The growth of the global economy may have slowed recently, but don’t expect the business payments industry to miss a beat. The drive toward payments systems modernization, or digital transformation as some call it, is still on. However, I would argue that the urgency of the business case for modernization has changed. It’s not just about payments anymore. Payment systems modernization is having its reckoning with fraud and financial crime.
The way I see it there are three drivers behind this urgency.
First is the continuing lag of companies that are still operating legacy payments systems on-premises, which are expensive to maintain and cause potential security risks if the latest software release or security patches are not installed.
Second: Speed. Real-time settlements and instant payments, and the ability to secure them, depend on a scalable digital infrastructure supporting the required bandwidth and capacity to handle an exponential increase in speed and data.
Third: ISO 20022 native message formatting carries with it rich information sets that can help in the fight against fraud. Or look at it this way, your first smartphone probably came with new bells and whistles, discounts and a good dose of cool factor. But what if you hung onto that smartphone long past its ability to handle software updates? And what if that old phone had a cracked screen and you kept putting off its repair?
You probably wouldn’t do that. Whether you’re an IT leader or a fraud investigator, you have a stake in moving past the old version of your payments and fraud infrastructure. To quote Bottomline’s most recent Payments Barometer report, which surveyed 1,600 finance leaders in both the US and Great Britain (GB), security and fraud prevention are in the top five drivers of change (2 in US; 5 in GB) for 2022. In GB, 29% of respondents had been impacted by fraud, compared with 37% in the US.
Innovation and risk
Payment systems modernization either represents innovation for companies that have not yet started their digital journey or want to continue it. Either way, criminals match that speed of innovation, viewing it as an opportunity rather than an obstacle. So, it's critical to remain a step ahead. Fraudsters are more than happy to keep coming after your vulnerabilities due to outdated software. They’re constantly looking for new ways to hack real-time and instant payments as well as their associated settlements.
So let’s revisit my three drivers of change in payments systems modernization as they relate to fraud, with a look at the trouble that can arise for the unprepared:
- Legacy/OnPrem systems: Legacy payments systems are expensive to maintain and upgrade. Some software versions may no longer be supported by the solutions provider and updates are not provided. Security patches to fight new fraud vectors may not be compatible with older installations. An example of a critical vulnerability incident was found recently in Log4j, an open-source logging library commonly used by apps and services across the internet. Bottomline was able to resolve it for its customers through a security patch before attackers stole passwords and logins, extracted data, and infected networks with malicious software. Software updates, by the way, may address new fraud typologies, best practices, regulatory requirements, or industry standards.
- Real-time payments and settlements: Whether you call them real-time, faster or instant payments, this innovation is finding traction. Again from the 2022 Payments Barometer, 60% of companies in the US are using them, trailed by 48% in GB. For systems that have moved to the cloud, a hybrid cloud or another digital infrastructure, real-time payments need to be matched by real-time fraud detection and prevention. The speed of the payment is the main value prop. Another is confirming funds are being sent to the right person/organization (confirmation of payee) to prevent certain types of authorized push payments fraud as well as misdirected payments. However, fast means forever. Real-time payments are irreversible. Without a modernization approach, your fraud investigation team will be left with very few recovery options and your IT teams will need to deal with higher security and vulnerability risk.
- ISO 20022: ISO’s structure includes so much data that companies who are moving past simple adoption and into the more advanced “native” phase will create a whole new data ecosystem. It will also demand a new approach to fraud analytics. Decision engines, risk assessments and alert thresholds will need to be reconfigured to work within milliseconds.
The Bottomline: The fix is in the cloud. Cloud-based software infrastructure – even hybrid cloud that takes a more modular approach – is no longer a nice to have for business payments and securing them. It’s a must. Cloud-based technology updates seamlessly, provides access to new features, scales easily and allows your company to move at the speed of payments as well as fraudsters. Payments systems modernization is fast approaching its intersection with fraud defenses. Companies who are prepared for that intersection will be driving through in a race car. Don’t be the company that drives through in a broken-down rust bucket.