The adoption of faster payment systems has revolutionised transaction processes in countries such as India, the UK, Malaysia, and Australia. These systems offer unparalleled convenience and speed, but they also bring about a new challenge: fraud. As the popularity of faster payment systems grows, fraudsters have swiftly adapted their tactics to exploit vulnerabilities within these systems. This poses significant challenges for both financial institutions and regulators.
A report commissioned by Outseer shed light on the trends associated with different forms of payment fraud attacks. According to the report, 57% of surveyed financial institutions noted an increase in mule activity over real-time payment rails in 2022 compared to 2021. Furthermore, 71% reported an increase in consumer Account Takeover (ATO) using real-time payment rails, while 62% observed a rise in consumer authorised push payment (APP) fraud via real-time payment rails.
These alarming statistics highlight the urgent need for robust measures to mitigate fraud risks within the context of faster payment systems. Financial institutions and regulators in India, the UK, Malaysia, and Australia are actively addressing this issue through the implementation of various strategies and safeguards.
In this blog, we will explore the faster payment systems in India, the UK, Malaysia, and Australia, and delve into how regulators are supporting and protecting customers in these countries. We will examine the key features and advancements of these payment systems that have transformed the way transactions are conducted. Additionally, we will delve into the regulatory frameworks and measures implemented to ensure customer protection, enhance security, and mitigate fraud risks. By understanding the evolving landscape of faster payment systems and the regulatory efforts in place, we can gain insights into the initiatives taken to foster a safe and efficient environment for customers globally.
Rapid Adoption and Fraud Challenges
Faster payment systems, such as Brazil’s Pix, India’s Unified Payments Interface (UPI), Australia’s New Payments Platform (NPP), Malaysia’s DuitNow, and UK’s Faster Payments Service have experienced remarkable growth, surpassing traditional payment methods. Unfortunately, fraudsters have wasted no time in capitalising on these systems. They employ various techniques, including social engineering, to deceive unsuspecting consumers into voluntarily sending funds to them. This rise in fraud attacks, particularly mule activity and consumer-authorised push payment (APP) fraud, has compelled financial institutions and regulators to be on high alert.
Faster payment systems in India, the UK, Malaysia, and Australia and The Growing Menace of APP Scams
India: Unified Payments Interface (UPI)
India’s UPI has witnessed tremendous growth, driven by central bank incentives and the efforts of telecom companies to promote digital payment adoption. With its user-friendly interface and seamless transaction experience, UPI has become the preferred choice for person-to-person and person-to-merchant payments. However, the rapid adoption of UPI has also attracted the attention of fraudsters. They exploit the trust and convenience associated with UPI to carry out scams such as fake payment requests, phishing attacks, and fraudulent merchant transactions. Financial institutions and regulators in India are actively working to enhance security measures and educate users about potential risks.
Security improvements in the Unified Payments Interface (UPI) system include:
- Two-Factor Authentication: To enhance security, the National Payments Corporation of India (NPCI) has mandated the implementation of two-factor authentication for UPI transactions. This ensures that users have to provide additional verification, such as a PIN or biometric authentication, to authorise transactions, making it harder for fraudsters to gain unauthorised access.
- Transaction Limits: The NPCI has set transaction limits for UPI payments, both per transaction and per day, to minimise the impact of potential fraud. By imposing limits, the system reduces the risk of significant financial losses in case of fraudulent transactions.
- Strong Customer Authentication (SCA): The Reserve Bank of India (RBI) has introduced SCA guidelines, requiring banks and payment service providers to implement strong customer authentication methods. SCA involves multiple layers of authentication, such as one-time passwords (OTP), biometrics, or device recognition, to ensure the legitimacy of transactions and protect users from unauthorised access.
UK: Faster Payments Service (FPS)
The UK’s Faster Payments Service (FPS) has transformed the payments landscape, enabling near-instantaneous transfers between individuals and businesses. While the introduction of FPS has provided convenience and efficiency, it has also opened new avenues for fraud. Fraudsters take advantage of the speed and irreversibility of FPS transactions to trick victims into authorising payments to fraudulent accounts. Common scams include invoice redirection fraud, romance scams, and investment fraud. UK financial institutions and regulatory bodies have implemented measures to combat fraud, including secure authentication protocols, fraud detection systems, and public awareness campaigns.
UK regulators have been actively addressing the issue of APP fraud by implementing various measures. The introduction of the voluntary Contingent Reimbursement Model (the code) aimed to reimburse victims of scams. However, recent developments indicate a shift towards mandatory reimbursement legislation, holding institutions accountable for combating fraud.
PSR (Payment Systems Regulator) has recently outlined new regulations for the UK’s Faster Payments scheme. Under these rules, participants in the scheme will be required to share the cost of reimbursing victims of authorised push payment (APP) fraud; this will come into force in 2024. Alongside reimbursement, the regulator is increasing transparency through the publication of data on how well firms are protecting customers from fraud, promoting intelligence-sharing to spot and prevent fraudulent transactions, and expanding the roll-out of the name-checking service Confirmation of Payee.
Malaysia: DuitNow
DuitNow is the faster payment system in Malaysia that enables instant fund transfers between participating banks and e-wallets. It was introduced by Payments Network Malaysia Sdn Bhd (PayNet), the national payment network and shared central infrastructure provider in Malaysia. DuitNow aims to provide a convenient, secure, and efficient way to transfer money in real time.
The increased adoption of DuitNow in Malaysia has unfortunately coincided with an increase in authorized push payment (APP) fraud, particularly through the notorious Macau scam. However, DuitNow has implemented several aspects to provide a safer environment for users, mitigating the risks associated with such fraudulent activities.
Here are some key aspects of DuitNow that enhance customer protection:
- Two-Factor Authentication (2FA): Many participating banks and e-wallet providers have implemented two-factor authentication as an additional layer of security. This requires users to provide a second form of verification, such as a One-Time Password (OTP) or biometric authentication, to authorise transactions. 2FA adds an extra level of protection against unauthorised access to user accounts.
- Transaction Limits: Participating banks and e-wallet providers have set transaction limits to mitigate the impact of potential fraud. These limits restrict the maximum amount that can be transferred or paid through DuitNow. By imposing transaction limits, the risk of large-scale fraudulent transactions is reduced, providing better protection to customers.
- Customer Education and Awareness: Financial institutions and regulatory bodies have been actively educating customers about safe banking practices and raising awareness about common fraud techniques. Through various channels such as websites, mobile apps, and customer support, users are provided with guidance on how to protect themselves from fraud, including tips on securing personal information and recognising phishing attempts.
- Enhanced Fraud Detection and Investigation: Collaborative efforts between financial institutions, law enforcement agencies, and regulatory bodies have been strengthened to combat fraud more effectively. Sharing of information and intelligence helps identify trends, track down fraudsters, and facilitate investigations. This proactive approach enables quicker response times and the potential recovery of funds in cases of fraud.
- Regular System Upgrades and Security Audits: PayNet, the entity responsible for DuitNow, regularly performs system upgrades and security audits to identify vulnerabilities and address any potential weaknesses. This ensures that the infrastructure supporting DuitNow remains robust and up-to-date in the face of evolving fraud techniques.
- Continuous Improvement: PayNet, financial institutions, and other stakeholders involved in the DuitNow ecosystem are committed to continuous improvement. They actively seek feedback from users and monitor industry best practices to refine the system’s security measures. This ongoing commitment to improvement is crucial in staying ahead of fraudsters and maintaining customer trust.
Australia: New Payments Platform (NPP)
Australia’s New Payments Platform (NPP) has revolutionised the way Australians make payments, offering real-time transfers and the convenience of using mobile phone numbers or email addresses as payment identifiers. The adoption of NPP has gained significant momentum, with more financial institutions and businesses joining the platform. However, this increased usage has also attracted the attention of fraudsters. Scams targeting NPP users include impersonation scams, where fraudsters pose as legitimate recipients of funds and requests for payment under false pretenses. Financial institutions and regulators in Australia are collaborating to enhance security measures and promote consumer education to mitigate the risks associated with NPP transactions.
One effective tool within the NPP system is PayID, an addressing service that allows users to link their phone numbers or email addresses to their accounts for seamless real-time payments. Research commissioned by NPP Australia reveals that one in four PayID users have successfully prevented mistaken payments by editing or halting transactions, showcasing the significant role PayID plays in combating fraud and safeguarding users’ funds. PayID simplifies payments by replacing the need for complex BSB and account numbers, and transactions can be conveniently conducted through a bank’s internet or mobile banking app. Additionally, PayID enhances security by displaying the recipient’s name before finalizing a payment, reducing the risk of falling victim to fraudulent transactions.
To further bolster security, regulatory bodies such as the Australian Securities and Investments Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC) oversee payment systems and financial transactions in Australia. These entities actively work to enhance regulations and legislation related to scams targeting the NPP. This includes strengthening consumer protection laws and imposing stricter obligations on financial institutions to prevent fraud, for example:
- Industry Codes of Practice: In collaboration with industry stakeholders, the Australian Payments Network (AusPayNet) has developed the ePayments Code. This code sets out best practices and standards for electronic payments, including addressing liability and reimbursement for victims of APP scams. It provides a framework for financial institutions to follow and promotes transparency, fairness, and accountability in the payments ecosystem.
- Reporting and Data Sharing: The government encourages financial institutions to report instances of APP scams and share information on fraudulent activities with regulatory authorities. This facilitates the identification of emerging trends, the implementation of proactive measures, and the development of effective strategies to combat scams.
- Collaboration and Coordination: Government agencies, including ASIC and AUSTRAC, collaborate with industry participants, law enforcement agencies, and consumer advocacy groups to coordinate efforts in combating APP scams. This collaboration ensures a comprehensive approach to addressing fraud, sharing intelligence, and raising awareness among the public.
- Reimbursement Framework: The government is actively working on a reimbursement framework for victims of APP scams. The objective is to establish clear guidelines and standards for financial institutions to provide timely and fair reimbursement to customers who have fallen victim to fraudulent transactions. This reimbursement framework aims to strike a balance between protecting consumers and ensuring the accountability of financial institutions.
A proactive stance and the adoption of a multi-layered approach are needed
As faster payment systems continue to gain popularity worldwide, the fight against fraud becomes an ongoing challenge. Financial institutions, regulators, and users must collaborate to implement robust security measures, remain vigilant against emerging scams, and continually educate themselves about fraud risks. By staying proactive and adopting a multi-layered approach to fraud prevention, countries like India, the UK, and Australia can ensure the integrity and trustworthiness of their faster payment ecosystems, protecting consumers from falling victim to scams.