Pushing It

Pushing It

In the immortal words of Salt-N-Pepa,? we have all been living in a world where we ‘push it, push it’ when it comes to payments...(if you were too young in the mid 90s to know who Salt-N-Pepa are, immediately go and look them up)?

It’s normal to create a send a payment from your?bank account using someone’s bank account details. This is not limited to sending money to our friends and family, we also find it perfectly normal to see bank account details at the bottom of invoices, on rental agreements, on services agreements, etc. No wonder we are so prone to obligingly sending money out of our account to scammers and fraudsters, we perform the same actions for legitimate business all the time. No difference- normal behavior.?

It shouldn’t be.?

Businesses (and the banks that support them) should be doing a lot more to de-normalise push payments, but, I am not sure that ‘we’ (the collective industry ‘we’) have really asked them to.?

It's a well discussed fact that the scourge of Push Payment Fraud is exploding around the world. There are efforts to try and combat this in many countries – in Australia there is the National Anti-Scam Centre – a task force that includes representatives from banks, regulators, law enforcement and telcos, in the UK the Payment System Regulator has introduced ‘mandatory reimbursement’ which effectively makes your bank liable to make you whole again if you lose money to a scam (I would argue this doesn’t really prevent the issue but treat the resultant problem... it’s contentious) and in the US, NACHA (the body that makes the rules for the ACH system) has updated the rules this week to try and address the rising tide of Push Payment Fraud. The new rules essentially empower a receiving bank to hold or send back a payment that has entered their account base that seems erroneous whilst also allowing a sending bank to easily recall a payment for any reason. ?

The commonality of all this (beyond the fact that push payment fraud is a terrible problem) is that there is a prevailing sentiment that ‘everyone plays a role’ in preventing push payment scams and fraud. It’s true. Children and payments ‘require a village’ to look after them -?there are many stakeholders involved in ‘doing a payment’. ?

I don’t think that we are looking closely enough at how normal these payments are. Nor do I think that businesses understand what role they can play in changing behavior away from dangerous, nasty ‘traditional’ push payments and towards safer waters. ?

The rationale being that if it becomes less normal to have someone ask us to do one of these ‘bank account’ payments, the less prone we will be to simply sending a payment to a malicious party. ?

We do have great initiatives such as addressing services over real-time payments (like PayID in Australia) and confirmation of payee services, but, these are a thin line of defence against behavior rooted in habit.?

How should businesses saddle up and join the fight against Push Payment Fraud? Quite simply, stop asking people to pay you via your bank details!! (imagine an exasperated not-quite-shouting-but-almost tone as you read that please). Not only will this protect you and your customers, but it will also, if done well, give a business a huge efficiency boost. Hurrah.?

Banks, pay attention, as the vanguard of demanding action on scams (and being on the hook to reimburse lost funds in some cases), you can and should be supporting your business clients to end their dependance on push payments, thereby helping them and contributing to a better world. Hurrah for you too.?

Brace yourselves, this next part does contain some shameless promotion of Paypa Plane’s Smart Payment Agreements?, but only because they are really good and can genuinely help in the campaign to de-normalise push payments. There are also some solid non-promotional bits too, I promise.?

There needs to be loads of compelling reasons for businesses to shift behavior and for them to ask their payers to shift behavior. Here’s a few:?

  • Indecent Exposure: Push payments expose businesses and consumers to a higher chance of having a payment sent to the incorrect account - either by entering incorrect account details by mistake or by malicious scams or fraud. Email comprises, invoice switching, and business impersonation all mean that payers might simply pay a fraudster instead of the business. It’s wild how frequently this occurs. These things can be mitigated by using a Smart Payment Agreement to protect business and consumers. A Smart Payment Agreement is protected by measures including OAuth, MFA, user authentication, micro-consent capture and masking payment details from the payer and payee. No switching, invoice comprise or mistaken payments possible.?
  • Easing in changes:?Push payments will reach a time of transition?- and in many cases they already have - where 'old school’ direct credit defaults to real-time rails. This makes the fraud, scam and mistaken payment issue even more problematic - there is no stoppage or recall on a real-time payment (just ask the UK where they are thinking about slowing them back down). Considering how best to leverage new payment types and processes is made much simpler for business and consumer if the experience before the transaction remains consistent. A Smart Payment Agreement? will go through the same steps for the payer and the payee, no matter what the ultimate transaction choice is. If we lift our thinking above the transaction and consistently capture and authenticate payer, payee, context of the payment and log this in event-based system, we have the freedom to move between transaction rails without gaps for scams opening. Banks will also be able to better manage and run quality control on disputes because of the rather magic agreement-based contextual meta-data attached to every transaction.?
  • Reconciliation Issues:?whilst a payment may be expected by a business because it is 'due', with a push payment, there is no control over when, how much and what the reference will be when that payment lands in the business's bank account. The business is exposed to payments that have no expected reference points. At best, this is a manual burden for administration, at worst, this could even expose the business to AML/KYC issues if they cannot match the sender and the reason for the payment. This is uncomfortable for a small business and head-achingly worrying at a larger scale. ?
  • Control?and transparency:?push payments clearly have intrinsic disadvantages for businesses and consumers but, payers revert to them because they are so normal, and habits are habits. Plus, there is a feeling of control and transparency that is associated with push payments.?This association is reasonable considering the dated processes of direct debit and even card-on-file pull payments. These things are inherently opaque and remove the consumer from the process after they provide the payment details. Everyone knows someone who has battled with trying to cancel a card-on-file or direct debit. These are the horror stories that push payments proponents thrive on. ?Smart Payment Agreements??redress this balance by ensuring that consumers remain involved and informed, that all agreements are transparent, that any transaction initiated is within the parameters of the agreement and that there are management capabilities provided to them (within the scope of the business's ruleset). Essentially giving pull payments the ‘comfy feeling’ of push payments. Like putting lovely cozy slippers on them.?
  • Pushing the Smart:?whilst there will be circumstances where a consumer still wishes to have the option for a push payment, keeping the activities before the we get to the transaction instructions consistent with other methods will help to ‘de-normalise’ the concept of just sending a payment to bank details that a business (or a scammer) provides. In context -?leveraging the construct of Smart Payment Agreements??with a push payment option (such as BPAY or bill payment or an addressing solution)?alleviates the risk of having bank details switched or mistaken (and prevents scammers from being able to communicate their details with the payer) and will help move consumers away from thinking it is normal to just get bank details to send a payment to. It might also encourage them away from Push altogether and into some of the pull-based options.?

?

We need to stop Pushing It. The way we pay legitimate businesses shapes the behavior and ‘normal’ payment habits that scammers take advantage of. We need to de-normalise bank account push payments so that when someone asks us to send money to their bank details, it’s so jarringly weird that the wizard behind the curtain is revealed. Will this completely solve the problem so we can all kick back with a cup of coffee and a congratulations cupcake? No. But it will certainly help and, back to our payments-village, we should all be helping to stop?Push Payment Fraud. ?

?

?

?

?

?

Hazem Kassem

Strengthen businesses' financial performance through outsourcing services in F&A and Automation | FP&A | Business Analysis | Design processes to optimize use of Technology.

6 个月

Simone, thanks for sharing!

回复
David Birch

International keynote speaker, author, advisor, commentator and investor digital financial dervices. Recognised thought leader around digital currency, digital ID and digital assets. Follow dgwbirch.bsky.social

8 个月

Stop allowing retail customers access to immediate payments. Give them proper request-to-pay and variable-recurring-payments services for access to instant payments.

回复
Dominic Gee

Compliance | KYC (Individual & Corporate) | Operations

8 个月

upload at the speed of moderation or upload at the speed of effective moderation. Or moderate to effectively upload. Those are the choices. Build the systems around the choice.

回复
Dr Brad Pragnell

Strategic leader in financial services | Regulatory & strategic policy expert | Innovator in industry-transforming projects

8 个月

Simone Joyce great article and yes the industry has a long way to go in terms of both providing the right solutions and directing user behaviour in a way that make push payments safe and efficient. I was however struck by ABS data on significant increases in card fraud. This remains a serious issue and I fear that the noise around Authorised Push Payment Fraud can inadvertently mask the fact there is still a lot of good old credit card fraud. I believe that a lot of the conversations around push payment fraud are about genuinely finding a solution to help this segment grow. Your efforts are an important part, so ??. Though I do worry at times when I see narratives (generally outside of Australia, mind you) that try to portray cards as “safe” and push payments as “unsafe” for nothing other than trying to maintain commercial advantage (often through regulatory arbitrage) and to smother new push payment systems before they can get off the ground. the https://www.abc.net.au/news/2024-03-20/abs-card-fraud-scam-data/103609822

Luke Raven

AML | Fraud | Compliance | Memes

8 个月

Every time you post it’s so thought provoking and well written Simone Joyce. I’m not gonna go with my gut on this one, which is to critically evaluate the arguments here, because to be honest as a financial crime expert they don’t immediately convince me or sit all that well. I must point out only that the idea that pull payments are fraud proof is definitely wrong. You acknowledge this, sort of, at the end, and I appreciate it. But I also feel that you imply quite heavily the opposite throughout the rest of the article which for me makes me wanna “push” (haha!) back. Instead I’m gonna “pull” (hahaha!) back and let it marinade for a bit, because it’s definitely a novel concept and a well written piece regardless.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了