Real-time payments may be booming, but they may also be growing targets for fraud — and credit unions and other financial institutions are getting worried, an industry pro warned this week.
The payment method, which allows financial institutions and members to pay bills and make payments almost instantaneously, can also enable criminals to avoid evade manual reviews, security measures that identify out-of-pattern activity and ACH service blocks, said Mike Lynch, who is chief strategy officer at San Francisco-based risk-profiling company Deep Labs. Growing account takeover activity, poor consumer password hygiene and social engineering vulnerabilities, among other things, may be helping criminals exploit real-time payments, he said.
“We have the perfect storm of many different factors at a high level, and now we’re moving money in real-time and we need to have a lot more security layers behind the scenes,” he said. “We can’t just have a rules-based approach. We need to correlate a lot of signals. So here is where you use device intelligence and behavioral analytics, et cetera.”
Real-time payment platforms aren’t necessarily the vehicles through which criminals are stealing data; they’re often the vehicles through which criminals can quickly exploit stolen data.
“It’s the tricking through social engineering or spoof calls for phishing,” he said. “That’s growing to be a pretty common technique and customers may be tricked into transferring funds to someone and never receiving the goods. So it looks like the money’s appeared in the seller’s account, but then a few days later [the platform] reverses the transaction.”
Credit unions and other financial institutions involved with real-time payment platforms should make sure they’re following best practices in terms of P2P security.
