Executed in 10 seconds, instant payments remove the possibility of after-the-fact controls. More than ever, companies need to strengthen their payment process, thanks to robust internal control measures and improved collaboration. Giovanna Guidolin, head of Anti-Fraud at UniCredit shares her insights and best practices to stop instant payment fraud.
For more insights and best practices, download Trustpair and UniCredit’s latest white paper about Instant Payments.
- Could you start by presenting yourself quickly? What is your expertise and experience in terms of payments & fraud?
I’m Giovanna Guidolin. I’ve been working for Unicredit for 25 years. Before taking responsibility for the Antifraud department, I built up a solid experience of more than 12 years in Internal Controls and Investigations. I have a strong interest in understanding criminal behaviors and new Fraud scenarios.
- Has the shift toward digital payments increased fraud risks? What are the main payment fraud trends you observe? Trend:
Yes, the shift toward digital payments has indeed increased fraud risks. As more transactions move online and rely on digital platforms, cybercriminals have adapted their tactics to exploit vulnerabilities in these systems. Some of the main trends observed in payment fraud are driven by techniques known as Social Engineering.
Cybercriminals use several methods, including phishing, credential stuffing, spoofing, or artificial intelligence to gain unauthorized access to individuals’ or businesses’ accounts. The exponential increase in the use of social networks, as well as the pandemic period, have also contributed to the change and increase in the target audience of possible victims.
Business Email Compromise (BEC) scams target businesses, often using social engineering tactics to trick employees into transferring funds or providing sensitive information. These scams can result in significant financial losses for organizations.
These trends highlight the evolving nature of payment fraud and the importance of implementing robust security measures, such as multi-factor authentication, encryption, fraud detection alerts, and user education, to mitigate risks and protect consumers and businesses from financial losses.
- Could you tell us more about the risks posed by instant payments?
Certainly, instant payments present both benefits and risks. While they offer convenience, speed, and efficiency in transferring funds, they also introduce several risks that need to be carefully managed.
For example:
Fraudulent Transactions
The speed of instant payments means that there is less time for financial institutions to detect and prevent fraudulent transactions. Fraudsters can take advantage of this window of opportunity to conduct unauthorized transactions before they are identified and stopped.
Account Takeover
Instant payments can be used to facilitate account takeover fraud, where cybercriminals gain unauthorized access to individuals’ or businesses’ accounts and initiate fraudulent transactions in real time.
Transaction Reversals
Unlike traditional payment methods where transactions can be reversed or disputed, instant payments are typically irrevocable once initiated. This means that if a payment is made in error or as part of a scam, it may be challenging to recover the funds.
To mitigate these risks, financial institutions and payment service providers must implement robust security measures, such as transaction monitoring, authentication controls, encryption, and fraud detection alerts. Additionally, customer education and awareness programs can help individuals and businesses understand the risks associated with instant payments and take appropriate precautions to protect themselves against fraud and financial loss.
- How can businesses prepare for these instant payment risks? What strategic measures should they set up to make sure they only benefit from this payment method?
Businesses can take several strategic measures, for example:
Implement Robust Fraud Detection and Prevention Measures
Businesses should deploy advanced fraud detection software that can monitor transactions in real time, detect suspicious patterns or anomalies, and flag potentially fraudulent activities. This may include machine learning algorithms, anomaly detection techniques, and behavior analysis to identify and prevent fraudulent transactions.
Enhance Authentication and Authorization Controls
Businesses should implement strong authentication measures, such as multi-factor authentication (MFA) and biometric authentication, to verify the identity of users and prevent unauthorized access to accounts or payment systems. Additionally, they should enforce strict authorization controls to limit access to sensitive systems and data only to authorized personnel.
Invest in Secure Payment Infrastructure
Businesses should invest in secure payment infrastructure and technology to ensure the reliability, availability, and security of instant payment systems. This may involve adopting encryption protocols, tokenization techniques, and secure communication channels to protect sensitive data transmitted during payment transactions.
Educate Employees and Customers
Businesses should provide comprehensive training and awareness programs for employees and customers to educate them about the risks associated with instant payments and how to identify and respond to potential threats. This may include raising awareness about common scams, phishing attacks, and social engineering tactics used by fraudsters.
Establish Clear Policies and Procedures
Businesses should establish clear policies and procedures for conducting instant payment transactions, including guidelines for verifying the authenticity of transactions, reporting suspicious activities, and resolving disputes or errors. These policies should be regularly reviewed and updated to address emerging threats and regulatory requirements.
Monitor and Analyze Transaction Data
Businesses should continuously monitor and analyze transaction data to identify emerging trends, patterns, and anomalies that may indicate fraudulent activities. This may involve leveraging data analytics tools and techniques to gain insights into customer behavior, transaction patterns, and potential fraud indicators.
Collaborate with Industry Partners and Regulatory Authorities
Businesses should collaborate with industry partners, financial institutions, and regulatory authorities to share information, best practices, and threat intelligence related to instant payment risks. This collaboration can help businesses stay informed about emerging threats and regulatory developments and enhance their overall security posture.
- Any last words you’d like to add on fraud and instant payments?
By implementing these strategic measures, businesses can better prepare for instant payment risks and leverage this payment method to improve customer experience, increase operational efficiency, and drive business growth while safeguarding against fraud and financial losses.
Trustpair protects you against instant payment risks thanks to ongoing and automated account validation. Request a demo to learn more!