Protecting the personally identifiable information (PII) and financial data of your customers is essential to retaining them, their funds, and your reputation. However, as the speed of payments and innovation around them accelerate, so do the activities of bad actors. Technology fuels innovation, but it’s also fueling financial crime. Today, it’s common for financial criminals to band together, syndicate their efforts and share information broadly through the power of technology. This helps scale not only their efforts but their effectiveness. It means that whether you’re a large financial institution or a small business, you share in common being a target of those efforts.
And with the enriched data messaging capability inherent to the ISO 20022 payments standardization, it’s never been more important to evaluate your fraud prevention strategy. Ideally, your payments fraud platform should proactively detect all forms of fraud, across all payment types. Understanding the difference between authorized and unauthorized payments fraud is also critical to building a strong defense.
Types of fraud
Authorized fraud occurs when a payment is approved by the originating organization. Though appearing to the bank as approved, these payments are pirated through three main tactics:
- the approver is duped by a 3rd party into thinking the payment request is legitimate (e.g. business email compromise).
- the approver knowingly acts in an unlawful criminal manner (e.g. embezzlement).
- or the approver intentionally modifies payment information to redirect funds (e.g. exploited credentials).
These types of transactions are difficult to detect because they appear to be, well, authorized by the payee.
Unauthorized fraud is less subtle in that whole accounts are taken over through compromised credentials, or payment information is counterfeited through data breaches or identity theft. Information gained from a successful data breach or identify theft incident can be highly lucrative for the criminal, whether using it to control accounts, or selling it on the dark web. This type of fraud can often go undetected until widespread damage is done.
Now that we have a better understanding of authorized and unauthorized fraud, when developing a prevention strategy it’s also important to see the commonality – both types of fraud involve some form of identity/account exploitation. This provides a clear starting point.
Protecting digitized personal and financial data is critical to safeguarding transactions. To be successful in thwarting emerging threats, organizations will be well-served to keep the following in mind:
- Implement detection technology that is dynamic and agile to navigate the ever-shifting landscape of faster payments.
- Make sure that technology can recognize the difference between a legitimate transaction and a fraudulent transaction in real time, and across each mile of the payment journey.
- Use the latest available in automation to accurately analyze the increasingly rich data that travels with payment transactions.
- Adopt a platform that uses machine learning to ‘understand’ user behavior and detect anomalies in those patterns to stop fraud attacks before they happen.
Keeping these landmarks in view when developing your fraud prevention strategy will help your customers, and their funds, reach the intended destination and stop more of those never intended.
For a closer look at how to build out a successful fraud prevention strategy, download the full executive brief, “Authorized and unauthorized fraud in the era of payments innovation”.
For further insight into the payments and banking industries, subscribe now and stay up-to-date on the latest tips, trends, and topics. You can also check out The Payments Podcast, where experts engage each other on the real world factors impacting the payments and banking industries.