Could instant payments become the safest way to move money?

by Amanda Mickleburgh, director of fraud product management at ACI Worldwide

Amanda explains why instant payments can be far less vulnerable to fraud than other transactions

Instant payments have transformed the way money moves, offering greater speed and convenience. But with this speed comes a major challenge: Faster payments mean faster fraud.

Criminals stole £1.17 billion through unauthorised and authorised fraud in the UK during 2023, and the trend shows no signs of slowing. By 2028, Authorised Push Payment (APP) fraud losses in the UK are expected to reach £636 million. Of these £500 million will be linked directly to instant payments, according to ACI’s latest Scamscope report. Fraudsters are refining their tactics at an alarming pace, making it increasingly difficult for financial institutions to stay ahead.

So, how can banks and payment providers detect and stop fraud in real time?

The short answer: we need to rethink our approach.

Technology, particularly data, holds the key to securing instant payments and there are three crucial steps financial institutions must take. First, make the most of the ISO 20022 payment messaging standard. Second, tap into third-party intelligence available within the industry to bolster fraud detection. Third, use AI and machine learning to enhance decision-making, reduce fraud risk and improve the client experience.

ISO 20022: making the most of payment data

ISO 20022 represents more than just an industry standard; it’s a tool with the potential to transform fraud prevention. Banks are only beginning to scratch the surface of its potential to improve the data and transaction insights they monitor. This standard not only allows for smoother payments but also helps banks to conduct more thorough compliance monitoring and risk assessments.

With its unified data model, ISO 20022 introduces a more streamlined structure that enhances communication across payment systems, carrying much more information about a payment than older formats.

For example, the new messages include more space to add the full details of payees and payers. They also have ‘purpose of payment codes’. These four letters show the reason for a payment. Other information includes ‘legal entity identifiers,’ ‘type of account’ and other standardised fields that help banks identify red flags. There’s even space to add in details about the device on which a payment is initiated, how a consumer interacts with that device and the IP address it’s linked to.

This really matters, because it can carry telltale signs of fraud. For example, suppose someone opens their banking app and begins copying and pasting new payee details from other sources. In that case, it might be a sign that they’re about to make a payment to a scammer pretending to be a family member or friend in an APP fraud. Or, if they’re more hesitant than normal, it might be a sign of doubt, which could signify fraud is about to take place. With additional data, it’s possible to increase the precision and accuracy in predicting fraud before a transaction is completed.

Despite the new standard’s potential, many financial institutions are still in the nascent stages of using this capability. Although regulatory requirements have driven adoption, ISO 20022 offers untapped advantages that go well beyond mere compliance. The structured data available allows institutions to gain deeper insights into transaction patterns and significantly enhances the security of instant payments.

The key lies in their willingness to make full use of its potential.

Beyond compliance: insight from third party data

Access to robust data, like ISO 20022 message insights, is just the beginning. Real-time fraud prevention requires understanding the patterns within vast networks of payments. Let’s just stop and consider how much money changes hands every day. ACI Worldwide alone processes £11 trillion in payments for more than 5,100 organisations every 24 hours.

The trends and insights to be realised from these transactions are immense. ACI calls it ‘network intelligence’, and it incorporates payment information from banks, merchants, billers and central infrastructures. For example, patterns in how a user interacts with a payment device or the timing and location of transactions might reveal subtle signs of fraudulent activity that single-institution data alone would miss.

This network intelligence is invaluable, but there’s a catch: data privacy. Owing to data protection laws and regulatory concerns, banks are understandably cautious about using third-party data. To address this, ‘signal sharing’ rather than direct data sharing is key. Signal sharing simply means banks securely share anonymised transaction data with a third party, which sends back an anonymised risk score or alert if something unusual is detected. This way, banks swiftly gain valuable insights without risking user privacy.

Just imagine the potential of using insights beyond financial data, too. Sharing negative data among entities marks an important step toward enhancing security. ACI’s network intelligence, for example, identifies suspicious payment patterns, while collaborations with other entities, such as social media platforms, can reveal if a user has a history of fraudulent behaviour or other red flags. This collaborative approach offers a broader perspective that a single entity might not uncover alone. By combining insights across the payment ecosystem, banks can block scams in real-time, enhancing the security of instant payments.

Despite its benefits, the adoption of network intelligence and signal sharing has been limited. In the UK, banks will be able to pause suspicious payments for up to four days to investigate fraud, a measure that, while protective, undermines the very concept of instant payments and fails to take advantage of signal-sharing techniques. This approach could reduce the convenience that consumers expect from instant payments and may also complicate interoperability with the EU. With the enormous volume of data that banks must now process daily, signal sharing can help financial institutions detect fraud without unnecessary delays.

To address this, the UK and EU must work together on standardised fraud prevention methods. Achieving this requires the industry to update outdated processes and overcome hesitations around the complexity of data-driven intelligence. Yet, with the sheer volume of transactions rapidly increasing, banks must find a way to keep pace without sacrificing security.

This is where AI and machine learning come in.

AI: The missing piece of the puzzle

AI and machine learning-powered solutions are now essential in detecting and preventing fraud by processing vast amounts of payment data and identifying suspicious patterns as they emerge. Fraud prevention solutions powered by AI can analyse and interpret data in real time, providing insight into whether a transaction is potentially fraudulent. By comparing current activity with historical transaction data, AI-powered solutions can quickly detect and signal what could be a fraud.

In fact, AI’s effectiveness in fraud prevention isn’t just theoretical – it’s proven in practice. The US Treasury recently recovered more than £3.1 billion in improper payments, with £784,000 million attributed to directly using AI. With techniques like anomaly detection and risk scoring, AI pinpoints irregular transactions instantly, including those that would otherwise go unnoticed, providing financial institutions with a proactive approach to preventing financial losses. In the case of the US Treasury, for example, AI has a clear ROI, too.

With fraud tactics evolving and data becoming more vital to transactions, AI’s continuous learning capacities ensure that systems stay up-to-date and in control of new threats. By layering AI models with vast datasets, including anonymised insights from across the industry that use ISO 20022, this three-step approach offers a solution that can quickly identify both legitimate and potentially fraudulent transactions. The result? Fewer false positives and a seamless experience for financial institutions and customers alike.

Next steps for safe instant payments

Instant payments are reshaping the financial landscape, bringing both opportunity and risk. To ensure their security, financial institutions must fully embrace the technologies at their disposal. By integrating ISO 20022, drawing on industry intelligence and using AI-powered fraud detection, banks can proactively stop fraud before it happens – without slowing payments down.

When financial institutions use tools and foster collaboration across the industry and third parties, they can go beyond minimising risk and take advantage of the broader benefits of instant payments. Taking this approach paves the way for instant payments to become the safest method of transferring money in a highly connected world.