Fed digs deeper into fraud as prep for real-time payments
The Federal Reserve's fraud definitions work group is doing essentially the same thing TV detective Columbo did in his heyday — asking a lot of questions about a crime that it already knows many of the answers to.
The goal is to get a better understanding of past incidents, thereby arming the Fed to improve its response as more companies implement faster payments.
The group wants to classify fraud incidents in such a way that it helps overall security measures keep up with the developing U.S. faster payments schemes, while also providing essential, uniform data to machine learning and other technology to thwart payments crimes.
Established by the Federal Reserve last March, the fraud definitions work group is using the mantra of "better data, faster" as it seeks a high-level structure to classify the scope of payments fraud scenarios, said group member Dondi Black, vice president and senior product strategist at FIS.
"It has to be a flexible system, and we don't have to reinvent the wheel because it is just a matter of studying the information that is available today," Black said last week when group leaders updated progress during the annual payments symposium in Chicago.
But there is a massive amount of information to dissect and funnel into categories, making the task force's work critical to establishing a model that would initially provide better security for ACH, wire transfers and checks — and eventually be deployed for faster payments.
In adopting a fraud classification model, the group is hoping to achieve consistency in how each fraud event is defined so that all banks are talking the same security language and can spot trends within their own networks.
"It would be proactive communication, fed across the whole payments industry and the banks, that this is the type of fraud we are looking at," said Rakesh Korpal, executive director at JPMorgan Chase.
"If we get the right amount of data, we could identify those types of fraud as we screen transactions in real-time payments," Korpal added.
With the Fed citing non-cash payments fraud at more than $8 billion a year, it has viewed the fraud definitions group as one that can drill down to the basics of fraud. Its model would save time and effort in fighting back against fraudsters.
The group expects to conduct a year-long process before forwarding recommendations to the Fed's faster payments operatives.
First, the group has studied who initiates a fraudulent payment, because it has been proven that the initial recipient of the fraudulent transaction is not likely to be the one to solve the crime.
"Was it an authorized party who was deceived or coerced into it, or maybe one that did not intend fraud?" Black asked. "Or was it, perhaps, an authorized payment that was intercepted along its route?"
If a transaction turns out to be unauthorized, it has to be determined quickly if it was stemming from an account takeover, or a misused account or payment instrument.
Once those factors are established, the fraud can be classified in a helpful manner. Authorized party fraud could include products and services fraud, relationship and trust fraud, embezzlement or a false claim.
Non-authorized party fraud categories could include synthetic IDs, impersonation, compromised credentials or physical altercation of a payments device.
No one in the group embraces the notion that simply defining fraud is enough to thwart it. The concept is to allow banks to understand what is happening quickly, and put other wheels in motion to stop the fraud.
Black said that PwC has established a catalog of use cases based on the work group's model to operate like a "stress test" for the industry, running fraud events through the model to determine if it was detecting the correct aspects of the fraud.
"They were really trying the break the model in a way, and they said they couldn't," Black added. "I am very cognizant this comes across as very simplistic, but if we can answer these questions faster, then can we as an industry be much more proactive and efficient in addressing some of the risk we have across the industry?"
Black stressed the group's work will allow other Fed committees and planners to determine if the fraud definitions "move the needle" as opposed to waiting longer to determine a fraud type by using other methods like filling out surveys and compiling data in a slower manner.
If the fraud definitions model moves forward, it will provide the information and data needed for other security tools like artificial intelligence, advanced analytics and behavioral sciences. The combination of a clear view and definition as to what type of fraud is in play, and the technology to analyze operation details behind that fraud, can help banks and businesses flag problems before they occur.
Adoption of the fraud model is also a factor getting close consideration. Choices would range from taking it very slowly to one in which every institution was using the model at the same time, Chase's Korpal said.
Taking it very slow would mean to deploy the model across one payment type and see how it works. A step-up in adoption would call for a deployment within some test organizations to classify all fraud activity, according to the model. The fastest option would be a deployment across the entire industry.
"What it really allows us to do is establish standards around that reporting capability by having industry standards around intelligence, and about being able to deploy this and integrate it within our processing platforms," Korpal said.
"Ultimately, it allows us to recognize patterns of bad behavior, whether they are authorized or unauthorized," he added.