Blog Posts Process Analysis

3 Things Banks Can Do to Tackle Push Payment Fraud

Blog: Enterprise Decision Management Blog

Phone with hacked sign

In August, the UK’s Financial Ombudsman joined the debate on authorised push payment fraud. They argue that banks are not taking enough responsibility for this kind of fraud and say banks should not take the default position that their customer has been negligent. This follows the announcement by the Payment Services Regulator that they intend to require banks to compensate their customers in some cases – the consultation paper on their proposal is due out soon.

The pressure for banks to tackle push payment fraud is mounting – and even if liability isn’t transferred wholesale to the banks, the scope for bad publicity and loss of reputation is significant.

While industry bodies look to redress the balance between bank and customer, it must be remembered that the banks are victims as well. Clever fraudsters have a wide variety of increasingly sophisticated techniques and technology to help them commit these crimes. They have access to a real-time payments scheme which means they can access the proceeds of their crimes and quickly remove them out of the reach of law-enforcement.

Banks are not powerless to tackle the issue. In addition to the measures suggested by regulators and industry bodies, here are three areas they can focus on:

1. Transaction Risk Analysis 

For many years card issuers have deployed real-time transaction risk analysis for credit and debit cards. There is a wealth of functionality available to them through solutions such as the FICO Falcon Fraud Platform. This same technology can be effectively deployed to assess the risks inherent in push payments. While some banks already use transaction risk analysis for push payments, to be truly effective in stopping this fraud they must:

2. Standardised Reporting

It is generally true that if you’re not measuring then you will struggle to improve. Even if you are improving without consistent and regular reporting methodologies how will you know?

Reporting authorised push payment fraud was given additional impetus when UK Finance included rates in their 2017 report for the first time. The European Banking Authority has also tackled reporting for authorised push payment fraud in their PSD2 Fraud Reporting Guidelines. They lay out a framework for the consistent and mandatory reporting of fraud and include the reporting of fraud that involves ‘manipulation of the payer,’ in other words authorised push payment fraud. To stay ahead of the fraud and satisfy the regulator, banks must focus on how they report this fraud as a matter of urgency.

3. Mutual Authentication

A significant proportion of authorised push payment fraud happens when fraudsters trick their victims into believing that they are their bank. The techniques used are sophisticated and include spoofing of emails and SMS messages so that they look genuine – even to the wary.

As the Financial Ombudsman notes, it is not possible to lay the blame on customer negligence in such cases. The protocols by which customers authenticate themselves to their banking providers are established and consistency will be enforced through regulation such as PSD2. The protocols that banks use to authenticate themselves to their customers are by contrast inconsistent and poorly understood. This allows fraudsters to get their foot in the door and commit their crimes.

It is not an easy nut to crack, but the proliferation of these kinds of fraud means that it must be addressed. While an effective, industry-wide approach may be the best way forward, in its absence Individual banks can still act. They should look to provide consistency in their outbound customer communications and have standard and well-understood procedures by which they prove who they are.

Once they have policies in place to address how they authenticate themselves to customers, it is vital to educate their customers about it and apply it consistently. It is not just the fraud department’s responsibility – unsolicited sales calls to customers that proceed to ask the customers for security information must not happen unless the bank has first reliably proved who they are to the customer.

The pressure to tackle Authorised Push Payment fraud is coming from industry bodies, consumer advocates, regulators and customers. Banks that can tackle it will have a competitive advantage; those that don’t there will be continued bad press, loss of reputation and increased scrutiny from the regulator.

The post 3 Things Banks Can Do to Tackle Push Payment Fraud appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples