Educating members on real-time payments fraud risks
The Clearing House (TCH) launched the RTP® network in 2017—the first new payment rail in the U.S. in over forty years. Fraud is always a top-of-mind business concern with payments. However, the new payment rails themselves, such as RTP, are the most secure the country has seen. This will also be true for the upcoming real-time payments network from the Federal Reserve, the FedNowSM Service when it goes live in 2023. Since real-time payments are based on a credit push model, funds just can’t be pulled out of an account from an external party. The sender has to initiate the payment directly from their account, a design element of the networks meant to thwart various fraud schemes that benefit from a debit model. There are a ton of fraud prevention tools available and practices that are already in place. However, member education remains the most important prevention tool available. Here’s what credit unions should educate their account holders on to fight fraud.
Funds are irrevocable
With many legacy payment types, a member can recall a payment made in error before it’s cleared and settled, and in some cases up to 70 days after it has. Real-time payments happen in, well, real-time. So the payer cannot cancel the transaction and the funds are available for the payee to use or withdraw immediately. As with other payment types, but even more imperative in this case, members should therefore only initiate real-time payments to trusted recipients and triple-check that they have the correct information.
Credit unions don’t ask for login information out of the blue
It can’t be emphasized enough. Members need to know that their credit unions will never ask for online banking credentials through an outside channel, whether it be by phone, email, or text. Both members and businesses should know the signs of fraud, such as spelling errors, suspicious sender email addresses, and ‘urgent’ requests. Keep yourself aware of account activity at all times by taking advantage of account alerts. And, of course, login information should be secure and hard to guess.
Business Email Compromise (BEC)
CEO fraud and authentication fraud are top threats to real-time payments. Layered fraud approaches including matrix-based approvals, biometric-based credentials, and the use of tokens for releasing payments can help, and so can employee vigilance. Employees should automatically verify the source of a request for payment from suppliers and billers. Using templates for payments or approval matrix will keep fraud to a minimum.
Read Best Practices to Prevent Payment Fraud for more on fraud.
