Telling good transactions from bad is tough when customers are scammed into validating fraudulent payments. In the Authenticated Payments Report, HSBC’s Drew Douglas explains how financial institutions can use artificial intelligence (AI)-powered analytics and customer-facing transaction notifications to avert these social engineering attacks.
Payments fraud is a perpetual threat for banks, businesses and payments providers, with 74% of organizations falling victim to some type of payment scam last year.
These scams most commonly target checks and wire transfers, but fraudsters are now adopting new techniques to target digital payments. Payment fraud losses are expected to total $206 billion over the next four years, with firms expected to spend $11.8 billion annually on fraud prevention by 2025.
One of the most pervasive threats in the payments space is phishing, according to Drew Douglas, North American regional head of Liquidity and Cash Management at HSBC. While fraudsters deploy an assortment of schemes to stage payments fraud, phishing is one of the most successful, despite customers’ familiarity with it.
“Crime is such a complex area, and people are constantly finding new ways [to perpetrate their schemes],” Douglas said in an interview with PYMNTS. “But it does really hurt our customers, and our customers’ customers, more when they fall prey to something that is a little more well-known and advertised in the industry today.”
Putting a stop to phishing and other forms of cybercrime relies on stringent payments authentication along with the strong controls implemented by clients and other players within the ecosystem.
Payments Fraud Threats and Analytics-Based Solutions
Many forms of payments fraud are immediately detectable, but one aspect that makes phishing scams unique and difficult to detect is that they appear to be legitimate, fully authenticated transactions.
“A terrible thing for our customers is phishing, where someone in a company feels they have a trusted internal instruction and they execute a trade that for all intents and purposes is digitally authenticated,” Douglas said. “We want to get our clients’ payments there as fast as possible, but the downside of that is that money can move out very quickly from the destination account.”
The key to stopping this type of fraud, Douglas said, is to monitor transactions on the back end for suspicious behavior that does not align with customers’ typical activities. When a specific type of fraud is identified, it is not widely communicated to keep bad actors from learning and undermining security measures, but artificial intelligence (AI) plays a key role in finding unusual and potentially fraudulent behavior.
“We do look to monitor unusual activity for customers like unusual [transaction] sizes, and we have worked with customers when we see things of that nature and stop payments,” Douglas said. “We’ve invested in artificial intelligence that can monitor the types of activity that are usual for customers. If the customer has had a lot of history with a bank, that becomes easier to do than for a new customer.”
Back-end transaction analysis is just half of the solution to fight fraud, however. Preventing phishing and other types of payments fraud also requires customer-facing notifications and authentication requirements that can ascertain whether each transaction flowing in and out of their accounts is legitimate.
Notification Solutions
The other half of HSBC’s payments fraud prevention system relies on automatically notifying customers whenever their preferred payment method is used, giving them a chance to notice payments fraud if they get a push notification they did not expect. This can be especially handy for automated payments, which some fraudsters use to steal funds without customers noticing.
“If someone wants to auto-debit your account, many of our clients want to give them permission,” Douglas explained. “We have robots in the background that send the client a message that says, ‘Do you really want this person to debit your account?’”
This might seem like an intrusion to customer privacy and seamless payments, but it turns out that customers appreciate having control over such authentication procedures as it gives them peace of mind.
“Choice is everything,” Douglas said. “If your phone dings and says your personal card was just debited [and] it’s not your [charge], you get on it really fast. But it doesn’t bother you that it just told you that you were at CVS and, you know, spent $20.”
Customers are more likely to be loyal to institutions that help protect them from fraud and keep them in the loop on potential threats. Banks that lack such fraud prevention solutions could not just lose funds to fraudsters, but could also have customers abandoning them in droves.