The Emerging New Payment Architecture and How to Stop Digital Fraud

THE TOP BANKING FRAUD TYPES AND PAYMENT METHODS TO WATCH IN 2022

?1. Introduction

Banking fraud is continually making headway even after changes in the working environment, whether?is it traditional banking or the latest digital banking, the fraudster always succeed in devising innovative?ways to breach the security layer. It is impossible to completely stop fraud, but staying abreast of this moving threat is imperative for banks to form new strategies to detect before occurring?such scams, especially given the effects of the pandemic on the banking fraud landscape.

Excerpt from a report on Fraud in the Wake of Covid-19, published in December 2020, ?by the Association of Certified Fraud Examiners: 79% of respondents reported a rise of fraud levels in ?December 2020. ?90%?anticipated?increase during 2021. Cyber fraud was found the most serious concern, along with business email compromise had increased as per ?85 % ?of respondents, and payment frauds increased by ?72 % of respondents. Based on the above, banks may encounter ?Fraud Types?in 2022 highlighting the common methods criminals use to defraud banks and their customers, spreading awareness among all the stakeholders. We may categorize the different types of frauds according to whether the payment is originated from unauthorized or authorized parties. This distinction directly affects the level of liability that banks face.

PAYMENTS AUTOMATION GAINS SPEED, SCALE, AND EFFICIENCY

?Although hangs on into 2022, for most businesses and banks payments automation has reached a point where the risks and rewards are more important than ever. Automated processes and digital payments are ubiquitous.?As Bottomline’s SVP, Pay mode-X Product Management and Market Strategy, Jeff Feuerstein sees it the three most important dynamics to watch are embedded finance, virtual cards, and new threats from fraudsters.?Embedded finance:?For consumers, paying a vendor is a click away. That hasn’t always been the case for B2B payments, but it is a trend that continues to gain momentum in 2022. Of course, the ability to pay and get paid with speed, scale, and efficiency is always the end goal regardless of the payment type. With embedded finance, the name of the game is around reducing cost by improving ways to integrate with existing ERP systems. For example, our recent Pay mode-X/MRI integration allows real estate companies to reduce the cost of processing payments, reduce payment fraud and improve cash flow by capturing early-pay discounts or maximizing cash-back rebates on their AP spend.?The feature is embedded as of the MRI payment processes, reducing the need for users to leave their financial system, making that one-click consumer experience closer to the B2B space.

Virtual cards:?Research made by Juniper?expects virtual cards to process over $5 trillion in transactions by 2025, a 26% annual increase. B2B usage will double over that period. They are an essential part of an e-payables strategy that includes ACH in its various forms. Virtual cards, however, have been a bit of a digital laggard, with most of them requiring manual processes like portals, and emails, to process the payment. It’s an analog process in a digital world. I expect advancements in the end-to-end process, digitizing the receipt and processing of virtual cards to reach the level of ACH. That results in savings of both time and effort, as well as reduced card acceptance costs, for vendors with high volumes of virtual card payments.

Fraud:?The fight against B2B payment fraud has made progress in an environment where fraudsters are continuing to hone their skills. But complacency is just as dangerous as fraud itself. Looking ahead in 2022, banks and corporates should continue to focus on fraud, simply for the fact that it’s a risk to reputation and customer relationships. If you’re a bank, you own the solutions and the customer relationships. Don’t risk any part of this equation. As Bottomline’s research shows 49% of firms reported they had serious fraud attempts against them. Fifteen percent of all companies indicated they suffered a loss. Corporate concern about fraud increased heavily over 2020 (+52%), and even more so among banks (+70%)

?REAL-TIME PAYMENTS DEFINE MODERNIZATION INITIATIVES

?Real-time payments are the future of consumer and business transactions. ?Next year’s conversation will turn to use cases as real-time reach its tipping point in serving as the foundation of payments modernization efforts around the globe. Modernization in the form of real-time is in progress and new use cases are coming into the market.

One of the things being watched in 2022 is the role of real-time payments in the evolution of payments architecture and modernization globally. For some time now, a talk about this in the form of the UK’s New Payments Architecture (official name) initiative as the core of their real-time payments infrastructure. In Canada they’ve approached real-time rails in a similar fashion, launching an entire payments modernization project behind it. In the US it is in the middle of our payments modernization initiative. The “last mile” means that organizations like The Clearing House and NACHA are continuing to advocate for payments modernization. For example, TCH announced a joint venture with SWIFT in October to accelerate real-time settlements of cross-border payments. NACHA reported 142.8 million payments processed via its Same-Day ACH service for Q3 2021, a 120% jump over 2020. Working aggressively to market real-time payments to banks, with the Federal Reserve adding to this modernization through its FedNow real-time platform.

And both organizations, as well as the rest of the US financial industry, are anticipating the FedNow platform, slated to debut in Feb 2023. The Fed has taken an active thought leadership role, and much of that has come under the heading of payments modernization. They’ve done a lot of the right things to assure the market that their technology will be interoperable. They’ve signed on for the ISO 20022 message sets and have launched some very early pilot programs. Now, nobody's actually sending money or messages to each other through FedNow, but it has moved from being a set of architectural slides to having a clear line of implementation in 2023. Expect the Fed to continue its role as a thought leader for modernization as it preps its own product.

?One of the things for surprise is the volume of use cases that are coming to the fore?either as real-time, bank-based payments, or other instant payments platforms. From a consumer perspective, reliance on Zelle, Venmo, and other instant payment platforms has skyrocketed during the pandemic. For example, Venmo expects to grow from its current?76 million?user base to 120 million by 2023. So, the American consumer is certainly familiar with the concept of real-time payments. There is also a lot of press about using real-time payments rails for instant payroll. DailyPay has been working with banks as well as corporates to enable on-demand instant payroll. One of its competitors, Even, partnered with JP Morgan in early November to provide real-time payroll services. Expect that to be another trend to watch in 2022 as we watch the U.S. real-time use cases expand.

. Reasons for snowballing of ?banking fraud

The Covid-19 pandemic has generated the best possible environments for many types of payment fraud to multiply. Millions of people have been forced to change their everyday behavior, especially the way they work, buy and interact, shifting fraud in the following methods::

The new work culture, work from home (WFH) .among many office staffs, including bank employees, has required people to access corporate systems remotely generally with limited security measures in place. Some internal controls and confidentiality requirements have also become tough to implement in the home-working environment. Moreover, the unprecedented shift of banking transactions onto digital channels as branches and stores close has meant banks have switched to digital and telephone channels to keep services open. This is especially the case in the developing world, where banks have moved fast to embrace digital innovation, but could not augment the security element. Transaction limits on digital channels have been increased helping account takeover result in bigger thefts.

?The flare-up of home delivery for retail purchases has created new chances for phishing scams connecting email or text alerts, as well as the general increase in transmission via digital channels that can be faked and exploited for phishing purposes. The huge increase in retail partaking in financial markets during lockdowns has created scope for online investment.?Although the pandemic has increased the number of positive atmospheres to be?exposed to fraudsters, the way of their operation has not altered much. Well-organized criminal gangs even use a skilled person on the dark web to install hi-tech tools to commit frauds, others keep on very low-tech. Many frauds are successfully executed using familiar tools such as email, phone calls, and messages over social media. They place reliance on slightly more than social engineering and well-known psychological tricks to handle and dupe their victims.?Most bank frauds target banks’ customers. But Covid-19 has also allowed internal banking fraud and corporate fraud to grow.

The conditions that support internal fraud, as set out in the Fraud Triangle devised by Donald Cressey, are all in place in the current environment:

Pressure: Many employees may be facing joblessness or a salary stoppage as their company attempts to overcome the effects of the pandemic on their business.

Opportunity: Remote working may make gaps in internal controls result into easy for insiders who know the system’s weaknesses to execute their plans.

Justification: Employees enticed to swindle their employer may sway themselves that their actions are right because they are working tough in difficult situations but receiving little or no reward or gratitude. In the developing world, the introduction of improved security for transactions via digital channels, such as one-time passwords for mobile banking, has encouraged criminal gangs to pursue alternative routes. This has led to greater recruitment of insiders to facilitate fraud as their access to the bank’s back-end systems opens a new avenue for fraud attacks. While these are low volume, they typically attempt to pilferage large amounts.

?3. The 2022 Fraud Landscape

A survey of the 2022 payment fraud landscape classifies frauds according to who originates the payment – an authorized or unauthorized party. Both types tend to involve a blend of technology tools and efforts to operate and dupe the victim. It is well observed that in most all cases, the fraud is carried out by initiating payments or withdrawals from victims’ accounts that are not consistent with their normal patterns of behavior.?AI software to identify and stop them.

3.a. Bank frauds by insiders

Insiders can be bank employees or staff employed by IT vendors working with the bank. Because these people have detailed knowledge of the bank’s internal systems, this fraud can be difficult to detect and can continue for long periods unless a robust fraud-monitoring system is in place. Insiders exploit user privileges to access victims’ accounts directly, or to transfer funds from the bank’s internal payment accounts into accounts belonging to customers. The funds are then transferred to external bank accounts controlled by the fraudster or to pre-paid cards. These types of cards are popular with fraudsters because they are issued with few “know your customer” (KYC)checks and can be used to make multiple currency cash withdrawals. They can also be used for “card not present” transactions which normally have a higher transaction limit.

The ACFE survey revelation that 48% of banks and financial service providers had seen an increase in internal fraud. Appallingly, 71 % anticipate a further significant increase in 2021. An IT administrator at a bank in Tanzania took advantage of back-end user privileges to inflate account balances for an accomplice by a total of $22,000. The intention was to withdraw the funds from ATMs and via mobile banking, but the fraud was detected and the money never left the bank. As the software identified privileged user checked

The cohorts account frequently over a period of days and flagged the nature as suspicious. ?Phishing-enabled account takeover

A fraudster used phishing to induct malicious code into the Swiss victim’s computer and got their e-banking credentials. The criminal then took over the victim’s account and attempted to make an illicit transfer of CHF 19,990.AI or ML cab stopped the payment as more than a few factors did not match the customer’s profile, including the size of the transfer, the new beneficiary, and bank account used, as well as the unfamiliar screen resolution and browser employed by the fraudster. Phishing is also frequently used to carry out business email compromise (BEC) frauds. Fake official emails or text messages from banks, companies, delivery agents, or even health authorities claiming to send Covid-19 test results, persuade the victim to click on a link. A banking Trojan or malware is then installed on the victim’s device, allowing the fraudsters to take control of the victim’s e-banking.

?3.b. Phishing scams

Immense fake official emails or text messages from banks, companies, delivery agents, tax authorities, health services, etc. are forwarded almost every day. The emails hold links that, once clicked by an incautious victim, robotically download and install a piece of malware on their device which congregate personal information needed for an account takeover. Phishing attacks surged after Covid-19 lockdowns began in March and April 2020. Tokyo-based Trend Micro reported that the number jumped from around 4,000 in January and February to almost 900,000 in March, and more than 2.9 million in April.

The UK banking industry body UK Finance also reported in September 2020 that almost 15,000 impersonation scams were recorded between January and June 2020, a rise of 84 percent year-on-year. More than 8,000 involved criminals impersonating the police or a bank, a jump of 94 percent. The scams included fraudsters sending emails or text messages pretending to be from government departments and offering grants related to Covid-19.

3.C. Man in the middle/pharming scams

A hacker obtains sensitive information communicated between two other parties online. This can happen when the victim is interrupted trying to log in to their online or mobile banking service, allowing their log-in information to be garnered.

?Man in the middle scam uses fake QR code

A client wanted to access her e-banking service. After entering her credentials and scanning the QR code, a message appeared in French and German asking her to re-enter her credentials for greater security. After she did so, an error message appeared saying the site was unavailable. This is likely to have been a man-in-the-middle attack in which the second QR code was displayed by a hacker to recover the victim’s account credentials. The fraudster then attempted payment of CHF 38,000. In this case, also software blocked the payment due to unusual session information, including browser language and screen resolution, and transaction details including the unusual amount and beneficiary bank. The system logs showed three sessions that raised suspicions, suggesting the fraudster accessed the victim’s account several times while attempting the payment.

Technical support scam

The fraudster impersonated a Microsoft tech support worker and called the victim. Through social engineering, the perpetrator managed to obtain enough information about the victim’s e-banking credentials to attempt to transfer $7,500 to an illicit account in Lithuania.AI risk models stopped the transaction because its features did not match the customer’s profile, including the unusual currency, type of transaction, beneficiary account details, and country of destination.

3.d Technical support scam

Fake technical support staff calls the victim, who is told that there is a problem with their software. The victim is duped into giving the caller control of their computer remotely, sometimes with the help of personal information about them gathered via social engineering. The fraudster is then able to gain access to their computer and steal confidential information. Action Fraud in the UK said it received almost 15,000 reports of tech support fraud in the 12 months to November 2020, with a total of

￡16 million defrauded from victims who were duped into installing remote-access software.

3. e Mobile SIM-swap frauds

Stealing mobile numbers via SIM swap is a key fraud route in the developing world because the primary way most people access mobile banking is via their mobile phone number. Their mobile number is connected to their bank account and is used to verify their identity – most banks also use this phone number as the primary 2FA implementation mechanism.

The victim receives a call from a fraudster pretending to represent a telco to check account details. Using the personal information obtained, the fraudster poses as the victim and contacts their mobile service provider to have their number transferred to a new SIM in a device the gang controls. This gives access to the victim’s mobile wallet and can even allow the fraudster to attempt to reset the victim’s mobile banking security data and access their account. In other cases, gangs work with insiders at telco sales teams to obtain replacement SIMs for “lost phones.” This type of fraud is reported to have surged by 200 percent in South Africa during 2018. SIM-swap frauds have also been used around the world to access crypto wallets. The potential gains from cryptocurrency are huge as it is decentralized, can easily be anonymized, and has real monetary value.

M-wallet fraud in Africa

In one recent case reported in Kenya, a gang targeted well-off people who had recently died, aiming to cancel and swap their SIM to a new device before their family had the chance to access the deceased person’s bank account and establish their exact wealth. Once the SIM was transferred, the victim’s mobile wallet was emptied and the funds transferred to other wallets, from where it was withdrawn. A second SIM-swap gang had more than 10,000 SIM cards when police arrested them in October 2020. AI s’ fraud software can spot and prevent attempts to withdraw funds stolen during this type of fraud. Repeated visits to the same ATM in quick succession raise an alert in real-time, enabling the bank to check whether or not the attempted withdrawals are legitimate.

?Case study: Account takeover

A fraudster doing an impression as a bank employee persuaded a customer to disclose their e-banking login details through social engineering. The fraudster then took over the account and attempted to transfer ￡21,000 to an illicit account. AI-based risk monitoring software blocked the transaction due to unusual e-banking and transaction characteristics, including the unusual amount, screen resolution, beneficiary bank and account details, e-banking session language, and currency.

3. f Account takeover resulting from social engineering and telephone scams

Even well-known, unsophisticated techniques such as telephone frauds, which date back decades, continue to be extremely effective, especially when combined with basic social engineering using information about the victim that is easily found online. This type of scam can involve callers pretending to be agents working for a wide variety of organizations, such as the victim’s bank or the tax authorities. Victims are influenced to disclose their banking credentials, allowing the criminals to take control of their accounts.

Even well-known, unsophisticated techniques such as telephone frauds continue to be extremely effective, especially when combined with social engineering.

3.1. Fraudulent Payments Initiated by Authorized Parties

3.1.a. Authorized push payment fraud resulting from social engineering

Social engineering and simple telephone impersonation techniques can also be used to dupe victims into making payments to accounts controlled by the fraudsters themselves. For example, victims may be told that their account has been compromised and they must transfer their money to a new account to prevent it from being stolen. As per the UK banking industry trade body UK Finance, ￡456 million was lost to authorized push payment fraud in 2019, up almost 29 percent on 2018.

Case study: Authorized push payment fraud

Using impersonation techniques, the fraudster convinced the bank customer to transfer ¤125,000 to an illicit account in Spain. AI-based monitoring software blocked the transaction because certain variables did not match the customer’s profile, including the date the transfer was initiated, the destination country, beneficiary account, order type, and currency.

Case study: Romance scam

The fraudster introduced himself to the victim as an American soldier based in the Middle East. A romantic relationship began and the fraudster swayed the victim to make three transfers to his bank in Germany – of $1,500, ¤3,000, and ¤11,300. AI risk models stopped the first and third transactions, spotting unusual variables, including the beneficiary bank account, the destination country, the amount, and currency.

3.1.b Romance scams

The victim is come up to via text message, email, or social media and induced to commence a long-distance relationship. Once the victim is induced, the fraudster requests money transfers to allow them to come to the victim’s country, clear debts, or unlock a frozen bank account. Even after these endeavored frauds are flagged up by their bank, victims often insist on authorizing the payments. This demonstrates the power of romance scams to dupe victims, who want to believe they have found a genuine relationship. Banks need to be able to show victims that the payment is going somewhere other than what the victim has been told.

According to a New York Times article in March 2020, romance fraud has mushroomed in recent years. In 2015, victims reported losing $33 million, but by 2019, the total had reached $201 million. The article cites the example of a 76-year-old widow who transferred more than $660,000 to bank accounts she thought belonged to a US Army general in Afghanistan. In Singapore, the police force’s Anti-Scam Centre says that across all the cases it has investigated since June 2019, love scams accounted for nearly half the total amount that fraudsters had attempted to steal.

3.1.c Business email compromise (BEC)

Fraudsters often target companies by imitating a senior executive. An email is sent to an employee, either from the victim’s own email account, which has been hacked or from a spoofed email address. The email is often followed by a call seemingly from the CEO, a senior executive, or from a bogus law firm or consultant, telling the employee who received the email to respond instantly. Deep fakes are gradually used for video or voice calls. The email usually requests a large payment to a fake account in connection with an urgent or sensitive issue such as an acquisition. The US Federal Bureau of Investigation says that between June 2016 and July 2019 it received more than 166,000 reports of email compromise, with total losses of more than $26.2 billion. A fraudster impersonated the CEO of a Spanish company and over email convinced an employee to transfer ¤170,000 to an illicit account.

?Case study: BEC fraud

The victim received an email from their business partner’s email account, which had been hacked, requesting a transfer of $100,000 to an account in Peru. In both cases, special software risk models blocked the transactions due to the unusual variables the transactions exhibited, including the beneficiary account details, destination country, operation type, order type, and currency.

Case study: Invoice fraud

A company received an invoice for US$69,000 payable to a previously unknown account in Singapore. The Singapore-based beneficiary’s name was similar to the name of an existing supplier based in Hong Kong. The IBAN shown on the fake invoice had been modified. A software risk monitoring software detected and blocked the fraud due to the unusual amount, destination country, and bank.

3.1.d Invoice frauds

Invoices claiming to come from a genuine supplier are emailed to the company, along with fake account details for payment. This type of fraud can cause major problems for smaller companies that lack the controls to prevent them and rely on non-specialist, junior staff to make payments.

3.1.e Investment scams

Online investment by individuals has increased rapidly y during the Covid-19 pandemic, partly due to home working. This allowed, ?gangs, to set up fake investment websites to fool people looking to invest in stocks, commodities, and cryptocurrencies. The sites are marketed to victims using phishing emails and online adverts on social media sites. In January 2021, the UK’s Financial Conduct Authority warned that more than ￡78 million had been stolen from UK investors during 2020 through “clone firm” investment scams involving fake websites and documents that imitated legitimate companies. Reports of these clone firm scams rose by 29 percent between March and April 2020, when the UK went into its first lockdown. The average loss reported by consumers was more than ￡45,000.

Case study: Investment fraud

The victim was advised by a fraudster impersonating a business partner to invest in a fictitious company and ordered a payment of $170,000 to an account at a bank in Bulgaria. The monitoring software blocked the payment because several variables did not match the victim’s profile, including the unusual destination country, bank, beneficiary account, amount, and currency.

?Du9 pandemic s have set up fake investment websites to fool people looking to invest in stocks, commodities, and cryptocurrencies.

4. Observations

?Banking frauds are always ever-changing as criminals devise an effective strategy to get past their victims’ defenses. Presently, authorities report a jump in fake automated calls and text messages professing to come from Amazon and inviting people to click on a link to obtain a refund. The explosion of the home delivery apps for goods during lockdowns has shaped a new line of attack for fraudsters. As always, fraudsters will “follow the money” and move to those channels where the number of potential victims is increasing. Irrespective of their instruments for performing the fraud change shape, however, they will still rely for their success on the same basic aspects of human psychology. Fraudsters will succeed, ?by taking?benefit of their victims’ fear, anxiety, and readiness to convince communications that seem to send from official sources.

Banking fraud continues to increase and the question of who is liable for the losses that result is becoming a more serious concern. Banks are generally liable to reimburse victims of frauds in which the fraudster initiates the illicit payment. In cases where the victim does so, by authorizing push payment frauds, banks have not been taking liability. In spite of a enlarge types of banking frauds are generally tried, there is only one reliable way to detect and prevent them: comparing the fraudulent transaction against the historical pattern of behavior associated with the account holder or system user. This is why in creating solutions it is critical to focus not on the different types of fraud but on the usual behavior of the account holders so that anomalies can be detected and flagged.

Now, ??AI-based anti-fraud software monitors all account transactions and evaluates them against the established behavioral profile linked to the account holder or his or her peers. This enables the system to highlight transactions that are inconsistent with the known user’s profile and flag them to security staff so that fraudulent payment requests and withdrawals can be blocked.

Anomalies and AI algorithms

The system carries out checks on transactions across multiple axes. It tracks unfamiliar access to the bank’s internal systems and monitors internal users’ actions where these are linked to suspect transactions. The software also uses AI algorithms to detect abnormal activity on customers’ accounts that may indicate account takeover. Triggers may include the detection of a different screen resolution than the one expected on the login device, a login from a new device or a previously unknown location, a login from an unknown browser, or the use of a different language. “Velocity models” are employed to flag sharp activity on customer accounts, for example when multiple transactions are initiated in quick succession, which may indicate an attempt to empty the account as rapidly as possible.

Reducing false alerts and operational losses

All anti-fraud systems produce false positives that have an impact on customer satisfaction and lead to unnecessary customer call-backs. However, constant R&D efforts are improving the precision of the machine-learning algorithms that power software systems, leading to improved detection rates and reduced inconvenience for customers.

?CONFIRMATION OF PAYEE(COP) CEMENTS ITS PRESENCE IN THE FIGHT AGAINST FRAUD

The Confirmation of Payee in 2021 it’s a somewhat risky venture and will continue to be a topic of great interest in 2022. But it will for the simple reason that it has instituted grip with UK banks and success against authorized push payment (APP) fraud. The proof can be found in several cases, but most notably in the?Payment Systems Regulator report of October 2021. It showed CoP has increased consumer confidence and has helped to prevent what could have been runaway growth in APP fraud. The PSR says fraud is migrating to financial institutions that have yet to implement CoP. In 2022 CoP will continue its good works and according to Bottomline Managing Director of Global Business Paul Fannon, it will expand its presence and power.

In the UK CoP has shown its effectiveness,?but in 2022, it is expected to emerge to be a factor in other countries. In the waning days of 2021 SurePay, SEPAMail.EU and StreamMind launched the first cross-border IBAN Check/Confirmation of Payee solution. Right now, it’s limited to cross-border payments between France and the Netherlands. But this is a critical step toward cross-border CoP. It is also expected that ?CoP to move beyond its fraud?mitigation capacities and show its value on the data generation front. Yes, it will ensure the payment gets to the right account, but as it is used more frequently by more banks, increasing data generation will help fuel smarter analytics. Examples: On-time payment records, potential growth accounts, and even accounts that are at risk. It will also eventually lead to more enhanced data, which will potentially carry a URL that links to supporting documents.

CoP, and its related Request to Pay,?needs to gain more awareness among the small business community this year as only 20% are aware of it currently. For CoP to succeed, a coordinated effort will be needed across the financial services industry that includes awareness and education of its use cases among smaller businesses, who are an important part of the collective action we need to take across the industry to combat APP fraud.

?RBI LATEST REPORT ON THIS MATTER

These efforts have achieved impressive results: a reduction of up to 83 percent in false-positive alerts, a reduction of up to 93 percent in time spent investigating fraud, and a 77 percent cut in operating costs related to fraud mitigation. Ultimately, this approach is the only practical solution to protecting customers, eliminating false positives, and stopping emerging types of fraud that would otherwise be extremely difficult to detect. 4,071 banking fraud cases were reported during H1 FY2022. In terms of deposits, the number of reported cases of frauds stood at 208 of an amount involving Rs 362 crore. During the first half of the financial year 2021-22, the reported number of fraud cases in various banking operations increased to 4,071 as against 3,499 in the year-ago period, the RBI's Report on Trend and Progress of Banking in India 2020-21 showed. However, the amount involved in?frauds in various banking operations based on the date of reporting declined to Rs 36,342 crore during April-September 2021 from Rs 64,261 crore in the corresponding period of the previous financial year.

In H1 2021-22, banks found ?1,802 reported cases of?frauds amounting to Rs 35,060 crore which were related to advances. There were 1,532 reported cases of?fraud linked to card/internet, involving Rs 60 crore, the report showed. In terms of deposits, the number of reported cases of frauds stood at 208 of an amount involving Rs 362 crore. During H1 of 2021-22, private sector banks (PSBs) accounted for more than half of the number of reported fraud cases. In value terms, however, the share of public sector banks (PSBs) was higher, indicating a predominance of high-value frauds. While the major share of loan-related cases pertained to PSBs, PSUs consisted of a majority of card/ internet and cash-related cases.

In the financial year 2020-21, the reported number of cases of frauds declined to 7,363 (Rs 1,38,422 crore) from 8,703 cases (Rs 1,85,468 crore) in 2019-20.In terms of the amount involved, a bulk of these cases occurred earlier but were reported during the year 2020-21. In terms of the area of operations, an overwhelming majority of cases were reported during 2020-21 in terms of the number and amount involved related to advances, while frauds concerning card or internet transactions made up 34.6 percent of the number of cases. In 2020-21, there was a marked increase in frauds related to PSBs, both in terms of number as well as the amount involved

\BOTTOM LINE ON 2022

As the year kicks off, Bottomline team members from across the banking, B2B payments, fraud and financial crime, customer experience, and treasury identify the business dynamics that will matter most to financial institutions and companies. ISO 20022. Real-time payments. Insider fraud. Continued digital transformation. A stubborn and disruptive global pandemic. There’s no shortage of issues surrounding digital integration and new ways for businesses to pay and get paid. A focus on the number one priority: customer experience. Without serving the customer, no advances in technology or innovation will amount to much when we look back at 2022.

CBDCS GIVE CRYPTO VIABILITY AND STABILITY

?The viability of cryptocurrencies such as bitcoin for business payments is not proven and may never be, given their volatility and innate barriers to demonstrating AML compliance. And it’s important to understand the following: 1) blockchain experimentation and actual uses of distributed ledger technology for business purposes are separate from the hype and popularity of cryptocurrency investments; 2) cryptocurrencies investment instruments are different than their value as a factor in business payments, and 3) it’s important to watch the emergence of digital currencies issued by central banks (CBDCs) as 2022 plays out. Marcus Hughes, UK-based business development director for Bottomline, explains the reasons :

The market is reaching the next level in the evolution of blockchain and crypto assets, especially relating to digital currencies. Recent work by various central banks means it is increasingly likely that quite soon one or more major central banks will issue their own Central Bank Digital Currency. Although a few small economies have already launched their own local Central Bank Digital Currency, we’re now seeing the central banks of several major economies announcing initiatives to test or even create their own digital currency. So, after many years of experimentation and seeing huge sums of money invested in blockchain, Central Bank Digital Currencies are now emerging as one of the most exciting and practical applications of this new technology. In tech terms, CBDCs might finally prove to be the “killer app” for blockchain.

Of all payment types, it’s cross-border payments that currently suffer from the greatest friction and complexity, so they are one of the best use cases for CBDCs. Advocates say that a CBDC would create “a more resilient payments landscape”, with a new payment rail, which meets the needs of our modern digital economy. It would therefore provide individuals and businesses with a reliable payments system that makes payments faster, cheaper, and more efficient. And it would protect against the risk of private payment systems potentially failing. By linking up different countries’ CBDCs, there is great potential to radically improve cross-border payments in multiple currencies, by making them real-time, 24/7, without cut-off times or holidays, while cutting costs associated with cross-border payments processed through the correspondent banking network. Using a CBDC for cross-border payments could reduce the time taken from days to a few seconds.

It seems increasingly likely that CBDCs will be structured in a 2-tier-system, a hybrid, whereby the central bank operates the core system and ensures its safety and efficiency, while commercial banks and payment service providers would compete to develop innovative use cases, to onboard and serve end customers, including handling AML requirements. Meanwhile, the private sector, such as commercial banks and Payment Service Providers, would compete to develop innovative use cases, to serve customers. In this way, consumers could pay with a CBDC just as today, with a debit card, online banking tool or smartphone app, all operated by a bank or other private sector Payment Service Provider. However, instead of these intermediaries booking transactions on their own balance sheets as is the case today, they would simply update the central bank’s records.

ISO 20022 DRIVES PAYMENTS TRANSFORMATION

The ISO 20022 messaging format isn’t new. But it is on the cusp of what is arguably the most urgent and relevant period in its existence – as it becomes widely adopted in the payments industry. In the UK the CHAPS RTGS infrastructure will move to what is called a ‘like for like’ migration in June 2022, where ISO 20022 messages will replicate legacy message architecture. In the EU, TARGET2 and EBA E1/S1 will fully migrate to ISO 20022 in November 2022. And for cross-border payments, SWIFT launched a new “in-flow” translation service that will facilitate the migration. The Monetary Authority of Singapore (MAS) has mandated that Financial Institutions which use the SWIFT-based MEPS+ system must comply with the ISO 20022 messaging format by June 2022.

Financial institutions who are unprepared for ISO or underestimating its impact are gambling with their ability to stay competitive. According to Bottomline’s market development director for ISO 20022 Edward Ireland, there’s the data component that makes ISO a treasure trove of information, but there are also the following reasons why it should be priority number one for banks globally. More use cases for ISO data are coming to the fore. With ISO, FIs have transaction information, not just payments information. Instead of containing only the basics (account number, name, transaction amount) ISO 20022 can carry invoice data, the purpose of the payment, and even more complex documentation. For example, a house sale could carry information about the type of property, the title, and the mortgage terms. This view is supported by Cyrus Bhathawalla, Managing Director - Global Head of Real-Time Payments at J.P. Morgan - “I agree that there will be benefits in reconciliation, automation and reducing manual operations inefficiencies, where you have people ticking and flicking registers. What’s more exciting, though, is in the areas of data analytics, forecasting, and modeling, because you’re consuming, in some cases, a hundred times more data than you would in a traditional, batch, automated clearing house-style payment, where you’re limited to, in the US, somewhere between 16 and 18 characters in the payment message.”

ISO 20022 is also poised to impact product development and revenue and has the potential to lead some FIs to remodel their payments businesses. Among them: fraud monitoring, sanctions screening, better clarity and granularity on payers and beneficiaries, foreign exchange rates, trade documentation, new API uses, and even new credit products based on the data carried by ISO. Beyond the deadlines and competitive urgency, ISO 20022 should be developed simply because we don’t yet know all the potential use cases that it will generate. ISO is also the key to digital and payments transformation. In fact, it can be seen as a springboard to both, and the complexities involved will demand effective partnerships and third-party providers.

?For example, challenges must be considered depending on how several countries plan to leverage the ISO change as a core part of their payments architecture - introducing new transaction data elements, network providers, connectivity options (e.g. API), rails (e.g. Instant Payments), digital services, and overlay services (e.g. Request to Pay).

?CROSS-BORDER PAYMENTS ACCELERATE WITH CLARITY

Cross-border payments are now considered in the same manner as any other type of payment. The end-user client, as well as the banks and financial institutions, expect that they should be processed seamlessly and in real-time, or as close as possible with all the related data enclosed. SWIFT GPI has revolutionized cross-border payments. It has enabled 92% of cross-border payments to be credited to the beneficiary’s account within 24 hours and 40% within just 30 minutes. That kind of speed has been missing from cross-border payments as well as tracking capability. Bottomline capitalized on that in late 2021 by announcing an API-based payment tracking service for banks worldwide, integrating SWIFT GPS data. The ISO20022 migration from SWIFT and from other networks and clearing (CHAPS in the UK for example) will accelerate the seamless processing of cross-border payments. FIN plus from SWIFT is already available for testing. The migration to ISO is the biggest and most important project for Banks and Financial institutions between 2022 and 2025. Cross-border payments will also be accelerated by new network choices. There are now new competitors on cross-border with alternative networks (VISA B2B for example) and new rails like Distributed Ledger Technology (DLT), Blockchain or even Central Bank Digital Currency (CBDC). They are still at an early stage, but they will compete in the future with existing networks.

CONCLUSION

?It is evident that the entire payment mechanism will change in features and applications. To ward off Fraudsters, we have no choice but to use AI and MI or any other software development in our digital architecture. There is no scope of looking back.