David Worthington, VP, Payments at Rambus
Since the 1980s, momentum behind real-time payments (RTP) – also known as faster or instant payments – has grown at an accelerated pace, because of its benefits to both consumers and businesses. Estimates currently suggest approximately 35 countries, including Switzerland, Taiwan, India, China and the UK, have implemented or are developing RTP schemes.
With the European Central Bank also suggesting that cash payments cost up to €65 billion across its 27 member-states (data predates the joining of Croatia in 2013), the attraction of RTP becomes more evident.
But it can’t be that straightforward, can it?
Challenges facing RTP
In a word, no. As where money goes, fraud follows. The ability to move money quickly allows criminals to circumvent traditional checks like the identification of out-of-pattern activity, ACH block services and manual reviews.
For example, manual reviews exist in a world where payments are governed by a three-day approach to clearance. Since RTP exists to execute transactions in seconds, this protocol has been made redundant. Fraudsters recognize this and are ready to exploit any vulnerabilities when RTP schemes go live.
All of this makes invoice, account-take-over and application fraud, that much easier.
Fraud from around the world
In 2008, ‘Faster Payments’ was launched in the UK. The objective of the scheme was to reduce payment times between different customer accounts, from three working days to typically a few hours. In the three years following the scheme’s introduction however, fraud tripled with a 132 percent spike in the first year alone.
Reasons for the rise include a combination of criminals being innovative, organized and prepared; and banks trying to play catch-up.
High levels of associated fraud are not restricted to the UK. In the USA, for example, PwC noted that some of its clients experienced a 90 percent fraud rate following the introduction of Zelle in 2017.
Mitigating the impact of fraud
Central banks and clearing houses must be proactive in mitigating the impact of fraud in-line with their adoption of RTP systems. To achieve this, they should consider payment account tokenization.
Tokenization is the process of replacing unique sensitive information or data with a non-sensitive equivalent, otherwise known as a token. As it cannot be used by fraudsters if stolen, it reduces the impact of data breaches and protects transactions, without consumers or businesses having to alter their behaviour.
Fundamentally, it removes the need to store the raw data of sensitive account information, reducing potential fraudulent returns.
What’s more, tokenization provides additional security for payments via set control parameters. If a token can only be used with a particular merchant, for a specific purpose, or has a set value limit; they become even less appealing to fraudsters.
Tokenization has already been successful in mitigating in-store and retail fraud and has been embraced by all major payment systems and digital wallets. These successes can be transferred to RTP schemes.
Faster and safer payments
As with any new payment initiative, there are going to be teething problems. RTP have experienced their fair share of fraud to date but by integrating tokens into the RTP process, banks can mitigate the impact of fraud, saving them money while protecting customer and business confidence.