Thu, Nov 07 2024
A significant issue facing the banking sector at the moment is the increase of authorized push payment fraud (APP). To address this, the Payment Systems Regulator (PSR) recently unveiled new laws on October 7. What effect will this law have on authorized push payment fraud?
The CEO and co-founder of Estonian RegTech Salv, Taavi Tamkivi, claims that the new law won't have a direct effect on fraud since, in his words, "fraudsters don't care about regulations, and they certainly aren't reading the legislation." Nevertheless, it will have an impact on businesses as they will now need to give fraud prevention more thought. Tamkivi expects that this pressure will lead businesses to begin addressing fraud.
However, Tamkivi thinks that the possibility of "friendly fraud" is one possible drawback. This occurs when somebody, who knew they had made the payment, fabricate a claim they were defrauded in order to obtain their money back. Since individuals realize it's a quick method to get paid, this might develop into a new kind of fraud—at least until banks can improve their safeguards against it.
Overall, though, the CEO of Salv thinks that while the new law won't directly address fraud, it should encourage banks and FinTechs to take more proactive steps by providing a financial incentive to do so.
For example, chargeback fraud forced us to make significant investments in technology, staff, and cross-industry cooperation in order to limit these losses during my time at Skype and Wise. Financial liability may encourage financial institutions to lessen fraud in this situation as well, Tamkivi added.
Being financially responsible may be a crucial component of your defense against financial fraud and crime. As an earlier illustration of how financial accountability has aided in the management of fraud, Tamkivi cited chargebacks.
"Fraud liability wasn't clearly defined in the early days of e-commerce—merchants, issuers, and e-commerce providers didn't have clear rules on who was responsible for losses," he stated. However, the establishment of financial culpability compelled retailers to take charge of preventing fraud, which resulted in new practices and technology that greatly decreased losses.
Banks and FinTech companies have the luxury of avoiding these expenses since they are not currently subject to the same obligation for quick payments. However, he explained, "the market tends to self-organize and get more efficient at fraud prevention when institutions have to cover fraud losses."
How could FinTechs be able to recover stolen money under these additional safeguards in light of the APP Fraud legislation?
"I'm not sure this legislation fully addresses the complex issue of recovering stolen funds," Tamkivi explained. It's unclear why one bank would be required to restore cash to another upon request, particularly when those monies have already moved via consumer transactions, and recovery between financial organizations isn't well defined. A organized recovery strategy with well-defined rules and procedures is required, akin to what is observed with chargebacks.
According to Tamkivi, financial institutions could have to self-regulate and establish a recovery procedure in the lack of clear legislation, perhaps with assistance from operators of speedier payment schemes. He went on to say that operators might assist in determining the appropriate time and reason for returns. But according to Tamkivi, this is still "murky" at the present.
Does Tamkivi think there is a chance to promote greater inter-institutional cooperation? He thinks that this is really important.
He said, "The likelihood of controlling the monies before they vanish increases with the speed at which fraud instances are discovered and shared throughout institutions. Sharing information with other banks, for example, when fraud alarms are set off at one bank, might assist stop those money from transferring to other accounts later on.
Imagine that the victim's account is held by Bank A, that the fraudster uses Fintech B as a mule account, and that Fintech C is a secondary tier. Fintech B may freeze the money before they reach Fintech C if Bank A notifies B in a timely manner. Even if the money gets to C, recovery may still be possible if C's fraud team gets involved in time. However, recovery becomes far more difficult if money enters decentralized or cryptocurrency regions, Tamkivi stated.
He goes on to say that while this inter-institutional cooperation differs from the official recovery procedure, it reduces the need for recovery altogether by preventing fraud at an early stage. The likelihood of a successful recovery is directly increased by excellent teamwork in fraud detection, he stated.
With the emergence of digital bad actors, there are still some significant opportunities and problems for real-time AML compliance. What are some of the potential obstacles and opportunities for businesses utilizing these technologies?
Since our product and the majority of our clients work in real-time, I find it hard to see a world without real-time AML as an entrepreneur. In order to identify suspicious activity, we are immediately monitoring transactions and consumer behavior and transmitting real-time data between banks. For us, this real-time strategy is currently standard procedure," Tamkivi stated.
It's interesting to note that larger institutions, particularly those with legacy systems, may find real-time AML to be a major difficulty, he continued. Transaction data may not be available for viewing for a day or two after it is stored in central databases by several of these organizations. AML procedures frequently operate offline, sometimes days after the transactions, because these systems need data harmonization. Therefore, real-time AML is more difficult for businesses with outdated technology, but it is simple for those with real-time data access.
Tamkivi said that improving the infrastructure to enable real-time data consumption is the true problem. "There is real-time AML software available, but for certain institutions, the data accessibility is just lacking. Newer companies like ours are created with real-time compliance at their heart, whereas older AML providers that were built for legacy systems haven't pushed for real-time processing," he added.
Does this imply that antiquated technology that cannot meet the pace required for real-time AML is impeding many institutions?
According to Tamkivi, "financial technologies themselves are evolving, with real-time payments, e-wallets, and open banking APIs becoming more common, regardless of existing infrastructure." Additionally, banks will need to implement real-time sanction screening in order to comply with the new SEPA requirement for fast payments. Institutions that are unable to handle their data in real-time will struggle to stay up with the rapid advancements in technology.
Does this imply that the SEPA payment law will be difficult to implement? Tamkivi is very much in agreement with this.
"More contemporary institutions can readily modify their systems to screen SEPA payments in real-time," he clarified. However, compliance will be far more difficult for older institutions whose technology does not handle real-time data processing.
According to the immediate SEPA guideline, banks risk severe fines if they are unable to process payments in less than 10 seconds.
Additionally, they must finish sanction screening checks in that time frame. Institutions are being forced to make difficult choices because of this need. Since immediate SEPA enables speedier payments but carries the danger of fines if the process doesn't match the new speed criteria or if screening procedures aren't precisely followed, some banks may choose not to provide it at all.
The predicament is comparable to that of PSD2, in which bigger organizations have to modify some aspects of their technology to satisfy strict regulations. However, this SEPA law has actual financial penalties, unlike PSD2, which makes compliance much more urgent. It's particularly difficult for banks, because data frequently takes longer to get to centralized systems, which delays AML procedures. If many banks wish to remain competitive in a financial climate that is becoming more real-time and compliance-driven, they will need to overcome this infrastructure gap, Tamkivi added.
A drastically altered terrain
Joseph Ibitola, growth manager at Flagright, believes that the restrictions would significantly alter the environment for financial institutions and scammers alike.
The financial industry has been plagued by APP fraud, he clarified, particularly as digital banking gains traction. These additional safeguards will bring much-needed accountability levels to a long-underregulated field.
Ibitola clarified that banks would now be held more accountable for compensating victims of APP fraud, which is one of the legislation's most important effects.
FinTechs and other financial institutions will be forced to strengthen their fraud prevention strategies as a result of the move from "buyer beware" to more institution-driven responsibility. The message is clear: protecting customers must come before their business line for banks and payment processors.
From the perspective of the Flagright growth manager, this is a difficulty as well as an opportunity. Meeting the stricter regulations without compromising user experience or raising operating expenses is a problem for businesses. FinTech companies have the chance to satisfy regulatory requirements and boost client trust by investing in sophisticated fraud detection technologies like AI-driven transaction monitoring and improved behavioral analytics.
"Speed is the key when it comes to recovering stolen funds," he added. FinTechs must improve their real-time transaction monitoring systems in light of these additional safeguards in order to identify fraudulent activity before to the complete transfer of funds. Cooperation will also be essential throughout the financial ecosystem. The likelihood of retrieving stolen funds can be raised by identifying suspicious activity early on with the use of shared databases and inter-institutional collaboration.
Ibitola came to the conclusion that the additional safeguards against APP scams represent a significant change in who is responsible for preventing fraud. Staying ahead of the curve is important for FinTechs, not just in terms of compliance but also in terms of technology that may stop fraud before it starts.
Protection against deception
The goal of the new protections, according to Harry Weber-Brown, commercial advisor at DLT Apps, is to lessen the impact of APP fraud and encourage the payment industry to make additional investments in fraud prevention. This goal was based on the analysis that nearly all high-value scams consist of several smaller transactions, which makes transaction limits less effective as a tool for managing exposure. According to PSR, this will sustain innovation and market rivalry.
Even while the true effects will undoubtedly become apparent in time, he stated that this should encourage banks and PSPs to improve their innovation and preventative measures as well as raise customer awareness. Additionally, the improvements will increase clarity and lessen the uncertainty that previously caused discrepancies.
How can FinTechs get the money back that was stolen? According to Weber-Brown, the PSR safeguards, which provide a minimal degree of security, make it simpler for FinTechs to recover their funds in the event that they fall victim to an APP fraud.
Within 13 months of making the illicit payment, the FinTech must notify their account provider of the APP payment. The majority of them should have their money back in five working days. He clarified that the FinTech will receive assistance from the payment provider during the procedure.
"If a FinTech is dissatisfied with how the payment provider handles their claim, they can take their case to the Financial Ombudsman Service, which has the authority to issue rulings up to £430,000," Weber-Brown added. Compared to the prior system, the safeguards represent a major improvement. The transmitting and receiving companies divide the refund expenses 50/50.
"As a FinTech using APP, the firm welcomes this and believes a reusable digital identity offers further defense against fraud by verifying account ownership," the DLT Apps marketing advisor continued.
"The Qkvin solution from DLT Apps gives clients from different organizations a single digital profile. This lowers fraud and eliminates redundant labor and procedures for the operations and compliance teams," he said.
The larger image
During COVID, APP fraud schemes increased dramatically as fraudsters sought out new methods to defraud users, according to Bryan Chapman, director of managed services at ACA Group.
"Regulators and state authorities in the United States have issued multiple warnings for these types of fraud," he added. The purpose of legislation is to support and combat fraud of any kind. However, criminals are frequently one or two steps ahead of everyone else.
According to Chapman, FIs and FinTechs must educate themselves on these new schemes and exercise caution when they occur.
It will be crucial to gather critical information while submitting a Suspicious Activity Report (SAR) to one's nation, including IP addresses, emails, phone numbers, and internet log-ins. When examining the bigger picture and making connections with these criminals, police enforcement will find this information useful. Additionally, since many of these schemes are speedy in nature and fraudsters want to empty a victim's account as soon as possible, it will be crucial to move swiftly," he said.
Greater responsibility
Emil Kongelys, CTO of Muinmos, stated that the legislation's introduction of accountability is one of its main features.
"The largest change is making the compensation plan mandatory instead of optional," he stated. According to the new APP Scam Protection Law, PSPs must have policies in place to stop or drastically cut down on APP frauds. The law encourages everyone to avoid frauds by requiring that the transmitting and receiving PSPs split the victim's loss equally. This encourages the use of efficient countermeasures, including sophisticated KYC/AML transactional monitoring and intervention systems, which should reduce the frequency of frauds.
Kongelys clarified that the new law does not alter the procedure for retrieving stolen money in spite of this. PSPs will have to pay back victims for this, after which they will try to get the money back from the beneficiary. He claims that in order to guarantee the validity of transactions, additional work will be needed before the actual transfer is completed.
Leave a Comment