What happens when payments are as easy and immediate as sending a text message? While the digital opportunities of Australia’s new super-fast payments system are exciting, its speed may also increase the potential risk of fraudulent transactions. The NPP (New Payments Platform) isn’t more vulnerable to security breaches, but banks will no longer have the luxury of time to detect and respond to fraudulent or suspicious transactions.
And that’s why Australian financial institutions are already preparing for NPP – by shifting their risk focus to planning and prevention.
The NPP is a platform that enables real-time clearing and settlement for simple or complex payment solutions, between two people or between many. When it launches next year, almost all Australian bank account holders will be able to make and receive payments in seconds.
The promise of bank transfers clearing almost instantly – even on bank holidays and weekends – is alluring for consumers, business and government. But when payments happen faster, there won’t be time for our tried and tested detection processes. Based on the UK’s experience with its Faster Payment Service, the most common risk is likely to be social engineering scams, where fraudsters convince a customer to make a payment by posing as a trusted brand. Account compromises and mule accounts (for money laundering) are other possible fraud issues.
Any financial institution connecting to the NPP will need to have real-time fraud detection and response controls in place.
As one of the primary architects of the NPP, Cuscal is working with more than 30 financial institutions to securely connect to this game-changing banking infrastructure. Here are four ways we’re working with our clients to get ready.
1. Preparing for PayID verification.
Forget BSBs and account numbers – with the NPP, bank accounts can be linked to the customer’s email address or mobile phone number. Easier to remember, these PayIDs are directly associated with the actual account name so there’s less risk of paying the wrong person. While this will help ensure payments go to the right place – it will also impact current payment verification protocols.
Financial institutions are responsible for registering customer information in PayID, and may be liable for any loss that results from incorrect or fraudulent data input. That’s why the account name associated with the PayID is an important control checkpoint and one banks need to pay particular attention to.
2. Setting strong controls for detail changes.
Every PayID can be changed – for example, if a customer gets a new phone number – so banks are setting up new control processes to ensure customer detail updates are verified. Participating financial institutions can also set their own customer transaction limits.
Reassuringly, the NPP solely focuses on actively authorised payments: every payment must be approved by the account holder so there is no assumption of authority (as there is with direct debits or can be with credit card payments). This protection complements the strong authentication procedures that banks have in place when updating account details, as knowing the account number is not enough for a fraudster to access someone else’s account.
3. Sharing knowledge.
Typical customer payment patterns are critical for fraud prevention, and Australian banks already have good visibility of this data. By working with Australian financial crime investigation and enforcement agencies, institutions are able to quickly identify scams and other fraudulent activity.
Financial institutions can supplement this shared knowledge with additional layers of real-time fraud monitoring. At Cuscal this includes a specialist fraud monitoring team, AI-enabled pattern recognition and data analysis and integration with the NPP’s inbuilt fraud detection capabilities.
4. Educating customers.
Changing habits is always hard – so to establish trust in the security of this payment platform, financial institutions are investing in ongoing education programs. As well as helping Australian consumers and businesses select and manage their PayIDs, they are building awareness of current scams, how to report fraudulent transactions, and how to protect their identity.
Our digital economy never sleeps – but neither will fraudsters. To ensure the NPP doesn’t open the door to a new scam opportunity, Australia’s financial institutions are already preparing for this latest wave of payment innovation.
Learn more about preventing fraud in a real-time world.
By Nathan Churchward, Senior Manager, Payments