The internet is annulling latency, or at least any tolerance of it. Whether people are trying to get scores from sporting events half a world away, updates on breaking news, or even movie times, when the information doesn’t show up instantly, impatient users obsessively click ‘refresh’.
Stock traders and capital markets compete on instant use of bits of data, while news organisations compete on scoops. Betting companies instituted ‘courtsiding’ – planting employees courtside at sporting events to text back results for split-second advantages that translate into big money.
Payments have not sat out this ‘need for speed’. Just a decade ago US banks were still taking a week or more to clear cheques. Today, most major US banks clear and post cheque deposits either the same day or the next business day for established accounts.
However if the desire is for near-instant payments (and it is), there is still much room for improvement, especially compared to other countries. As
the Federal Reserve Bank of Chicago captured in its 2011 report
, today’s consumers in Sweden can pay one another via mobile almost instantly. Switzerland, Australia and South Africa likewise have had rapid payment schemes in place for some time.
Perhaps the most comprehensive faster payments scheme is the UK’s, launched in 2008 with substantial input from the Bank of England (BoE) as well as the UK’s largest banks. Under a strong governance template, the programme has achieved high participation rates, helped along by the UK’s concentrated banking structure, where the founding 10 financial institutions (FIs) represent 95% of deposits.
Today all UK banks and building societies can send and receive faster payments, and volumes are growing steadily with more than 3bn payments processed so far. A groundbreaking
mobile payment service
was recently committed to by eight UK FIs that represent 90% of UK current accounts.
Speed versus Risk
It is in this environment that the US Federal Reserve is pushing commercial banks to modernise the country’s payments infrastructure and one component of that plan is to speed up payments.
The major concern is whether faster payments mean more risk. Indeed, the UK did experience an uptick in fraud after introducing faster payments. Moreover as one US bank’s chief information officer (CIO) put it: “Who doesn’t want faster payments? But there’s a reason for some of the friction in the system. It’s to give participants time to verify legitimacy – to prevent fraud.”
The Fed acknowledges the increased risk: “Our thought is that because of the risk of fraud that is heightened with instant payments, especially if there was instant settlement, that there would absolutely need to be heightened authentication.”
It’s likely that US banks will follow the UK’s example, which is to permit banks to develop their own methods for customer identification and validation when initiating payments. After all, multiple methods, varied by banks, make things harder for hackers than a common, mandated method.
So how can fraud risk be mitigated for faster payments in the US?
In general, US banks will need to strengthen online authentication systems and processes in order to deploy risk-based transaction screening in real time. This will allow them to apply different risk factors to an account or an individual and vary them by transaction amounts. Transactions can be profiled on a wide variety of risk factors. Is there a history of this customer paying the payee? Is the device the customer is using among their regular devices? Is the customer in their home country? Does the payee receive payments from other customers of the institution?
Banks could also take into consideration the channel being used; for example, requiring the first payment to a payee to be performed through a specific channel, or take a longer time to process and validate.
The banks could customise these rules, set the boundaries, and then customers would be given the option to customise further. For example, they can choose their own multi-factor authentication methods, or adopt different methods for large and small transactions, as well as for regular versus irregular payments. They could also customise based on their personal comfort level; for example, a US$500 transaction for one customer might be low risk, while another regards it as high risk.
The key point is, broad brush rules for authentication – one-size-fits-all passwords and site keys will not only doom any effort but overlook the most salient point about risk: it varies widely and treating all parties alike drives up costs, frustrates good customers, prevents customers from recognising their own risk factor variations, and slows down what needs to go fast.
Customers expect speed, and they expect their online balances to be accurate, not subject to delayed postings of deposits or withdrawals. Certainly there will be challenges making faster payments a reality, including the complexity of the US banking landscape, which with more than 7,000 FIs is considerably less concentrated and thus less easily coordinated than that of other countries. However, innovation in security means that fear of fraud no longer has to prevent the rollout of faster payments.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.