Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

How can real-time payments be secured?

by The Gurus
June 18, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

David Worthington, VP, Payments at Rambus

In today’s on-demand world, we expect to be able to spend, move and receive money instantly.

For this reason, real-time payments (RTP), also known as ‘faster payments’ or ‘instant payments’, are gaining momentum globally. Accenture estimates that there are now 35 countries with real-time payment schemes in operation or under development.

With account-based fraud on the rise, however, the move from standard to real-time transactions is causing significant security challenges for central banks and clearing houses.

Understanding account-based fraud  

Most fraudsters will usually follow the path of least resistance.

The success of anti-fraud measures like EMV® chip, EMV 3-D Secure and payment tokenization in mitigating card fraud in-store and online means fraudsters are turning elsewhere.

For various reasons, Demand Deposit Account (DDA) credentials, which relate to current, savings or checking accounts that are used for direct credit transactions through automated clearing house (ACH) processing, are an increasingly attractive target.

DDA credentials are already stored in their raw form across various locations, such as e-commerce websites, mobile and P2P wallets, invoices and payroll.

While the frequency and public awareness of ACH fraud is much lower than credit and debit compromises, the average value of unauthorized ACH transactions is actually much higher. This creates the potential for very large value frauds, and even systemic attacks against national payment systems.

Despite the threat, many central banks don’t actively monitor some of these types of fraud, with losses below a certain limit written off as a cost of doing business.

The move from standard to real-time transactions adds another layer of complexity and creates further opportunities for fraudsters. Quicker transaction times increase the chances of fraudulent transactions going undetected.

Faster payments = faster fraud?

This is because banks currently rely on a layered approach combining various techniques. But somewhat surprisingly in today’s automated world, checking payment mandates and unusual account activity manually remains a mainstay of the traditional clearance process.

The problem is, manual review is simply not feasible when the clearance time for account-to-account transactions is measured in seconds, not days.

Importantly, fraudsters recognize the challenges facing banks when transitioning and are ready to exploit any vulnerabilities as soon as a RTP scheme goes live.

Banks need to get ahead, be proactive and protect the account data itself, rather than simply be reactive and wait for the fraudsters to strike.

Securing real-time payments with tokenization

Enter tokenization.

Tokenization has been hugely successful in safeguarding payments in-store and online by replacing the consumer’s primary account number (PAN) with a unique payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.

By removing account numbers from the transaction process entirely, tokenization can significantly reduce the risk and impact of account-based fraud to support the development of a safe and secure instant payments framework.

The good news is that tokenization is easily transferable to account-based transactions, is complementary to other anti-fraud measures, and is easily compatible with existing systems.

Account data, faster and safer

For banks, ACH fraud represents a bigger financial risk than card fraud and is going to become harder to manage as real-time payments become the norm. The ecosystem must work to mitigate fraud before it has been attempted. Tokenization, therefore, is primed to play a pivotal role within the broader security mix.

To learn more about real-time payments and how to secure them, download the Rambus eBook.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Back to basics: Ten Tips for Outsmarting Ransomware

Next Post

Only 26% of researched security vulnerabilities are resolved

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information