Global fraud challenges and strategies to combat them

1 Like 2 Be the first to comment

Global fraud challenges and strategies to combat them

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Nacha event Smarter Faster Payments in New Orleans set aside an hour to discuss the importance of collaboration among financial institutions and regulators, the role of data sharing in improving fraud detection, and the need for robust fraud controls.

This global panel highlighted South Africa’s fraud journey, that has focused on prevention, detection and management, achieving 75% fraud detection with a 5:1 false positive rate. Canada's approach was also explored, which involves mandating foundational fraud controls in their real-time payment system. Further, how the UK's 50:50 liability split between senders and receivers has led to significant fraud reduction, and how New Zealand's strategy includes using Maori data sovereignty principles.

What was clear was that there is a need for continuous innovation and collaboration to address evolving fraud threats. Here’s a rundown of how fraud continues to be a challenge around the world and how countries are combatting them.

South Africa

Ghita Erling, chief executive officer, Payments Association of South Africa, explored how fraud prevention has always been developed in step with their modernisation initiatives. South Africa is among the global early adopters of real-time payments, having launched its interbank instant payments system Real-Time Clearing (RTC) in 2006. In 2023, South Africa also launched PayShap, a new real-time digital payment platform, improving financial inclusion and offering more convenient payment options.

Erling explained that with this new faster payment system, South Africa is looking at fraud from an “ACH or network perspective, rather than an individual participant perspective.” She added that South Africa have an “early version of Confirmation of Payee, far less sophisticated than what we’re seeing emerging elsewhere, but at least allowing you to say, this is who I think I’m paying.” Beyond this, Erling reiterated the importance of strict due diligence through Request for Payment (RtP), revealing that this has been South Africa’s biggest focus for a number of years.

“We’ve had central monitoring within the ACH environment that looks at potential fraud, but it’s only now with the release of our new ISO 20022 system that we’ve moved from being after the fact, to be in flight. What we’re doing now is we’re generating a score that the participant gets and then decides whether to follow the payment through or not. It’s very similar to what you would find in the card environments where there’s a probability of fraud given through to the paying bank,” Erling said.

By rolling this out across the faster payments and batch environments, the South African payments association can scrutinise the behaviour of the transactions with machine learning. Further, South Africa's National Payment System Department (NPSD) within the South African Reserve Bank (SARB) now mandates reporting of fraud, which Erling referenced.

She added: “We’ve watched what’s happened in the rest of the world and thought, we need to move now. Within that context, we think we’re detecting about 75% of fraud with a 5:1 false positive, which we’re hoping will come down as we start to get a bit more data to train the system.”

Canada

Kristina Logue, chief financial officer, Payments Canada, highlighted that the fraud landscape in Canada is no different to what is being seen around the globe. Logue considers Canada being a latecomer to real time payments as an advantage. Payments Canada were able to look at what other jurisdictions have rolled out, consider their experience with fraud, and in turn, meet regulatory mandates to “go live with certain fraud capabilities on day one of the launch of our real time payment system.

“Unlike other jurisdictions where it’s not mandated or is bolted on after the fact, on the day we go live, there will be four foundational fraud requirements. There’ll be Confirmation of Payee that will be mandated and rules will be set so you can choose your own CoP offering. There will be centralised fraud reporting, centralised risk lists, and centralised analytics,” Logue revealed.

Logue speaks to this months after the Canadian Bankers Association (CBA) emphasised that financial institutions cannot single-handedly address fraud. She mentioned that the problem of fraud extends beyond the banking sector and there is a need for a multi-stakeholder approach that involves consumers, the government, and other industries.

Shortly after this, the the CBA's anti scam alliance was established, which as Logue explained, is a “formal body that’s brought regulators, government, law enforcement, telcos, digital platforms, as well as financial institutions, around the table to talk about how to solve for this issue, for Canada.”

UK

David Pitt, chief executive officer, Pay.UK, shared that 40% of all crime is fraud-related in the UK and much of this is Authorised Push Payment (APP) fraud. Putting that in to context, the impact it has had on the industry is substantial and the UK took control of this systemic risk with a mandatory reimbursement scheme.

In October 2024, the Authorised Push Payment (APP) victim reimbursement scheme came into effect, under rules from the Payment Systems Regulator (PSR). The scheme means that payment service providers (PSPs) are obliged to reimburse victims of APP fraud, up to £85,000 – and PSR asks that the value of reimbursement be split 50/50 between the sending and receiving PSP.

Pitt believes that this was “probably the wrong way around reimbursement, but it forces [banks] to highlight detection and prevention to stop reimbursement. Further, the 50:50 liability split between sending and receiving banks will also have an impact on fraud detection and prevention, as more financial institutions will be mandated to take action.

The UK association also highlight the importance of collaboration and the role of data sharing in improving fraud controls.

New Zealand

Jane-Renee Retimana, general manager strategy and corporate affairs, Payments NZ, made clear that New Zealand does not run a central ACH or have any central infrastructure other than their central bank.

“A slight point of difference with us is we still run a distributed, bilateral clearing and settlement system. So, our coordination needs to be quite tight. We’ve got quite a big role in that from governance, rules and standards [point of view], and we look after everything from our high-value RTGS system, which is where all the fraudulent money leaves New Zealand, and the cross border channels through to our settlement system that is open every day of the year, 18 hours a day,” Retimana said.

With no settlement windows, New Zealand has put in place real-time pre-conditions as well as checks for fund availability before the payment occurs. New Zealand also does not have market reversals, so participant banks have had to establish fraud detection and prevention measures over time.

Retimana added: “That doesn’t mean we don’t have a fraud problem.” In fact, participant banks in New Zealand agreed to leverage the US Federal Reserve’s FraudClassifer as their reporting framework. This has helped New Zealand “get in front of some of the hysteria that’s created around what we desperately need in terms of monitoring and prevention solutions and focused our sights on where the big problems are. Maybe banks require a little bit more in their toolkit to be dealing with things coming through their accounts.”

Cheques are still a problem

Jane Larimer, president and CEO, Nacha, called into question how all four countries are “putting controls in place that are much more sophisticated. We’re talking about real time payments, and yet there’s still paper in the system, my friends, and something that we think about here in the United States. 20 years ago we had 40 billion cheques. We still have 10 billion cheques. We still have a lot of work to do here. But, as cheque volumes have been declining, we’re also seeing cheque fraud very much on the rise.”

Erling shared that in the 1990s, 80% of non-cash payments in South Africa were via cheque. “With the greater uptake of electronic payments, we’ve seen that decline, but we’ve had a number of other interventions that also played a role. When our real time gross settlement system came in, we put an item limit on cheques because there was an alternative route for wire.

“This was also considered risk mitigation because you limit the time between the clearing of the cheque and the actual settlement of the amount,” Erling exemplified. She also described how after Covid, volumes dropped dramatically and the timing of this suited South Africa because processing infrastructure had already been centralised and consolidated across banks in an attempt to keep that payment stream viable.

While Logue is curious if as real time payments pick up in terms of adoption, there will be a move away from cheques in favour of stronger prevention or detection controls, Pitt believes that removing cheques will not solve the fraud problem. It will merely move on to other systems.

Data sharing must be done, in whichever way

The panel went on to point out that strides need to be made across data sharing. There is value in data sharing, but there is evident fear around ensuring regulations are complied with. Pitt’s view is that “we’ve got to accept that fraud is not a competitive sport. It’s an ecosystem issue and therefore we’ve all got to work together to reduce it. As soon as you accept that, we need to get to where we’re starting from.”

He shared that Pay.UK entered into a data sharing agreement with nine banks that represent 50% of payments volume to leverage data and check for fraud. Using this data led to a 40% increase in fraud detection and a reduction of false positives from 12:1 to 5:1. Logue shared that in Canada, they are moving away from “creating that honey pot in the centre and using API calls to get the network effect of increased analytics without creating that centralised repository of data.”

Retimana also mentioned New Zealand’s Making Payments Safer programme which also looks at modernisation objectives in light of accelerating fraud. “We’re looking at putting them together before we do anything else. In terms of programmable payment instruments, instant payments instruments, whatever future innovation we have, we are putting in centralised board monitoring. We’re also looking at digital identity and our data strategy. We’re also using Maori data sovereignty principles as the ethics framework, […] putting individuals and their families at the heart of data strategy,” Retimana said.

Actions and what next?

Here’s a summary of the actions that the panel of speakers mentioned:

  1. Explore ways to improve digital identity and financial digital ID to help address fraud.
  2. Investigate the use of centralised fraud reporting, risk lists, and analytics at the network level for real-time payments.
  3. Coordinate with telcos, digital platforms, and other stakeholders beyond just financial institutions to combat scams and fraud.
  4. Implement mandatory fraud reporting for faster payments and leverage data to drive fraud prevention and detection.
  5. Evaluate the use of a fraud classifier or common taxonomy to improve fraud data sharing and reporting across the industry.

Channels

Comments: (0)

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.