As Australian financial institutions adopt the New Payments Platform (NPP) this year, explore the benefits and the risks associated with establishing and maintaining faster payments, in particular, the security risk around fraud.
As Australian financial institutions adopt the New Payments Platform (NPP) this year, much of the focus has been around the new billion dollar infrastructure and the benefits banking customers will enjoy. What is unclear are the risks associated with establishing and maintaining faster payments, in particular, the security risk around fraud.
While several countries have rolled out faster payment schemes like NPP, it is difficult to obtain relevant data to identify fraud directly related to the new schemes. Notwithstanding, there are still valuable lessons that Australia can learn from the United Kingdom’s adoption of faster payments almost a decade ago.
As the UK financial sector prepared for faster payments in 2007, there was a lack of understanding around the kind of fraud the banking community needed to be wary of, and as a result, fraudsters were able to take advantage. According to Financial Fraud Action UK1, online banking fraud jumped 132 percent year-on-year to 52.5 million pounds in 2008, the year faster payments was implemented.
In hindsight, the UK banking community could have been more proactive by exploring how fraud works and the areas of vulnerabilities in the banking system at the time. For example, industry could have been more switched on to the increase in mule accounts being opened in the lead up to implementation of faster payments, as well as increases in phishing and personal detail harvesting.
The UK banking community could have also studied which malware was changing hands, what that malware was after and which customers were most vulnerable, so the banks could have better educated them on the steps to take to protect themselves.
Successful adoption of faster payments
With the benefit of hindsight and lessons learned from successful adoption of faster payments in other countries, as well as improvements in technology used to identify and prevent fraud, industry observers do not expect a similar spike in online banking fraud when Australia adopts NPP later this year.
However, if criminals find that Australian financial institutions are not responding adequately to any uptick in online banking fraud, Australia could be seen as a soft target and fraud could subsequently spike.
Banks will need to look at their customer treatment and journey, recognising that vulnerability is end-to-end. But while a strong two-factor authentication is important, customers prefer a light touch when it comes to the user experience.
As for system-wide solutions, financial institutions should also implement a real time transaction monitoring solution, which is scalable with sophisticated analytics, that vendors like BAE Systems can provide. This is particularly effective in understanding what is happening and who is affected, so the affected bank can then take steps to resolve the issue.
1 Retail Payments Risk Forum Working Paper, Federal Reserve Bank of Atlanta, May 2016