Regardless of company size or industry, payment fraud is a growing risk for businesses around the world. The scale of the challenge cannot be underestimated – with a recent survey by the Association for Financial Professionals’ (AFP) finding that 71% of respondents were the victim of payments fraud in 2021.1
Data and intelligence are critical components of any fraud prevention strategy – allowing fraudulent transactions to be singled out, flagged, and prevented. Yet, ensuring companies have access to the type and breadth of data needed for these strategies to be effective is not always easy, with resource and privacy constraints representing key barriers.
At the same time, accuracy is an important factor, as manual intervention is required to determine whether a flagged payment is fraudulent, which takes up time and resources and prevents straight-through processing.
The task ahead for banks and their clients is, therefore, not an easy one. Institutions must strike a delicate balance between providing a toolkit of robust fraud controls and providing decisions that are accurate and quick enough for the 24/7/365 world of today. For many, collaboration could be the key to achieving this.
Picture the scene: a customer receives a seemingly legitimate invoice – requesting that funds be sent to a new bank account – from a bad actor purporting to be one of their service providers. Without controls in place to determine whether this is a legitimate request, the funds are sent to the fraudulent bank account.
So, what is being done to prevent fraud scenarios such as these? The first line of defense is data verification, usually in the form of binary yes/no answers to a set of pre-determined questions: Does this account exist? Who does the account belong to? Is the account on a list of blocked parties? Certain types of verification has been around for several years – for example, the automated clearing house (ACH) prenote uses a zero-dollar payment to validate if an account is open before debiting or crediting funds. Yet, while this can help to mitigate against costly returned transactions – an ACH prenote typically takes several days to wait for a potential return.
As real-time payments become more and more of an expectation rather than a nice-to-have, companies are having to balance fraud mitigation techniques with providing timely and competitive payment settlement. In response, banks and third-party providers have developed account validation services that can confirm both account status and ownership in real-time – providing a more in-depth picture of return history and account details.
The second line of defense comes after the financial institution processing the payment receives the request, but before it distributes the payment to the receiving account. By combining a variety of inputs, variable data services can develop a score-style judgement – uncovering anomalies and determining confidence levels. This can be achieved by defining a set of rules that reflect a companies’ typical business activity.
If a transaction is found to be anomalous against the pre-set parameters, it will be flagged to the company for manual intervention. For example, if a company typically sends a payment of $100 to a customer each month and the latest payment instead totals $100,000, the payment would be flagged, paused and the company will then be given the choice to either authorize or reject it. Data-driven services such as this can significantly reduce the number of false positives, which create unnecessary work for banks and their clients.
When fighting fraud, having access to the most reliable data and business intelligence available is critical – and two main sources are currently being leveraged. The first is proprietary data from within an organization or from their correspondent banking network and the second is wider industry data, from third-party companies.
To push the industry’s fraud defenses to the next level, however, greater collaboration is needed to ensure industry data is available to all. Shared data networks present an important opportunity to harness the power of data in a way that protects privacy, while enabling cross-border and cross-sector collaboration to solve shared challenges.
Such collaboration is already well underway, with BNY Mellon currently collaborating with Swift to develop strategies and technology solutions to combat fraud through the potential use of Artificial Intelligence / Machine Learning (AI/ML) models and Privacy Enhancing Technologies (PETs). Recent innovations in PETs offer new ways to derive intelligence from data owned by multiple parties – without violating the respective parties’ privacy and sensitivity controls – and without the data leaving its current residence. And as the two parties continue their collaboration, it is expected that the AI/ML models will grow in accuracy and reliability, and, ultimately, deliver additional benefits to our clients.
In addition, the Federal Reserve has also developed a publicly available Fraud Classifier Model, which helps to define the type of fraud that has occurred such that it can be more easily identified, standardized, and quantified in the future.
The inclusion of smaller institutions and organizations in data sharing networks will help to level the playing field across the industry – and help to create a more robust fraud prevention ecosystem. And it is the investments of larger banks, like BNY Mellon, in building networks – such as those with Swift and the Federal Reserve – that will drive the industry forward on this front.
But while data collaboration between multiple parties would be a “slam dunk” solution, it can only be successful if banks and third-party providers can overcome the data privacy obstacles involved. There are several different approaches to solving this challenge – from sharing without the data leaving its residence or masking the source of the data, to creating a decentralized data-sharing network using distributed ledger technology (DLT) or using double-blind machine learning frameworks.
Yet while several of these key questions remain, it is likely that the future fraud wars will be fought with a combination of standardization and interoperability. It is this approach, centered around collaboration, that will help to minimize vulnerabilities for fraudsters to exploit.
BNY Mellon is the corporate brand of The Bank of New York Mellon Corporation and may be used as a generic term to reference the corporation as a whole and/or its various subsidiaries generally. This material and any products and services may be issued or provided under various brand names in various countries by duly authorised and regulated subsidiaries, affiliates, and joint ventures of BNY Mellon, which may include any of the following. The Bank of New York Mellon, at 240 Greenwich Street, New York, NY 10286, USA a banking corporation organised pursuant to the laws of the State of New York, and operating in England through its branch at 160 Queen Victoria Street, London, EC4V 4LA, UK, registered in England and Wales with numbers FC005522 and BR000818. The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the US Federal Reserve and authorised by the Prudential Regulation Authority. The Bank of New York Mellon, London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon SA/NV, a Belgian public limited liability company, with company number 0806.743.159, whose registered office is at 46 Rue Montoyerstraat, B-1000 Brussels, Belgium, authorised and regulated as a significant credit institution by the European Central Bank (ECB), under the prudential supervision of the National Bank of Belgium (NBB) and under the supervision of the Belgian Financial Services and Markets Authority (FSMA) for conduct of business rules, and a subsidiary of The Bank of New York Mellon. The Bank of New York Mellon SA/NV operates in England through its branch at 160 Queen Victoria Street, London EC4V 4LA, UK, registered in England and Wales with numbers FC029379 and BR014361. The Bank of New York Mellon SA/NV (London Branch) is authorised by the ECB and subject to limited regulation by the Financial Conduct Authority and the Prudential Regulation Authority. Details about the extent of our regulation by the Financial Conduct Authority and Prudential Regulation Authority are available from us on request. The Bank of New York Mellon SA/NV operating in Ireland through its branch at 4th Floor Hanover Building, Windmill Lane, Dublin 2, Ireland trading as The Bank of New York Mellon SA/NV, Dublin Branch, is authorised by the ECB and is registered with the Companies Registration Office in Ireland No. 907126 & with VAT No. IE 9578054E. The Bank of New York Mellon, Singapore Branch, subject to regulation by the Monetary Authority of Singapore. The Bank of New York Mellon, Hong Kong Branch, subject to regulation by the Hong Kong Monetary Authority and the Securities & Futures Commission of Hong Kong. If this material is distributed in Japan, it is distributed by The Bank of New York Mellon Securities Company Japan Ltd, as intermediary for The Bank of New York Mellon. If this material is distributed in, or from, the Dubai International Financial Centre (“DIFC”), it is communicated by The Bank of New York Mellon, DIFC Branch, regulated by the DFSA and located at DIFC, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE, on behalf of The Bank of New York Mellon, which is a wholly-owned subsidiary of The Bank of New York Mellon Corporation. This presentation, which may be considered advertising, is for general information and reference purposes only and is not intended to provide legal, tax, accounting, investment, financial or other professional advice on any matter, and is not to be used as such. BNY Mellon does not warrant or guarantee the accuracy or completeness of, nor undertake to update or amend the information or data contained herein. We expressly disclaim any liability whatsoever for any loss howsoever arising from or in reliance upon any of this information or data. This material is intended for Professional Clients and market counterparties only and no other person should act upon it. The information contained in this presentation is for use by wholesale clients only and is not to be relied upon by retail clients. Not all products and services are offered in all countries.
The Bank of New York Mellon is regulated by the Australian Prudential Regulation Authority and also holds an Australian Financial Services Licence No. 527917 issued by the Australian Securities and Investments Commission to provide financial services to wholesale clients in Australia.
This material does not constitute an offer to sell or the solicitation of an offer to buy any products or services in the People’s Republic of China (PRC) to any person to whom it is unlawful to make the offer or solicitation in the PRC. BNY Mellon does not represent that this material may be lawfully distributed, or that any products may be lawfully offered, in compliance with any applicable registration or other requirements in the PRC, or pursuant to an exemption available thereunder, or assume any responsibility for facilitating any such distribution or offering. In particular, no action has been taken by the issuer which would permit a public offering of any products or distribution of this material in the PRC. Accordingly, the products are not being offered or sold within the PRC by means of this material or any other document. Neither this material nor any advertisement or other offering material may be distributed or published in the PRC, except under circumstances that will result in compliance with any applicable laws and regulations. Products may be offered or sold to PRC investors outside the territory of the PRC provided that such PRC investors are authorized to buy and sell the products in the offshore market. Potential PRC investors are responsible for obtaining all relevant approvals from the PRC government authorities, including but not limited to the State Administration of Foreign Exchange, and compliance with all applicable laws and regulations, including but not limited to those of the PRC, before purchasing the products.
Trademarks and logos belong to their respective owners.
© 2023 The Bank of New York Mellon Corporation.