Creating Identity Literacy
A while back, I listened to an episode of the Wharton Fintech podcast where they discussed this idea of creating more identity literacy for FI customers. And it’s an interesting concept because, we don’t think about being literate, defined here as knowledgeable or having an understanding of identity, when it comes to knowing who’s on the other end of the payment we’re sending or receiving.
Often, we get complacent in feeling like the system we’re using is so secure that we don’t have to scrutinize anything too hard. And, most of the time we don’t. Until we do. Right? You know that experience. Maybe it’s happened to you. Maybe you only thought it happened to you, but you were humming along, minding your own business, sending and receiving payments until something fishy caught your attention. Then immediate panic sets in as you realize you might’ve been a victim of fraud.
You’re not the only one. The numbers aren’t in yet for 2021, but in 2020, consumers lost $56 billion dollars to identity fraud. The bulk of that was identity theft where scammers interact directly with consumers to take their information. Businesses experienced record levels of fraud as well, reporting that they lost $42 billion dollars in 2020.
Businesses and banks alike are no strangers to these tactics; in fact, banks usually spend a great deal of time training their employees how to spot a scam or potential fraudster. Let’s be honest, even though we don’t like to give fraudsters a lot of credit, they are, unfortunately, a smart group of people. They’re quick to adapt and their obvious lack of morals allows them to create smarter and sneakier schemes as they evolve.
That’s why, when it comes to online payments, and international payments in particular, it’s extremely important to be identity literate. AKA you know who’s on the other end of the payment you’re sending or receiving.
International Payment Fraud – Where does it start?
Most financial institutions leverage a multi-factor authentication (MFA) system that makes fraud unlikely, but that’s actually the first place fraud can start. In the payments world, the most common form of fraud is spoofing. It’s an email that looks like it comes from a legitimate sender, but is off by one or two characters. The address looks very similar to someone the FI trusts and presents a legitimate invoice but with fraudulent settlement instructions. Someone on the FI side accepts these unknowingly and it lowers the barrier of entry for the fraudster.
Any manual process also opens you up to fraud. Most businesses and financial institution employees assume that fraud happens when the fraudsters come through a side door, but the real threat is that you (as a business owner or financial institution employee) actually welcome them through the front door. The real risk is not understanding who you’re interacting with.
Another way that international payments are susceptible to fraud is through new settlement instructions. Having walked in through your front door, the fraudster will attach a new set of (fraudulent) settlement instructions. The financial institution, on behalf of the business, initiates a payment. And with this simple tactic, the bank has become the subject of fraud.
It’s a painful scenario to be in. Financial institutions spend a lot of time working to prevent fraud, but it’s not an easy task. And while they’ll never catch 100% of it, there are ways to prevent it.
How financial institutions can prevent fraudulent FX payments
As soon as you release a fraudulent payment on behalf of your customer, you’re liable for that activity.
An easy way to prevent fraud is to complete the transactions in a closed environment. Going back to those manual processes, any time someone has to get information or conduct part of the international payment outside of a closed environment, you’re opening yourself up to fraud. Integrating your international payments into your mobile and online banking system puts those payments into a closed system. Now they’re behind a tight security wall, making it more difficult for fraudsters to gain access to the payments.
Provide deep links or, as I like to call them, magic links (the jury’s actually still out on this, Steve rolls his eyes at me every time I refer to them this way), via email. These links automatically redirect customers through your mobile/online banking system, requiring them to sign in, before they can execute the next step of the transaction.
Something we’ve done in the PayRecs system is to not only offer the first two solutions, but to also flag when new settlement instructions or updates to a beneficiary have been changed. Interrupting the customers’ experience with a pop up or flag notifies them that something is different. So before they release the payment, they can investigate further. Did my bank really update my settlement instructions? Did my vendor change their settlement instructions? No? Proceed with caution. Or alert my bank to a potential fraudster.
Creating Identity Literacy
Financial institutions are in a unique position to help save businesses money. By helping educate commercial users about the opportunities for fraud and putting tools in place to help mitigate international payment fraud, they can build stronger relationships. Trust and security are table stakes when it comes to banking. But, talking about and demonstrating to your customers that you’re actively looking for ways to protect them, elevates their experience and your reputation for putting your money where your mouth is, literally.
Plus, having these interruptions benefits your staff as well. Putting a checkpoint into their daily duties helps identify and prevent payment fraud. It’s an easy way to remind employees where fraud is most likely to occur and to help them learn to identify it.
For banks and businesses alike, it’s important to understand who’s on each end of the transaction. Partners like PayRecs help make this easier, saving everyone money along the way.