As payments processing continues to move toward real-time settlement, what does this mean for fraud prevention? Do the smaller approval windows mean the attack surface for fraudsters grows? And how can processors tackle this challenge? We discuss this, and more, in the latest FinTech Podcast with John Dunne.
Subscribe to hear more or follow us on SoundCloud and iTunes
Transcript
Scott: As consumers demand more accessibility to real-time payments, the concern for fraud also increases. John Dunne, Vice President of Products for IR joins us. John, does the fraud risk increase with more usage of real-time payments?
John: Yeah, definitely. So today, when a payment is received, there's an element of fraud detection as the payment is received and there's authentication given. But there's only so much fraud detection that you can do in that real-time window. And today, fraud detection engines have a lot of logic behind the scenes to process rules in real-time. But also to not process those expensive rules potentially when there's a lot of transactions happening. So as an example, if it's black Friday shopping and my payment switch that's normally running at 50 transactions a second is now running at 300, the governance will kick in and it will probably just say, anything under $100 we're not worried about real-time fraud detection. They can do that because there's still batch processing that happens at the end of every day and additional fraud analytics can be assessed at the time of those batches being processed. So, when you move to a real-time model, the settlement is immediate. There's typically a six second SLA on approving a payment and whether that's a peer to peer transaction or it's somewhere between a consumer and a retailer, in that six second window you have to decide are we going to allow this or are we not? And you can't have fraud rules that are overly complex to process within that six second time to make that decision.
Scott: So as the usage of this increases, we see more and more real-time payments, what as you look worldwide what are some of the laws, legislation, and regulation you see evolving to address some of these concerns?
John: Yeah, well definitely there's a move towards the consumer or the cardholder for example being part of the fraud prevention mechanism. And there's no better example of that than in India, where it's mandatory by law that when you use your credit card you receive a text message letting you know that your credit card's been received. And, I have that set up for my cell phone on a couple of cards I have and it's nothing more satisfying than for me to be at a store and they swipe my card and before they've given me a receipt to sign, I've got a text message or a push notification on my phone letting me know that a transaction's gone through. They haven't fat fingered the keypad. The amount is the amount that I was expecting to pay and I can sign away. And just the same as there's nothing more frightening when you get one of those text messages when you're asleep in bed or you're sitting at your desk tapping away and it's letting you know that your card's being used to fill up at a gas station in a country you've never been to. You know instantly that you've got a problem and you can take action straight away to shut that down before something that is, you know, may have gotten away with once but you can lock that down before it can be exploited in real-time and all your funds drained.
Scott: Of course, one of the ways to help mitigate fraud a little bit is uniform technology, agreed upon standards, that sort of thing. Are we there yet when we look at this ecosystem across the world?
John: You know; the text message is at the moment the ubiquitous way to get the cardholders or the account owners into the ecosystem. I think we'll see that progressing. As the infrastructure within payments environments evolves and more and more payment hubs are deployed where the payment hubs can have complex orchestrations involving multiple communication channels so send a text message, configure a push notification, they're very simple to configure in an orchestration engine different ways to interact. I think we'll certainly not see so much ubiquitous technology at the consumer end but certainly standardized technology that will be in the payments world that will be able to connect out via whatever is the most appropriate mechanism for that particular account holder.
Scott: Sounds like now's the time for innovation in this space.
John: It is a very hot market. If you look in the space of where orchestration engines and payment providers are, there's a handful of players. You can count them on one hand. And you know, it is a death match right now between all of them to take market share. And you're talking about organizations like Clear2Pay, recently acquired by FIS, Distra which was acquired by ACI, Fundtech is in there and then there's sort of tier two players like Intellect. So the market opportunity for this is right now but getting these systems in place does take time.
Scott: Take control of your payment environment. To learn more, visit IR.com.
