MX, Umpqua Bank, U.S. Bank, Suncoast Credit Union
Xero, USAA, Capital One, MX, FDX
MX, Regions Bank, Informative Research, MX
So, uh, welcome to the Rise of Fraud and Protecting Payments breakout session.
I'm David Whitcomb, VP of Product Strategy and Commercialization at MX. Uh, you might have seen me earlier on the main stage, uh, if you were here for the keynote.
So I've been able to interact with a few of these folks a little bit over time, but I'm gonna have them go ahead and introduce themselves, uh, starting with, with Ashton from Sardine.
Hey everyone. Yeah, I'm Ashton. Uh, it's kind of ironic that I'm here, uh, talking about preventing risks and how to address risks when normally I'm always at Snowbird, uh, uh, taking on huge risks on powder days. But, uh, yeah, I'm, I'm from Sardine. We build, uh, uh, fraud, compliance and payments products. And previously I worked on fraud prevention for payments at AWS and a company called Riskified.
Awesome. Bradley Wilkes. I'm a co-founder and CEO of Open Payment Network. We specialize in instant payments for financial institutions, so we're deeply interested in how to protect payments and, and lower the rise of fraud. So mitigate it.
Brady Harrison, director of Customer Analytics Solution Delivery, um, as part of Kount, an Equifax company. Long title, short description. I work with our customers to optimize performance, whether it's financial institutions, merchants, all kinds. And so as part of the Equifax family, we focus on helping people live their financial best. As part of that, though, it's our specific, you know, reason to be is fraud mitigation, reducing fraud from account creation to what we're gonna talk about primarily today, real-time payments.
Hi, I'm Trisha. I'm one of the founders and the CEO of Unit21. We do anti-fraud and anti-money laundering software for financial services companies, fintech companies, payment companies.
So I think even the intros just expose how diverse, uh, the payments industry is and the amount of varieties of fraud we may be able to see and address. And so hopefully some of the different perspectives we'll get today. We heard merchants, we heard banks, we heard credit unions, we heard fintechs. I know that if you throw into that, I know there's some payroll companies who are represented or help protected by companies in here as well. So it is a wide gamut of how fraud impacts our, our industry.
So we know real-time payments are coming with both new risks and rewards. The risk of .. FedNow is released. While it's small now could have a big impact. RTP has been out for a while. Uh, can you just kind of give us a quick opinion on how you think, how you strike the best balance between faster payments and protecting against risk? Uh, start may start off with Ashton and then we can kind of interact.
Yeah, sure. So, um, the way that we think about the risk for faster payment systems, um, we can think about a canary in the coal mine, which is really payment method like Zelle, like cryptocurrency, um, and the faster payment method in the UK. And with all of those payment methods, the fraud modus operandi that we see that's in common with all those is particularly around scams and social engineering.
That's what all of these are susceptible to. And when we think about social engineering auth and what's called authorized push payment fraud, that's where a, a fraudster convinces a victim to send money under false pretenses. And if you want to address those risks, that risk typology, then you have to work backwards from what happens in those scenarios. Um, so for instance, in a lot of cases of social engineering, there's what we call remote access tools where a scammer will convince a elderly person maybe to take over their device. Um, and that results in this authorized push payment fraud.
And so real-time payments means we need to think about, um, social engineering and scams and develop feature sets to prevent those specific typologies so that we can present the right frictions to a customer at the right time.
So what, so how about Bradley, what are you seeing from a bank and a financial institution perspective?
Yeah, I, I think, I think Ashton hit it right on, nailed it. It's the social engineering aspects because the, the networks themselves with credit push only and with authorization after, um, you know, they send the payment after authorization after it's been authorized by the end user. So it has to be social engineering to target. Um, what I think is exciting about what's happening is the, the approach of integrating fraud reporting into the network. So, um, the Federal Reserve came out with their Fraud Classifier Model. You talk about authorized fraud. So it's a real simple way for us to have a common language and to collaborate on fraud. You know, even fraud is challenging within a specific organization, but to do it across networks, I think we're actually gonna start to, you know, attack the problem because, uh, for authorized payment fraud to work, somebody has to be on the receiving side.
And so that implies kind of some collaboration throughout the network to really start to attack that effectively. 'cause we'll have the, the, the tools with artificial intelligence and machine learning capabilities coming on to, to do that. But we have to have the bedrock laid there, which is, um, to identify where it's coming from.
And so real-time reporting of that fraud activity is gonna be an important foundation for instant payments.
So Kount or or Unit21, anything that you're seeing that you would add to those two?
Yeah, scams are, are obviously the big one, right? It's just like supercharged cells that's supported by everyone. And so some of the unique risks that I think we should also think about, otherwise authorized payments where people are, Hey, I'm just paying the wrong person or paying the scammer.
I think impersonation fraud is probably gonna be a real risk. I think I'm paying, you know, Brady and I'm actually paying Brady 1. And pretty obvious example if it's the wrong person. But if you think about like charities fraud or just people kind of taking that scam to the next level, real risk there. The other part of it, rumors that if there is fraud or scams, it's sender bank plus payee bank are, are potentially half half liable, right?
No confirmation. But that hearing rumors about it, if that happens, we probably will start to see a risk analysis on both sides of the transaction. If you talk about authorized payment, you're like, well, we shouldn't have any, but we still could. So we'd probably have to do an evaluation. And then now we need to evaluate the money we're getting, not only from AML compliance, that kind of stuff, but are we accepting funds that are likely a scam? And how do we say, eh, we probably don't wanna take this payment or hmm, let's, let's extra confirm that this person wants to send the payment to Brady 1 before.
I think all the problems that Venmo sees or cryptocurrency sees are just gonna be supercharged. So long story long, I think identity validation and event validation on both sides of that payment payer and receiver is probably gonna be critical.
And then how you do that is, that's the fun part. Is it data? Is it, you know, MFA, what, what's the cool stuff you can do there? Yeah, I fully agree with, um, what everyone just said. I, I think one thing that is really underappreciated is people think of fraudsters as they really don't respect the opponent. And it's really important that as an industry we start respecting the opponent.
Fraudsters are some of the most creative entrepreneurial people. They're, they're actually running small businesses that are, um, growing very quickly. They have a lot of stress. They have to constantly evolve their practices. And the first adoption of, you know, the, the newest advances in generative AI we have seen at Unit21 is by fraudsters.
We're already seeing that the level of scams which have existed forever, but the level of scams have become much more sophisticated because the process, I'm sending those, you know, Nigerian Prince emails, which I'm sure everyone's received with a ton of spelling mistakes and a ton of grammatical errors. It's actually an email which you can believe that, okay, this is, this is potentially have to make this payment to my electricity bill provider or, or to this company that's sending me an invoice. Uh, so that is what I'm seeing as the biggest trend right now is the sophistication and the level of, uh, scams has grown to another level.
I think she raises a super interesting point about businesses. Gary Schiffman is an ML economist at Giant Oak and he talks about these frauds as profit-seeking non-lawful firms. We should think of them like businesses. And how would a business maximize revenues? Like I don't have to pay people to write Nigerian Prince emails. I can have ChatGPT4 write Nigerian Prince emails, or, you know, Brady gets a a like a Boise prints email 'cause I know he's from Boise, so I can write a custom spam letter to him.
That's a huge mind shift that I think we all need to think about. Hey, how do they monetize this? They are a business and how do we break their business?
So as real-time money movement comes into play, FedNow has relatively low adoption, it's still very new. Um, RTP has been around for a while, you know, we've had different mechanisms for creating real-time payments.
What do you think is standing in the way of FedNow adoption en masse and what, and how do you see the industry moving forward with it? Start with Trisha this time down at the end.
Yeah, we've actually interviewed a bunch of credit unions, community banks, and everyone's paying attention to FedNow, but everyone is very hesitant about it because of fraud and thinking is, you know, we don't, there, you know, what is our recourse once the money's out?
Real-time payments is also real-time fraud. And what is the solutioning around that? Um, and of course at Unit21, we have an approach towards it. Uh, but I think it's really important that financial institutions think about this opportunity and, and I'm not, and I probably try to solve the fraud issue because if they don't, there are companies that are going to adopt it and they will be chosen by the customers as their preferred financial institution. So it's really important as an industry, we adopt this to be having the competitive edge, which even broadly from us, uh, versus other countries, we need to be at a much further scale in adoption.
I'm in the same boat with Trisha, it's mostly fraud, right? That, of course, the fraud guy says is mostly fraud, but let's be real. Like, why don't we use Zelle? Or why do people, if someone's like, Hey, can you pay me on Zelle? Like absolutely not. I'm not gonna pay you on Zelle because it seems if you're like, pay me on PayPal or Venmo, that's a brand that I feel comfortable with because I know there's personal recourse. So gotta figure out the fraud in the ecosystem first.
A big part of that as well as small institutions are like, Hey, we got sent a hundred thousand dollars in fraudulent payments real time, now we're on the hook for that. And a hundred thousand is low. But you could have a small, you know, local credit union say, Hey, yeah, we'll take FedNow. All of a sudden they get a million dollar push payment that goes bad. Now they have a $500,000 hole in their balance sheet. And that could be a liquidity crisis for a small bank.
And so that sounds small for like the big banks potentially in the room, but you've gotta figure out the fraud stuff first. Customers get comfortable and then ultimately the small banks. So it's kind of a network problem. Banks don't wanna do it 'cause they're like, this seems way too risky, my customers aren't asking for it, and customers aren't asking for it because like, oh, I'll just use something else.
Yeah. The point is it really well taken that you really have to start to attack the pro fraud problem at a network level. And that's what we're doing. Um, and the way we do that is with reporting, we start there, but we also have to do a little bit of education and awareness, uh, of customers, but also the financial institutions.
And the financial institutions, when we go talk to 'em and we survey 'em, they're often saying, okay, how do I start with fraud? And what we, the guidance we provide is pick your use case, identify your most important customers, understand their use case. Don't try to roll out every use case all at once. Figure out what is the relevant fraud tools for the specific use cases. Start to get a foothold in instant payments. Um, stick your toe in the water, so to speak as you as you approach it because you're not gonna be able to do it all at once.
And they need guidance on how to get started appropriately so that the fraud tools can mature and we can, we can fix the fire problem along the way. It's a journey.
Anything to add?
Uh, yeah, so a plus one on everything that's said, I just have one nuance that I want to add, which is that, um, fraud is obviously a problem, but what's going to convince everyone to adopt FedNow, uh, more broadly and, and, and faster, and that is reducing uncertainty and increasing regulatory clarity. And the reason that I think that is that if you look at the faster payment system in the UK, uh, they were about 500 million pounds of reported, uh, authorized push payment fraud in 2022 in the UK.
And so this is a problem that regulators have been struggling to keep up with. They've recently made some gains and I think, um, Brady, uh, pointed towards this like, uh, that the UK payment systems regulator in June of this year actually said, Hey, banks do need to cover authorized push payment fraud. And the responsibility and the liability needs to be split between the center and the receiving bank in the U.S. And, with FedNow it's still a little bit fuzzy and that rule book of, hey, when something goes wrong and there is fraud who takes liability, that's still a bit unclear. And so that needs to be completely ironed out in order to accelerate the adoption.
Yeah, that makes complete sense. So, you know, there's a lot of technology involved here and a lot of what we talked about is the fraud identification. How have you all seen open banking impacting the ability to maybe move faster to FedNow? Have you seen positive impacts in your ecosystems, negative impacts, both? Can you just talk a little bit about your experiences there? Bradley or Brady, if you can start this one?
Sure. I think open banking, the movement to open banking is critically important in terms of driving adoption for these next generation payment rails. We're advocating, you know, an API approach with it for financial institutions so that they can enable their customers. The reason why is with the API, you not only get confirmation of payment, but you can actually put in and, um, flexible fraud tools ahead of submission to, of the payment to the network.
So you want to be able to build that in with your workflow processes so that you can have machine learning and AI, um, help you out in terms of identifying potential issues or behavioral characteristics that might be anomalies in a transaction. 'cause you wanna flag those even though they are in some payments. And you can do that before you submit it to the network. Once you get it to the network, it's gone and it's intended to be an ARO payment, right?
So, um, getting it back is possible. There's, uh, responses built in to response to request for payment, uh, but it's not a guaranteed response as you would have in a credit card network or, um, you know, an ACH, uh, when it's credit push, it's, it's intended to be a revocable and we're seeing the same thing. Like yeah, it's made it better, right? You can pay, like every time you check out or try to make a payment, you're seeing a little more like the ACH payments.
I think they're, to be candid, like this topic of this kind of session was like hot cakes. I think people are not picking up. 'cause as a consumer, why wouldn't I use my credit card, get airline points, I get disputes, I get late payment terms. It, it may be that we're not offering the appropriate incentives to get people to use a real-time payment rail or even an open banking rail to make purchases pay for large things, right? Engage in services. 'cause other than paying my friends for dinner, like I can wait three days and the, the company wants to take my money so they can wait.
And so it may be offering better incentives or other veins, fraud's gotten a little worse, right? You just have more stuff, more opportunities to take payments. But I think adoption is really not incentivizing consumers enough would be my take. I use it sometimes, but there's really no upside.
Yeah, I, I mean I, I think that's definitely a question of how can we increase adoption from a financial institution perspective. I think the opportunity that open banking has for fraud detection is immense. And the reason is, you know, the biggest problem that we all talked about is scams. Why are scams hard to detect?
Scams are hard to detect because today if I'm being scammed, I'm sending the payment from my device, my IP address, it's literally me sending the payment, right? I'm typing and send this payment to X, Y, Z. And so scams are hard to detect because it is hard to disambiguate
intent and know that what is the intention of this payment and was it legitimate or not? And, and that's really where I think the data that open banking brings can provide a much more holistic picture of is this likely to be the intent of the user making that payment? So I think the opportunity that it presents a significant, I agree, we need to do more on an incentivization perspective, um, but I think financial institutions really need to figure that out. But the intent is big, right?
That that's what we've seen success in scam mitigation is how can I feel like this payment is wrong? And later we'll probably talk about doing that. But I think mostly it's data like, Hey, this looks weird. You know, when you look at, look at the opportunity, um, the addressable market, for instance, payments, it's pretty significant. You have a quadrillion dollars in FedNow or Fed wire transactions. You have another $71 trillion in ACH probably about that much in just checks. So if we set aside payment card stuff and we say we don't even want to deal with that because it's got the good stuff, um, and we just want to target checks and ACH and wires, we have a big job to do. And, and I think as financial institutions, when you look at driving adoption, they can actually get a lot of back office efficiency from converting from wires which are largely processed manually to instant payments.
So it's really helping them identify the use case to get started. And some of those use cases can actually have very low fraud characteristics. Um, so, you know, cards come up and, and the other example use cases come up, but we spoke with a bank that said, Hey, will you do, um, wires in our back office? And it takes 20 to 30 minutes to process and it's all friendly wires. It's somebody sending from their account to their account on the other side. So there's a lot of opportunities to drive adoption that, um, with appropriate targeting, we can help them prove efficiency in the back office. Can't set aside fraud, but that, that efficiency improvement should be a big, uh, thing that we're looking at to drive adoption.
That's interesting. So I, part of my professional career was run, was kind of building and running a mortgage shop. And so the wiring of funds to the, the title company down the road that take did take 20 to 30 minutes and they had to receive and confirm and it just slows down the process. Like with a FedNow or an RTP payment, you could push it there, you know, the title company, you're, it's the same account number and writing number every time. In most cases, we had the funds in the account if there was a down payment. So it was a, a amazing opportunity to simplify, reduce cost, reduce cost for the end user as well as the FI and the, and the title company.
So it's an interesting approach.
Well, I like to think of it, David, as the characteristics of what Google Maps did for maps. When I was in college, I traveled around and I used push pins on a cardboard box to figure out where I was going. And the No. 1 question I always asked is, where the heck am I on this map? And you think about what primary question Google answers or other maps is where are you on the map?
And instant payments answers the question of what happened to that payment for people. We had a bank that we were talking with that had a four-hour outage on their wires and they were flooded with calls in the call. The question to their customer service department is, what's the status of my wire? So answering that question is critical and should be a part of what we're looking to do as we make adjustments and transition from wires, ACH, and checks to instant payments.
Interesting. So all that said, payments industry is very broad. What are some of the biggest challenge challenges for the payment industry as a whole right now? And where do you think it's gonna go? Start with you?
Yeah, Sure. So I think that that, uh, Trisha and Brady, uh, really hit the nail on the head a little bit ago talking about generative AI. But I think that the biggest challenge here is it's the convergence of generative AI and faster payments. Because we already talked about the biggest risk for faster payments is scams in social engineering.
And Trisha had this great example of like the Nigerian Prince emails. So if we take an example of like some common social engineering that happens, like I actually, um, like have many times have had someone call me and poses as an IRS agent, right? And that's a very common scam that we see. And usually I'm able to easily deduce like, okay, this is BS, right?
I've actually had a real IRS agent call me before. I didn't commit tax fraud, I promise. Um, but in the world of generative AI, we can think about, um, a fraudster who in the past, you know, wasn't having a bunch of luck posing as an IRS agent, but now he can get a script that's really, really convincing and persuasive from an LLM like ChatGPT, then he can actually plug that into something that modulates his voice to sound much more believable. And so the issue here is that, um, generative AI helps fraudsters, it's, it's a persuasive superpower and payments is all about trust.
And if fraudsters can, uh, it can superficially have more trust, um, then it's, it's a superpower for scams. And in order to prevent this, um, we really need consortium data. So that's been talked about a bunch. And at Sardine we're also working out on that with a real-time fraud payments consortium called Sardine X. So I would say that one of the primary challenges that we face with adoption of real-time payments is interoperability between the major networks. And I'm talking about FedNow and RTP.
And the reason why is because they're disparate and they're, even though they're based on a standard messaging, they don't talk together. And so it's interesting when you look at the statistics of who's actually doing what. There's in, in instant payments, there's different messaging types, there's a, a receive message type, there's a send message type and uh, request for payment. And if you look at how the banks are choosing to participate in those networks, a large portion are only coming on and receive only that means they're expecting everybody else to send money to them, right?
And so a small portion, 29% are saying, Hey, we're gonna enable request for payment. Well request for payment is supposed to be a big tool to attack fraud by presenting the information that the, the payer actually gets before they send the payment.
And so this conference is important because what we need to get the financial institutions to do is migrate to these networks because authorization before the payment is huge. Being able to get a request for payment and look at that and analyze that and have it come from a trusted source, the the payee's bank is an important tool for addressing this, this problem long term. So I think the networks are doing it and interoperability between those networks is something we need to achieve at across those networks at a network level if we're gonna appropriately attack fraud.
Yeah, I think if we take in on, on the interoperability note, I think if we look at card networks, you can swipe your card whether it's AMEX, Visa, MasterCard, Discover, and it works and you expect it to work. And so if whether we're a little detached from ACH, FedNow and RTP from a consumer experience perspective, but that is a hurdle to be overcome from a network perspective.
So that's interesting. Um, Bradley, I'm, yeah, Bradley and Brady and it's brutal. Like yeah, Brutal. Um, I think these RTP FedNow payments will be really well tolerated like business to business in, in some abstract instances where there is fraud and like I'm a fake business, I'm a scammy business, that there's challenges there.
The real overall I think is helping FIs feel comfortable taking these payments. And most of these are authorized push payments and so there's like some malware or some other stuff where it's really not an authorized payment. And, and we can talk about account takeover and that kind of stuff, separate discussion. 'cause it's a real risk for these payment methods where instant payment, you can't ever go back, right? And so if I get into Brady's FedNow account, I can drain his account, right? There's no going back, which is a real risk.
What I think we're all more concerned with from 'cause we're we will trust the FIs to protect accounts. The, the bigger concern is Brady's grandma gets a call that Brady's in jail in Mexico. This is a real story and she's like, you don't sound right this pre-ChatGPT. So I probably do sound right now, if she gets called today, how do we intuit that this is an abnormal payment for her. Name's Harriet. She rules, um, that this is a, she called me and she's like, Hey, I'm pretty sure you're not in jail, are you? I was like, Nope, definitely not. And so she calls me and it's totally fine and she gets away.
But that's really uncommon. And so can we distill intent or abnormal behavior like brass tacks is,
this is a 85-year-old woman sending a multi-thousand dollars FedNow payment at 10:00 p.m. That's maybe a risky scenario that we don't really have the rails to evaluate right now, but with some data information about either her as a consumer or who she's sending to, Hey, this is a brand new account that just got set up that's receiving a lot of payments from disparate folks. It's a DDA account. This is not really supposed to be a commercial account. This is abnormal.
And I think that's really the, the problem statement in front of all of us. And I think what everybody's really trying to do from the fraud perspective is how do I know what's normal and real, right?
From a consortium of data to say this looks like a normal payment. Brady pays rent every month. This is not a a odd FedNow payment, but Brady's paying a thousand dollars get rich quick scheme to an account that was just set up 10 days ago that's received money from a thousand different people in the last 10 hours. That's a risk signal.
And then what do you put in front of Brady? It's like, hey, think about this. We'll process this. If you come into a branch. I think that's where the level up is putting something from in front of the consumer. That's the big challenge.
Yeah, the biggest challenge that I see is the mindset that people have towards fraud. Today. When people have a fraud issue, they'll come to us and say, oh, I have an ACH fraud problem. Can you gimme an ACH fraud score? I have a wire fraud problem. Can you gimme a wire fraud score? But the fraudsters never think like that. They don't wake up in the morning, 10:00 AM: ACH fraud, 11:00 AM: wire fraud. Like that's the terminology we as an industry have come up with.
The fraud surge is trying to attack the institution and what the biggest gap that we see is the utility of data in a more effective manner, uh, to go from a more reactive to more proactive standard.
So in security there's this concept of a red team and a blue team. And a red team is more on the offensive. A blue team is like reviewing alerts and providing more on the defensive and you need both. But right now, the way that we've been approaching fraud as an industry is more like, here's a risk score. Okay, it's on the defensive until there's another problem and, and there's just no red team. So that, that's really where I think the biggest mindset shift in the industry needs to be where we think about the red team and what does that mean? That means using consortium data, which is something that we at Unit21 work a lot in.
Um, but also using other data signals like is this business that has, when on onboarding they told me they had $200,000 in revenue a month and now they just got a payment for $6 million. I should actually use that data about the revenue of the business instead of just looking at this incoming wire payment of $6 million.
So that's the mindset shift to really develop that red team approach is, um, something that is gonna help the industry go forward.
A hundred percent. Hundred percent.
Yeah. And I think, I think the interesting thing about that behavioral characteristic is that introducing a 24x7 network changes all the behavioral analytics over time, right? So saying, Hey, I now have a payment network that I can send payments on Saturday night and Sunday morning. Um, and there's not a lot of behavioral data to back that up yet.
We all need to do that, we all need to develop that. So it is a challenge when we're talking about behavioral analytics, how do we get it?
So I feel like a lot of our conversation is revolved around consumers. I'm going off script now, but business email compromise is probably one of the biggest vectors of significant fraud. I have a friend who is a, I think he's, he was the controller for a pretty large government organization, government contracting organization in D.C. and he said, we pay millions of dollars a year to try to prevent business email compromise. As soon as one of our contractors gets in the middle or has a hacker get in the middle of their email, we can wire out a hundred thousand dollars to the wrong account number and routing number because we, we had no way of validating. So are you all, how do you all see that?
I think that's an even higher risk with FedNow and ACH or and RTP 'cause that was the intended initial audience. It's not a consumer used to start with, it'll migrate there, but it's not the origination of it. So how are you all seeing that kind of differently from the consumer fund?
We've been talking about so much similar framework I think is what do we know about this defense contractor? What do we know about who they're paying? Does that match the profile of people they usually pay defense contractor probably paying other businesses? Why is this going to a individual user account in the middle of the night, right? And then do we have information about the device initiating that transfer?
So Trisha was talking about we can and should get more stuff out of that event than just what bank account is it going to, how much money is it? It's like what did they say at sign-up? What did they say when they logged in? What, you know, what was their click path through logging in?
So it's the totality of that experience. It's more similar than it would appear on the surface.
Yeah, I, I think, you know, to, uh, to reiterate what we've already said, one interesting thing that I wanna say is I remember reading maybe five years ago at this point, uh, that Google and Facebook, uh, had lost a hundred million dollars to budget sending invoices, uh, to, to the wrong, the wrong people. And um, and they were able to recuperate about half of it back, but half of it is gone. And, and then when I thought about it, I was like, wow, these are the most technology-powered institutions in the world, right? Like Google and Facebook.
But this is so common because the AP team that is actually paying the invoices, it's completely deposited from who might be using the service. And so, um, this happens a lot more than you would expect. A lot of businesses don't even report this, like this is not reported to the FTC people, just write it off as a loss. And, and with FedNow, it's only going to become bigger with scams and ChatGPT, it is only gonna become bigger. Uh, but I think here's a big opportunity to differentiate yourself as a financial institution if you're serving businesses.
So one of regulation is coming soon, uh, and lots of regulations are impending with the CFPB and others. What do you all see as the top priorities for financial institutions and fintechs in the next three to six months as you, as you survey what you're seeing in the regulatory landscape? Ashton, you can kick off.
Yeah, sure. So I mean, the fintech landscape's always gonna be changing. Business needs, need businesses need to get ahead of that. And the businesses that are gonna win in the long term, they build a muscle around successfully navigating through change.
And so you have to set up an organization that flexes that muscle. And what I've seen be successful is to develop a culture and a business structure that values innovation, right?
So being prepared for those changes, empowering your employees to think about how do we innovate around changes in the future? Um, one thing that my company did recently was like a company-wide hackathon and we're thinking about all the challenges that we're talking today, um, in the scope of the actual products and features that we're that, that are coming down the road.
I think it's interesting when you talk about regulation and you think about the separation or distinction from the CFPB. So they think a lot about consumers and what the consumer experience should be, and they don't think much about what the business experience should be. And businesses are really out navigating the social of fraud kind of on their own. And I don't know how much you actually see from the CFPB saying, oh well, you know, if a business gets hacked and they lose some money through a business email compromise, um, the bank has to send that back, right?
So I I think there's a pretty stark line between those two. And I question how much, uh, business attention businesses will actually get from the regulators.
On my side. I think the CFPB very likely will have a split liability for fraud. Payer / payee is most likely regulation seeing it working in the UK I think that's hot to trot by end of next year. Banks probably need to have their fraud stuff in a row as that's likely. They're like, Hey, like you said, hey, we'll we'll take FedNow all day, but if you say that and then all of a sudden you have a huge fraud problem, now you're on the hook for 50% and you're like, oh, now we, we didn't have a strategy at all. I think that's probably, if you're taking FedNow payments, um, and you're an FI you probably gotta get your fraud ducks in a row. Otherwise you could be kind of behind the eight ball when you Oh no, now we do have to start paying 50% of these losses and they will come quickly.
Yeah, the, I agree with everyone, you are, the only additional comment that I have on in terms of a regulatory perspective is the need for explainability. I think black box machine learning where above eight on 10 except below that reject is just not gonna work. And, and regulators will need to know that why you making this decision for this transaction, for this user, for this business? And, um, I think it's important for companies to really start bringing that into their detection, detection methodology.
And so I'm, I'm gonna open up the floor to questions in a in a second, but I think it's, this has been an interesting conversation because I think we, there's a competitive aspect that was, was talked about earlier where consumers expect real-time payments. Um, but that is like the increased risk that financial institutions and fintechs will fight for the most part, the highest risks and the highest dollar amounts crop and come from a business side, which gets less regulatory scrutiny. Um,
and yet we have financial institutions and fintechs who need to invest in both in education and in tooling to help address the issues that are arising and arising very quickly. So it's, it is a broad industry problem that has it's a multifaceted solution or multifaceted, um, multifaceted problem that has many layers of solutions involved. Um, but I would love to open up the floor to questions just to see what are your questions?
Do you have people who are living and breathing fraud and payments every day? What do you have for them? And we have a micro runner on the side.
If there isn't a question. I just wanna make a comment about, um, the, the idea around, um, financial institutions being the point of responsibility for these transactions.
And I think that's critical part of our infrastructure so that both businesses and consumers get, um, the best possible fraud treatment. So for example, an account opening whether it's on the sender side or the receiver side, there's policies and processes and due diligence associated with those account opening that you don't see when you're involving a fintech like Venmo and um, others.
So I think that's an important component of our overall approach is making sure that the regulated financial institutions are participating and appropriate due diligence is done.
I don't wanna leave that as part of one of the appropriate layers that you're talking about in multifaceted approach.
Yeah, and I think that as we all have experienced, came crashing down pretty quickly with a lot of the regulatory activity on a lot of the, the sponsor banks who suddenly were being, it was put on them for the scrutiny of all those accounts being opened on their, on their neobank. So I think that has all that's already come into focus by the, by the regulators.
Yeah, I, while waiting for the question we did, I think we're starting to see whole networks are saying we want a provider for the entire FedNow rail, not in the U.S. right? That would probably never fly. But seeing it in Canada, Latin America, other places who are having a FedNow like real time payment are saying we don't wanna patchwork by institutions, we're picking some provider and they're gonna do the whole network for good or for bad. Um, right. If the vendor is like, hell yeah, I love it, it fits us.
But, um, that is an interesting wrinkle that the U.S. will likely not get, there will not be a network fraud provider.
It's 'cause we can't regulate it. We can't mandate it from a regulatory standpoint. We can't compel a financial institution here. Our laws are set up separately,
but that is how it's being done elsewhere.
And we went through this work of the faster payments task force and that was a big debate. Yeah.
Nobody wanted a single provider of instant payments for the U.S. and in fact, the industry came together and said, Hey, we want the Fed to become an operator also along with the clearinghouse and their 20 large, um, financial institutions. So that's why we see this as a, a, you know, a sustaining innovation, a radical sustaining innovation coming from the top of the market in the U.S. down so that it is trusted by all financial institutions and our job is to help them adopt it in a safe and secure way and protect payments and attack the fraud issues.
One question back there.
Yes. How do you reconcile the rise of fraud and members or customers, their ability to move their money with the battle for deposits?
Because being able to move your money is such an integral part of having a deposit account and developing that relationship with your financial institution.
Yeah, I have a, uh, funny, uh, line, um, which is, uh, you know, if you don't want any fraud, just don't have growth, right? If you don't have customers, that's it. That's problem solved, no fraud.
But obviously that's not what anyone of your wants. And, and really the question, I feel like fraud is often viewed as an isolated thing that I want no fraud, I want max growth, and it has to be viewed in tandem with growth. The other side of the fraud coin is growth.
And so companies need to develop policies and have their own risk tolerances of maybe they're having a new marketing campaign, maybe there will be some fraud with it, but okay, maybe we run this for two weeks or one month and, and see what is, what is the exposure for understanding that growth challenge more. Um, so I I really think, you know, as an industry we need to have a combination of fraud alongside growth instead of just fraud in isolation.
I thought we had until four, but I got the sign that 3:55 is the time. So, uh, I would say I, I'll add one more thing to Trisha's answer, and that's that I think actually the limitation of being able to move funds out in real time is a competitive choice that a lot of financial institutions are making. Uh, we, they want to slow the exit of funds. And so it's not about the fraud risk in that case, it's about the competitive risk and being able to measure and meter, um, the outflow of funds and the, and the risk of customer attrition.
So I think there's an interesting, both competitive and competitive risk as well as fraud risk when we look at real time movement out. So That's right. That's right.
So with that, thank you so much for coming. Thank you to all the panelists.
Thanks for joining us. Have a great night. See you at the concert tonight.
View Full Transcript