Surveys & Market Data
SINGAPORE — January 22, 2020
- 4 out of 5 Asia Pacific banks (78%) say the introduction of real-time payments platforms in their country has resulted in increased fraud losses
- Additional identity and authentication technologies are needed with social engineering named by 2 in 5 banks as the number one form of attack by fraudsters
- 91 percent of respondents believe that convergence between fraud and compliance will improve the ability to stop criminal behavior for real-time payments
More information: https://www.fico.com/en/products/fico-authentication-suite
The proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks. Silicon Valley analytics firm FICO recently conducted a survey with banks in the region and found that 4 out of 5 (78 percent) have seen their fraud losses increase.
Further to this, almost a quarter (22 percent) say that fraud will rise significantly in the next 12 months, with an additional 58 percent saying they expect a moderate rise in fraud.
“While the convenience of real-time payments is great news for customers, increasingly, banks have zero time to clear a transaction or payment. AI can’t slow down the clock, but it can help create systems that are radically quicker to recognize a transaction that smells likely to be fraudulent,” said Dan McConaghy, president of FICO in Asia Pacific. “Banks will need to move beyond passwords and OTPs and add biometrics, device telemetry and customer behavior analytics to keep up with the changing payments landscape.”
When asked which identity and authentication strategies they used, the majority of APAC banks have a strategy of multifactor authentication (84 percent). They increasingly use a wide range of authentication methods including: biometrics (64 percent), normal passwords (62 percent) and in last place behavioral authentication (38 percent). Interestingly, nearly half of the respondents (46 percent) are currently only using 1 or 2 of these strategies, potentially leaving them more exposed to attack vectors such as identity theft, account takeovers, cyberattacks.
“Why try to crack a safe when you can walk in the front door?” explained McConaghy. “Criminals are trying to fool banks into thinking they are new customers or stealing account access by tricking people into making security mistakes or giving away sensitive information. When they are successful, criminals are making use of real-time payments to move funds quickly through a maze of global accounts.”
The survey bore this out with 40 percent of banks in FICO’s survey naming social engineering as the number one fraud concern when it comes to real-time payments. Account takeovers were ranked second, with false accounts and money mules also rated as problems.
New forms of biometric, multifactor and behavioral technologies allow banks to stop payments being made, even if an account appears to be using the correct but stolen password or entering the right, but intercepted, one-time-password.
“Beyond this type of account take over, we also have authorized push payment fraud, such as when a customer is tricked into paying what they think is a legitimate invoice like a fake school bill or payment to a tradesperson,” said McConaghy. “This type of social engineering is harder to stop but better KYC, link analysis to find money mule accounts and behavioral analytics to flag new accounts for a regular payee, are all examples of how to tackle it.”
Further to stopping fraud in real-time payment platforms, crimes such as drug trafficking, human smuggling, tax evasion and terrorism finance are also attracted to the irrevocable nature of instant payments. The lack of visibility between jurisdictions has seen regulators encouraging banks to move quickly in this cross-border payments space to ensure payments are compliant and secure.
In terms of mitigating this criminal behavior, more than 90 percent of APAC banks surveyed thought that convergence between their fraud and compliance functions would be helpful in defending transactions on real-time payments platforms.
“We estimate that there is about an 80 percent overlap in software functionality between legacy fraud and anti-money laundering systems,” added McConaghy “To tackle fraud and money laundering schemes that exploit real-time money movement you need to leverage all the available technologies, automate as much as you can and introduce models that can identify outlier transactions and customer behavior so your teams can spend their time investigating the riskiest of the red flags.”
FICO surveyed 45 executives from financial institutions across the region at its annual FICO Asia Pacific Fraud Forum.
FICO (NYSE: FICO) powers decisions that help people and businesses around the world prosper. Founded in 1956 and based in Silicon Valley, the company is a pioneer in the use of predictive analytics and data science to improve operational decisions. FICO holds more than 195 US and foreign patents on technologies that increase profitability, customer satisfaction and growth for businesses in financial services, manufacturing, telecommunications, health care, retail and many other industries. Using FICO solutions, businesses in more than 100 countries do everything from protecting 2.6 billion payment cards from fraud, to helping people get credit, to ensuring that millions of airplanes and rental cars are in the right place at the right time.
Learn more at www.fico.com.
Join the conversation on Twitter at @FICOnews_APAC.
FICO is a registered trademark of Fair Isaac Corporation in the US and other countries.
RICE for FICO
+65 3157 5680
+65 9171 0965
Europe, Middle East & Africa
+44 (0) 209-940-8719
+1 786 482 7231
+55 11 97673-6583
Take the next step
Connect with FICO for answers to all your product and solution questions. We look forward to hearing from you.