Need for speed, security must coexist in RTP

Consumers always want more speed and expect security to always be top notch, but traditionally there has been a trade-off.

More of one meant less of the other.

In the latest discussion on the agenda, a trio of fraud-fighting financial services executives told PYMNTS that consumer-enabled data and deep analytics — as well as data sharing between financial institutions (FIs) – are what is needed for a better and frictionless future.

Panelists included Chris Davey, vice president of early warning product management, Jen Martin, head of fraud operations at KeyBank, and Brian Munsterteiger, vice president of the Enterprise Fraud division of Randolph-Brooks Federal Credit Union. .

On a high level, real-time payments are all the rage lately. But the faster the payments, the old saying goes, the faster the fraud.

Ensuring the success of account-to-account (A2A) transactions, regardless of the use case, is essential to bring real-time payments to the forefront, so that they are more widely adopted by consumers and businesses. who serve them.

Knowing who is on each side of the transaction is essential, but verifying identity can be a daunting challenge. Authentication and identity verification is not the job of a single bank or individual payment provider, but rather an aggregate of all contributing FIs.

“Coming out of the pandemic, customer demand is absolutely there,” said Martin of KeyBank.

But at a high level, real-time payments are akin to handing someone money. If you don’t pay attention to the security of all this, well, that money can be gone in a second.

The most effective lines of defense are knowing that the person submitting the payment – ​​or logging into an online bank account in the first place – is who they say they are.

Early Warning’s Davey said a consortium approach is one in which fraud risk can be measured across a network, rather than just from the perspective of an individual bank or entity.

“From my perspective, as we look to the future, the idea of ​​connecting nodes and really understanding the identity of people who want to transact and use digital payment mechanisms like time-based payments real will be essential,” he said.

These combinations of attributes and nodes can be shuffled to identify transactions that appear high risk, and that alert can be sent back to banks to address that person or entity, he said.

Beyond focusing on the payment itself, FIs should focus on the behavior of individuals, where they connect and uncover anomalies, he said. This level of insight, aided by advanced analytics, can go a long way in eliminating the one-time password and passcode (which can already be easily bypassed by fraudsters).

Panelists were somewhat lukewarm about the prospects for facial recognition’s place in the identity verification pantheon. This methodology can be a bit intrusive, they said, and can be increasingly ignored in favor of options like fingerprint-based IDs that can be used with most devices, which in turn will become de facto authentication mechanisms.

The regulatory landscape

As is always the case when identity, data and privacy come into play, there is the question of who should regulate and to what extent regulation is enough or too much. Panelists agreed that controls need to be in place – through know-your-customer (KYC) requirements, for example – that provide at least some confidence that there can be relatively higher assurance with real-time payments.

Martin argued that there must be a “minimum threshold” for authentication. It’s a bit tougher hurdle here in the US than in Europe, mainly due to the fact that there are thousands more institutions in the US than in Europe.

“What you know about your customer and what I know about mine is what makes some of the fastest payments work so well in Europe,” she said.

The banks have the data

Munsterteiger said there is more data available with US financial institutions and data sharing could be used to the benefit of FIs. This data may also be shared with law enforcement (as the Randolph-Brooks Federal Credit Union does) to perform deeper dives that can identify trends.

Looking ahead, the leadership trio told PYMNTS that we will be able to conduct frictionless transactions because identities will be verified and consumers will be in control of their data and information – rather than entrusting sensitive information to a third party (or parties).

Banks will remain a trusted place to interact and therefore be a key identity holder, and they can create interoperability between trusted networks.

Davey said, “I don’t think anyone necessarily trusts Facebook with their identity at this point. … Consumer-authorized identity is the trend we’re going into, and it’s an important place to invest time and effort.

Consumers are demanding control of their data across a number of industries, allowing data that can in turn be stored in digital wallets, and the trend is set to continue

Martin noted that banks have insight into the behaviors and spending habits that can be so powerful in the area of ​​fraud prevention and that education is key in fighting fraudsters and scams.

“The more we can educate and inform customers and detect these abnormal behaviors, well, that really starts to systematically stop fraud,” she said.