September 22 • 2022

Instant Payments in Switzerland: Managing the new fraud threat landscape

Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.

What will Swiss Instant Payments look like?

Consumers and businesses will be able to make instant payments directly from their online or mobile banking app, for values up to CHF20k. This helps expand the use cases from restaurant bill splitting, that apps such as TWINT help cover today (CHF5k per year), to all manner of retail and corporate bill payments. In the future this will likely widen into POS & Ecommerce with the growth of Open Banking.

Whist the initial limit will have a maximum of CHF20k, but this is likely to rise, at least for businesses and corporates, given the limits for SEPA Instant, UK Faster Payments and US RTP platforms are significantly higher at EUR100k, £1m and $1m respectively.

The rollout also brings alignment with the EU, a key trading partner, who’ve had SEPA Instant for the last 2–3 years. SWIFTs GPI is increasing the speed of cross boarder payments to further afield too. There is already a pilot between the EBA and The Clearing House (TCH) that run the EU & US real time payment platforms to speed up cross-border payments, to make the most of domestic real-time payment schemes.

What might we expect to see when Instant Payments goes live?

Whilst there are some real time payments via TWINT now, and the RTGS is both same day and irrevocable, there are still some big changes that are likely to happen in the fraud space to consider. Instant means there is no time to recall or stop a payment if an error or fraud is made. This makes it much easier for fraudsters to move money throughout the banking ecosystem, quickly. Payments can have move through many mule accounts within just a few minutes of the original fraud taking place. Analysis in the UK has previously shown an average of around 5 accounts before final cash out.

It is not just fraudsters who are attracted by instant payments. By far the biggest issue is the speed of take up of instant payments by consumers and businesses. The rise of digital throughout our lives has meant we expect everything to happen in real time. Once we have this capability with payments, users don’t just cannibalise another payment from, but actually make more payments too.

This means the volumes of genuine transactions just keep on growing, making it harder to spot the fraudsters. To provide some context, the UK has had real time payments since 2007. Even 14 years after it was introduced, the volume of payments increased by 20% to 3.4bn and 24% by value to £2.6 trillion. This is in part due to new uses cases, such as open banking payments offering a replacement for other forms of payment, including POS & ecommerce as well as P2P. Therefore, we should expect a fast take up in Switzerland too.

Whilst instant payments help consumers and businesses save time and money, fraudsters are also keen. In the first years the UK saw a 132% increase in online banking fraud. This has since increased so that for 2021 unauthorised remote banking fraud (web and mobile app) was £199m and authorised frauds (e.g. romance scams, investment frauds etc.) of £583.2m. Card fraud for comparison was ‘only’ £524m.

This level of fraud is not just a UK experience. Globally there is a rise in authorised frauds such as investment scams and romances scams, as instant payments and improved security controls against unauthorised frauds are introduced. As this happens regulation is increasing too.

In the UK we are seeing the scope of regulation changing to bring liability on the beneficiary bank as well as the paying bank particularly for authorised frauds. This means that a focus on mules throughout the lifecycle is becoming more important, both to avoid liability and protect customers.

Even if there is no liability, there are other impacts, for example the operational impacts of the fraud reports and negative customer experiences that result. Therefore, prevention is money well spent.

There are clear threats from instant payments, for financial services, and there is no better time to start dealing with them than now, to be ready in time for the 2024.

What should institutions do to Mitigate the threats posed?

There are multiple areas in which Swiss banks & financial institution should focus on in order to mitigate the threats posed by instant payments:

  1. Provide Multi-factor authentication options for customers, mandating for high-risk transactions. SMS should be avoided due to the inherence security risks such as SIM Swap. If required add SIM Swap Detection for data enrichment.
  2. Undertake real time transaction monitoring of all transactions, both payment and non-monetary. This should include any extra details submitted as part of the ISO20022 payment message, e.g., invoice details.
  3. Provide transaction enrichment by utilising external device intelligence, behavioural biometrics, telco data and watchlists of known mule accounts and crypto wallets to improve model performance.
  4. Avoid a proliferation of end point solutions and case managers by building a fraud hub. This can be further expanded to cover inbound payment transaction monitoring in real-time.
  5. Build multiple models using machine learning/AI to target unauthorised, authorised fraud and for mule behaviour.
  6. Ensure your fraud operations can support the 24/7 nature of real time payments and have the right volume of trained staff. Augment with smart workflows and automation to improve efficiency.
  7. Utilise a global fraud reporting service to improve the customer experience and help get victims funds back.
  8. Build the system to be scalable to ensure the performance is available when required. Instant payment values grow fast.
  9. Improve your application fraud and KYC at onboarding by adding mules watchlists and integrating with your fraud hub. This helps target mules throughout the lifecycle.

I hope this quick review of what instant payments can mean for Switzerland in terms of fraud and financial crime. From this high-level analysis, it is clear that investment is required in fraud systems and people in order to protect the benefits that instant payments can bring to the economy.

Written by @Rob.Tharle, CYBERA’s Head of Product.

At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.

Cybercrime WATCHLIST helps support firms to reduce fraud and money laundering and meet the requirements of the CRM as part of a holistic fraud and financial crime strategy.

Financial Institutions (FIs) can check against the WATCHLIST for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.

At account opening and ongoing CDD, email, phone and name can be used to match to Cybercrime WATCHLIST to reduce opening new mule accounts.

Cybercrime COMPLAINT further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.

Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.