The next phase of faster payments in the U.S. has arrived. Beginning on September 15, same day payments will be available for virtually any ACH transaction.” This is because Same Day ACH is being opened up for debit entries.
As of this Friday, financial institutions will be able to submit files of same-day ACH payments as follows:
- A morning submission by 10:30 AM ET, settles at 1:00 PM.
- An afternoon submission by 2:45 PM ET, settles at 5:00 PM.
That’s fast, and provides many benefits to businesses and individuals who are looking for same-day payroll support (good for hourly workers); expedited B2B payments; longer timeframes for consumers to make payments (they can be done on the due date instead of several days in advance); and faster crediting on account to account transfers.
The Fraudsters Benefit from Same-Day ACH Too
Without faster payments, “...fraudsters wait for the money to hit accounts before they could abscond, a process that could take hours or even days. In the meantime, the banks could be vigilant and look for anomalies and find out and root out wrongdoing, stopping withdrawals before they could be made.”
When the UK moved to Faster Payments, it caused a gigantic increase in fraud – upwards of 300%, primarily because the fraudsters adapted their tactics to evade the traditional fraud prevention measures, and divested the funds from the receiving account with equal speed so they were untraceable. The sheer volume of activity – 1.4 billion same day payments each year – makes it easier for fraudsters to act and harder for banks to respond. Thousands of additional transactions per day will have to be reviewed, which creates operational headaches for financial institutions as well.
Real-Time, Dynamic Solutions Are Key
It is well established that account takeover attacks continue to rise, driven by social engineering, phishing, malware and other techniques that allow fraudsters to take over an account with a user’s credentials. What is most surprising, however, is that 100% of fraud comes from authenticated sessions. Therefore, using static techniques like PINs, passwords, tokens and even physical biometrics to logon still leave open the possibility of a remote access attack even when the correct user has authenticated themselves online.
After years of increased fraud rates stemming from faster payments, Fraud Action UK announced several months ago that there was a 24% drop in fraud rates for the first time since 2008 among the major financial institutions in the UK; this was driven by the adoption of behavioral biometrics to provide real-time alerts during a session.
Behavioral biometrics are technologies that look at the interactions between a user and a device and/or application, looking at physical attributes like handedness and curvature of mouse movements associated with the size and shape of the hand; cognitive attributes like speed and typing patterns, application flow and navigational preferences; and response patterns to Invisible Challenges, subtle tests that elicit responses from users that distinguish them from other users and non-human activity (bots, malware, etc.)
By integrating into the transactional workflow of the bank, behavioral biometrics can provide real-time views on what is happening during a session and stop the fraud at its source. It behooves US institutions to learn from the UK experience and to get ahead of the risks while there is still time.
For more information on how BioCatch is securing faster payments, read our white paper.