Instant payment systems (IPS) are electronic payment solutions that enable the transfer of funds between different accounts within seconds, regardless of the time of day or the location of the sender and the receiver. IPS offer significant benefits for consumers, businesses and the economy, such as convenience, efficiency, inclusion and innovation. However, IPS also pose new challenges and risks, especially in terms of fraud prevention and detection.
Fraud is a deliberate act of deception intended to result in financial or personal gain. Fraud can take many forms, such as identity theft, phishing, spoofing, malware, social engineering, account takeover, unauthorised transactions, money laundering and terrorism financing. Fraudsters exploit the vulnerabilities of IPS, such as the speed, anonymity and irrevocability of transactions, to execute their schemes and evade detection.
Fraud prevention is a proactive approach to minimise the occurrence and impact of fraud. Fraud prevention strategies include implementing robust security measures, educating users, monitoring transactions, sharing information and collaborating with stakeholders. Fraud prevention is essential to protect the integrity, trust and reputation of IPS and to ensure their continued adoption and growth.
The purpose of this blog post is to compare and contrast the innovative approaches to fraud prevention in IPS adopted by developed and developing countries. The blog post will focus on four aspects: the regulatory framework, the technological solutions, the user awareness and the cross-border cooperation. The blog post will also highlight the best practices and the challenges faced by different countries in their efforts to combat fraud in IPS.
The regulatory framework for fraud prevention in IPS consists of the laws, rules and standards that govern the operation, supervision and oversight of IPS and the roles and responsibilities of the stakeholders. The framework aims to ensure the security, reliability and integrity of IPS and to protect the users. The framework also guides and encourages technological solutions and user awareness measures for fraud prevention in IPS.
Developed countries have more comprehensive and harmonised frameworks than developing countries. For example, in the EU, the Payment Services Directive (PSD2) and the Regulatory Technical Standards (RTS) provide a common legal basis for fraud prevention in IPS across the member states. The PSD2 and the RTS require payment service providers to implement strong customer authentication (SCA) and common and secure communication (CSC) for electronic payments, which enhance the security, innovation, competition and trust in IPS.
Developing countries have less developed or fragmented frameworks, due to various factors such as lack of resources, expertise or coordination among regulators, or legal or institutional barriers. For example, in some African countries, there are multiple regulators for different types of payment service providers, which create inconsistencies or gaps in the regulation of fraud prevention in IPS. Moreover, some developing countries rely on general laws or regulations for electronic payments or consumer protection, rather than specific ones for IPS or fraud prevention in IPS.
Technological solutions for fraud prevention in IPS include biometric authentication, artificial intelligence, machine learning, blockchain, encryption, tokenisation and cloud computing. These solutions can enhance the security and efficiency of IPS by verifying the users, analysing the transactions, validating the data, protecting the information, and enabling the traceability and auditability of the transactions.
Developed countries have adopted more sophisticated and innovative solutions than developing countries. For example, in Europe, the Single Euro Payments Area (SEPA) Instant Credit Transfer (SCT Inst) scheme requires SCA based on two or more factors. Some European countries have also implemented advanced fraud detection systems based on artificial intelligence and machine learning that can monitor and flag suspicious activities in real time. For instance, France has developed a system called FICO Falcon Fraud Manager that uses predictive analytics to score each transaction according to its risk level and alert the banks and customers accordingly.
Developing countries have adopted some solutions, but they face more challenges in terms of infrastructure, cost and interoperability. For example, in Africa, some countries have introduced biometric authentication for IPS users, but these solutions require reliable internet connectivity, adequate devices and databases, and standardised protocols that are not always available or affordable. Moreover, some developing countries have limited access to advanced technologies such as artificial intelligence or blockchain due to their high cost or complexity.
User awareness is a key factor for fraud prevention in IPS, as it involves educating and empowering the users to protect themselves from fraudsters and report suspicious activities. User awareness can be enhanced through various means, such as providing clear and accessible information, promoting good practices and habits, and encouraging the users to report any incidents or anomalies.
Developed countries have invested more resources and efforts in raising user awareness, as they have more mature and sophisticated markets and regulatory frameworks. For example, in the EU, the EBA has issued guidelines on security measures for IPS and launched a campaign to raise public awareness about payment security issues.
Developing countries face more challenges in enhancing user awareness, as they have less developed financial literacy and digital inclusion. Moreover, they may lack adequate regulatory frameworks and oversight mechanisms to ensure the transparency and accountability of IPS providers. For example, in Africa, where IPS are widely used for mobile money services, there is a lack of harmonised standards and regulations, which may create confusion and uncertainty. Furthermore, there is a need to address the cultural and behavioral barriers that may hinder the adoption of good practices and habits.
Cross-border cooperation is a crucial aspect for fraud prevention in IPS, as it involves sharing information and resources among different countries and jurisdictions to detect, prevent and prosecute cross-border fraudsters. Cross-border cooperation can be facilitated through various means, such as establishing common rules and standards, creating platforms and networks for information exchange and coordination, and developing joint initiatives and actions to combat fraud in IPS.
Developed countries have established more advanced and comprehensive frameworks for cross-border cooperation, as they have more experience and expertise in dealing with cross-border payment issues. For example, in the EU, there is a high level of harmonisation and integration of payment systems and regulations, as well as several mechanisms for cross-border cooperation among authorities and stakeholders at the EU level.
Developing countries face more difficulties in fostering cross-border cooperation, as they have less capacity and resources to deal with cross-border payment issues. Moreover, they may encounter legal and political obstacles that may hamper their cooperation with other countries or regions, such as divergent or conflicting laws or regulations; lack of mutual recognition or enforcement of judgments; sovereignty or jurisdictional issues; etc. For example, in Asia-Pacific, where IPS are rapidly expanding, there is a need to enhance the harmonisation and convergence of payment systems and regulations, as well as to strengthen the collaboration and coordination among authorities and stakeholders.
We compare IPS design, deployment and fraud prevention in four diverse countries: the UK, Sweden, India and Nigeria.
The United Kingdom: Faster Payments Service (FPS)
The UK’s FPS, launched in 2008, is the world’s first real-time payment system. It allows customers to send and receive up to £250,000 within seconds, anytime, through various channels. It is widely used for P2P, bill, online and business payments. FPS faces two main types of fraud: authorised push payment (APP) and account takeover (ATO). APP fraud is when customers are tricked into sending money to fraudsters. ATO fraud is when criminals hack into customers’ accounts and make unauthorised payments. The UK combats fraud with a multi-layered approach: customer education and awareness, Confirmation of payee (CoP) service, transaction monitoring and analytics, and fraud reporting and reimbursement.
Sweden’s Swish, launched in 2012, enables real-time payments up to 150,000 SEK using mobile phone numbers. It is mainly used for P2P, online and merchant payments. Swish faces phishing and social engineering fraud, where customers are tricked or manipulated into sending money or revealing information. Sweden combats fraud with a multi-layered approach: customer education and awareness, SCA requirement, transaction monitoring and analytics, and fraud reporting and reimbursement.
India: Unified Payments Interface (UPI)
India’s UPI, launched in 2016, enables real-time payments up to 100,000 INR using a VPA linked to a bank account. It is mainly used for P2P, online and merchant payments. UPI faces phishing and vishing fraud, where customers are deceived or called by fraudsters. India combats fraud with a multi-layered approach: customer education and awareness, SCA and device binding, transaction monitoring and analytics, and fraud reporting and reimbursement.
Nigeria: NIBSS Instant Payment (NIP)
Nigeria’s NIP, launched in 2011, enables real-time payments up to 10 million NGN using a bank account or phone number. It is mainly used for P2P, online and merchant payments. NIP faces phishing and SIM swapping fraud, where customers are tricked or hacked by fraudsters. Nigeria combats fraud with a multi-layered approach: customer education and awareness, SCA and device binding, transaction monitoring and analytics, and fraud reporting and reimbursement.
In this blog post, we have discussed the main challenges and strategies for fraud prevention in instant payment systems (IPS). We have seen that fraud prevention in IPS is a complex and dynamic challenge that requires innovative and collaborative approaches from different countries and stakeholders. We have also compared and contrasted the different approaches adopted by developed and developing countries, highlighting their strengths and weaknesses, as well as their common goals and challenges. Finally, we have emphasised the importance of learning from each other’s experiences and best practices, as well as of seeking synergies and partnerships to combat fraud in IPS more effectively and efficiently.
We hope that this blog post has provided you with some useful insights and perspectives on fraud prevention in IPS. We invite you to share your comments, questions, and feedback with us. Thank you for reading!
Internal Auditor at EthSwitch S.C
DFI Alumni and Community Member
- Regulatory Technical Standards on strong customer authentication and secure communication under PSD2 | European Banking Authority: European Banking Authority (europa.eu),European Banking Authority, accessed October 2021.
- Final report on the draft RTS on SCA and CSC under PSD2 (EBA-RTS-2017-02) 2017-02-15 BoS Final report on the draft RTS on SCA and CSC under PSD2.docx (europa.eu) ,European Banking Authority, February 2017.
- SEPA Instant Credit Transfer – European Payments Council, European Payments Council, accessed October 2021.
- FICO® Falcon® Fraud Manager | Falcon Fraud Manager | FICO, FICO, accessed October 2021.
- EBA publishes final Guidelines on security measures under PSD2 European Banking Authority (europa.eu), European Banking Authority, July 2017.
- Proposal for a Regulation amending Regulations (EU) No 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euro (europa.eu), European Commission, September 2021.
- Introduction: IP and the Asia-Pacific ‘Spaghetti Bowl’ of Free Trade Agreements | SpringerLink, by C. Antons and R. Hilty, in Intellectual Property and Free Trade Agreements in the Asia-Pacific Region, Springer, 2015.
- The Rise of Fraud in Faster Payments | Access Paysuite, by A. Bhatti, Access Paysuite, June 2020.
- Swish fraud occurs | Sveriges Riksbank, Sveriges Riksbank, October 2020.
- New types of fraud increasingly common (riksbank.se): | Sveriges Riksbank, November 2021.
- UPI Frauds – Types of UPI Payment Frauds and How to Stay Safe (razorpay.com), Razorpay, August 2019.
- UPI Payments frauds: Beware of these 4 frauds while making payments via UPI amid lockdown – The Economic Times (indiatimes.com), by P. Yadav, The Economic Times, May 2020.
- World Bank Fast Payment Toolkit Case Study: Nigeria: (worldbank.org), World Bank Group, September 2021.