09:00 AM
Wesley Wilhelm, NICE Actimize
Wesley Wilhelm, NICE Actimize

Are Mobile Payment Apps a Boon for Both Customers & Fraudsters?

How fraudsters can take advantage of mobile transactions, and how banks can mitigate that risk.

Clearly consumers love the ease of mobile remote deposit -- the ability to deposit checks anywhere, any time with their smartphones. Now considered a competitive differentiator for financial institutions, mobile remote deposit capture (RDC) moves customers away from more costly item processing systems and expensive branch and ATM visits, so it's a boon to banks. But could the age of mobile payment apps, a valuable extension of self-service banking, prove to be a boon to fraudsters, too?

Recent surveys suggest that more than 75% of financial institutions are not experiencing fraud through mobile RDC. However, will this remain that way for very long? If history is any indicator, I don't think so. Unfortunately, now is the time for fraud managers to stop reading surveys and start thinking like crooks. And that means assessing vulnerabilities and evaluating detection methods. As Dr. Paul Ekblom, a London crime expert, has suggested, "Now is the time to be 'designing against crime.'"

[For more on mobile security, check out: The Mobile Security Journey at Wells Fargo]

The truth is, much like customers, fraudsters follow speed, flexibility, and convenience. As past evidence shows, the more restrictions are placed on customers -- like low daily item and amount limits and multi-day holds -- the higher the frustration and customer attrition rates are. This is not to say that mobile RDC policies should be a free for all. But prevention and detection controls must be managed with the same consideration as other areas of fraud management -- by relying on a combination of human intelligence, pattern analysis, and behavioral signatures to distinguish criminal activity hiding within the overwhelming volume of legitimate activity.

How do financial institutions manage to keep customers happy without helping fraudsters? Unlike other areas of fraud, deposits require both monitoring and potentially restricting access to money coming in and going out of the account. Financial institutions must scrutinize deposits, checks, and fund transfers, all while honoring federally mandated funds availability timelines. The faster a deposit or check is determined to be legitimate, the faster the bank can safely make the customer's funds available. Increases in processing speed and improved availability have resulted in dramatically reduced detection and decision time frames, and thereby more satisfied customers. Next up, day-one and day-two deposit fraud controls (and manual review processes) have to be upgraded to attain the decision-making speed and consistency required in real-time and nearly real-time deposit processes.

Keeping the fraudster in mind, the check-image clearing process should move only so fast -- to maintain certainty that the funds being made available actually are available right up until the time the check clears. By using the same fraud detection and mitigation approach used in the online banking, card authorization, ACH origination, bill pay, and wire transfer channels, and by examining activity patterns and account activity consistent with suspicious behavior, a financial institution can have more confidence in identifying valid funds -- and delaying availability for funds displaying suspicious activity.

Wesley Wilhelm (Wes) has more than 30 years of experience in banking and consulting to the financial services industry, with extensive knowledge of fraud management, payments, and retail banking technology and operations. He has held numerous management positions in risk and ... View Full Bio

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.