactions. Which is against the very notion of Faster Payments.
The alternative is to let all of them go through and face the consequences. Which is exactly what fraudsters like about the new scheme.
OK, that was for the sake of the law abiding segment of the readers.
Now back to you, dear fraudsters. I said I've got good news and bad news; so lets get to the bad news, shall we?
The bad news is that the UK banking industry has prepared for Faster Payments and equipped itself with several layers of defense against your evil ploys. Deploying visible defenses such as EMV 2-factor or out-of-band phone authentication, and invisible layers
such as transaction monitoring and anti-Phishing / anti-Trojan detection and termination services, most banks have managed to raise the bar significantly.
So let me summarise the situation. Fortunately for you, criminals of the twenty first century, fraud will be much more difficult to intercept following the move to Faster Payments. Unfortunately for you, the banks realised the rules of engagement are about
to change and beefed up their fraud fighting strategies. You should expect the banks to put up a good fight.