Fraud will always follow the path of least resistance; this is a principal that can be counted on. Another is that when we release new payments pathways and channels for consumer adoption, they will be tested, gaps will be identified and eventually exploited.
As has been the trend in payments lately, “fast” and “open” are payments concepts that are being increasingly presented in fintech, which means that the payments rails are both speeding up and growing more complicated at the same time. This is clearly a ripe opportunity for exploitation if you are looking to take advantage of the momentum and confusion, for both legitimate developers and illicit attackers.
Fast refers to the payment being settled within hours (or even seconds), rather than days. Open has a basis in the capability for more services to attach themselves to existing payment channels through APIs. ACH has also been made faster as of late, with the advent of same-day payments over the network.
If you have noticed, it has also crossed over into unexpected places—retailers have found very clever ways to integrate ACH payments into in-app payments on mobile devices. With merchants preferring the cheaper ACH alternative to high interchange rates offered by the card networks, this should be a point of preference for them and they will continue to find creative ways to push more traffic down these rails. Said another way: Don’t blink, you might miss the moment when your favorite merchant starts to carry your favorite payment vehicle on your mobile device in a new and improved form.
And where will this lead to for financial crimes? While the same-day ACH fraud trend has yet to fully materialize, it would be foolhardy to assume that an attacker is not hard at work finding ways to weaponize new channel attacks today.
Consider the virtues for a fraudster— a rapid payment means one that is less likely to be stopped, given the additional resources required to investigate all payments made in real-time. Assume that all these new interfaces created for all downstream applications are not as tidy and thoroughly evaluated as their peers, as they are developed by smaller teams, who may not fully grasp the scale of fraud use cases that may exist.
To be sure, fraudsters are motivated by rapid and easy money. The fast is all but certain, as we continue to trend in this direction, creating efficiency and increasing scale by reducing float. The open, more integrated and accessible pathways to increase payments flexibility with financial incentives, relative to other merchants, is also a driver to ubiquity.
As we careen towards payments nirvana, we are increasingly providing fraudsters access to rich targets in a target-rich environment. So, the third leg to support Fast and Open must then be Secure. That is, to prevent the exploits from impacting adoption and realizing a mature and successful channel launch.