soc 4600340265   blog graphic  authorized push payment fraud needs accountability by the receiving bank 2 720

In this blog, learn why receiving banks must fight back against authorized push payment fraud to protect consumers.

Authorized Push Payment Fraud Needs Accountability by the Receiving Bank

Reinforcing the Fight Against Synthetic Identity Fraud

How to Stay Ahead of Digital Payments Fraud with Socure Account Intelligence

Coming Soon  Your Last Chance to Avoid Billions of Dollars in Losses from P2P Scams Blog Thumbnail 3

Coming Soon: Your Last Chance to Avoid Billions of Dollars in Losses from Consumer Scams

Claire Greene, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed wrote a <a href="https://www.atlantafed.org/blogs/take-on-payments/2023/05/22/receiving-banks-and-authorized-push-payment-fraud--somebody-elses-problem">fabulous opinion piece in May 2023 related to authorized-push payment fraud</a>. 
In the article, Greene points out the requirement under Reg E for banks to refund customer funds in the event of unauthorized payments fraud, and brings up a major issue in that regulation: the lack of understanding by consumers of what defines and separates an “authorized” and an “unauthorized” payment from one another creates confusion. This is costly to consumers and allows bank and fintech account holders to suggest that those losses are indeed “somebody else’s problem.” Greene believes, and we agree, that this lack of consumer awareness creates an imperative for receiving banks and payments providers to fight authorized push payment fraud.
The discussion of a liability shift is nothing new. The CFPB kickstarted the discussion in earnest last October when they proposed that consumer scam financial loss should be shouldered by the financial services companies, rather than consumer victims. Since that time there has been a <a href="https://offers.socure.com/On-Demand-Adapt-or-Die-Navigating-Drastically-Shiting-Fraud-Patterns.html">great deal of debate</a>, and banks have signaled they plan to self-regulate rather than be regulated by the CFPB or other regulatory groups. In fact, Zelle has taken a leadership role in the industry and is developing a strategy with its top-tier bank owners to begin to charge back receiving banks for certain types of <a href="https://www.socure.com/glossary/p2p-fraud">P2P </a>fraud that are run through their real-time payments system. 
<h2>Addressing Money Mules</h2>
What really excited me about Greene’s article was her focus on the fact that <a href="https://www.socure.com/blog/identity-trends-roles-of-mules-in-financial-crime">money mules are being inadvertently welcomed into our banking systems today</a>, directly through the front door. She goes on to say, “…controls on the account opening process can help to prevent authorized fraud.” To these points, Socureans shout from the rooftop – thank you, Ms. Greene!
We agree that <a href="https://www.socure.com/glossary/new-account-fraud">new account fraud</a> in deposit institutions is up. In fact, we saw <a href="https://offers.socure.com/the-state-of-synthetic-fraud.html">in our proprietary analysis</a> that during and following COVID, the synthetic identity fraud attack rate at these banks and fintechs increased drastically. <a href="https://offers.socure.com/On-Demand-Navigating-Fraud-and-Risk-During-Times-of-Turmoil.html">Following the SVB bank failure</a>, they continued to increase, and today, our analysis shows that 1-3% or more of every open and active deposit account in the U.S. is held by a fraudulent synthetic identity.  
<a href="https://offers.socure.com/the-hidden-risk-of-money-mules.html">Money mules can take the form</a> of first-party fraud, second-party fraud (first party aided by a “handler” bad actor), and victims. Money mules can also be associated with synthetic identities and <a href="https://www.socure.com/glossary/third-party-identity-fraud">third-party fraud</a> that has slipped through origination, and accounts that are taken over. 
Through <a href="https://www.socure.com/blog/stopping-clean-true-name-identity-theft">“Clean” True Name ID Theft</a>, bad actors are able to <a href="https://www.socure.com/blog/how-synthetic-identities-can-slip-through-your-defenses">penetrate fraud defenses at origination</a> by using a consumer’s full, accurate <a href="https://www.socure.com/glossary/personally-identifiable-information">Personal Identifiable Information (PII)</a> and changing the contact elements, such as email or phone number, after the account has been opened. 
The upshot of Greene’s article is that receiving banks should be more accountable to keep all types of fraud from entering through the front door, and identify <a href="https://www.socure.com/glossary/account-takeover">account takeover (ATO)</a> attempts whenever possible. She even calls out a list of fraud strategies and tools that are being used more often by financial institutions to mitigate ID-related fraud at account opening, including:
<ul>
<li style="font-weight: 400;" aria-level="1">Email risk assessment</li>
<li style="font-weight: 400;" aria-level="1">Phone number risk assessment</li>
<li style="font-weight: 400;" aria-level="1">Challenge questions to identify bots</li>
<li style="font-weight: 400;" aria-level="1">Automated risk scoring</li>
<li style="font-weight: 400;" aria-level="1">One-time password</li>
<li style="font-weight: 400;" aria-level="1">Geolocation</li>
</ul>
By the way, this is a recipe for Socure’s ID+ solution suite. Our 1,900+ customers use <a href="https://www.socure.com/products/sigma-synthetic-fraud">Sigma Synthetic</a> and <a href="https://www.socure.com/products/sigma-identity-fraud">Sigma Identity</a> to automate risk scoring at origination. Suspicious applications are challenged with Socure’s efficient document verification and identity verification software,<a href="https://www.socure.com/products/document-verification">Predictive DocV</a>. One Time Passwords (OTP), P2P credentials, and non-monetary changes to PII via mobile device, online, or through a call center are passively analyzed using our industry-leading email, phone, and address <a href="https://www.socure.com/products/email-risk">RiskScores and Correlation Values</a> that help Socure customers identify suspicious “receivers” and reduce the occurrence of ATO. 
For those banks and fintechs that have not kept appropriate levels of fraud controls at origination, it’s not too late. Many of our customers are performing portfolio scrubs to <a href="https://www.socure.com/blog/why-auditing-your-portfolio-for-money-mules-is-critical">accurately identify and efficiently weed out identities acting as money mules within their portfolio</a>.
There is a tectonic shift happening right now across <a href="https://www.socure.com/glossary/demand-deposit-account-fraud">DDA</a>, savings and investment account ecosystems. These shifts are driven by drastic changes in fraud behaviors, regulatory pressures for banks and fintechs to cover losses resulting from consumer scams, and a growing need by <a href="https://www.socure.com/glossary/bad-actor">bad actors</a> to fuel fraudulent money movement to hide their money laundering, trafficking, and financial scam efforts from regulators and the U.S. financial system. 
We applaud Greene and her keen eye on these problems of identifying fraud detection in banking, and <a href="https://www.socure.com/blog/reinforcing-the-fight-against-synthetic-identity-fraud">are aggressively working to meet our 2023 goal to root out 100,000 synthetic identities</a> from the U.S. financial system by the end of this year.
Will you join the fight?

Authorized Push Payment Fraud Needs Accountability by the Receiving Bank

Socure

Related Posts