As fraud on digital payment channels rises, banks need to step up their game before regulators pounce, said Rob Rendell, global head of fraud market strategy and fraud prevention at software firm NICE Actimize.
The Hoboken, New Jersey-based company offers financial crime, risk and compliance services and works with the top 10 U.S. banks. Rendell previously worked for Bank of America, Citi, Wells Fargo and tech titan IBM.
Calling the digital payments arena the “Wild West,” Rendell said updates to U.S. consumer protection regulation are likely on the horizon.
“The card networks have a well-defined, well-oiled machine related to claims management, dispute management, recoveries, arbitration,” he said. “In the non-card space, it’s very willy-nilly.”
Fraud occurring via peer-to-peer payment apps has caught the attention of lawmakers and regulators, including Sen. Elizabeth Warren, D-MA, and Manhattan District Attorney Alvin Bragg. And last week, New York Attorney General Letitia James sued Citi in federal court over account transfer fraud, saying the bank fails to protect its customers from fraud and refuses to reimburse fraud victims.
Networks supporting P2P payments “are going to have to step in and put some rigors and controls around the operating rules” relating to liabilities and reimbursements, among other aspects, Rendell said.
Meanwhile, the industry continues to lean on legacy technology and faces ongoing pressure to update it. Within banks, those focused on fighting fraud are “at the mercy of their technology teams, at the mercy of their finance teams,” Rendell said. “At a certain level, they’re handcuffed in the fight against fraud.”
Rendell, who’s based in Charlotte, North Carolina, spoke with Payments Dive on Feb. 5.
Editor’s note: This interview has been edited for clarity and brevity.
PAYMENTS DIVE: What should banks be doing to get their hands around the fraud and scams issue?
ROB RENDELL: The industry has to pivot its mindset. There are two ways in which this fraud is happening. Is Rob a victim of account takeover, meaning the fraudster has physically taken over my account and absconded with the money? Or has Rob been contacted by the fraudsters under false pretenses or duress, transacting on his own, but sending it directly to the fraudsters? Fraud practitioners and organizations have to account for both.
Banks really need to be focused on quantification of scam exposures, how they’re handling those escalations. Should the regulator come in and say, “What are you doing about scams?” they can literally hand it over on a silver platter and say: “These are our controls. This is the number of instances or escalations we've had. This is our success and recovery on behalf of our clients.”
A lot of the banks are taking a look at and watching closely what happens with the move by the New York Attorney General’s Office, and then going back internally and asking: “Do we have good controls around XYZ payment rail? Do we have good controls around scams monitoring? Do we have good controls around quantification of consumer scams, both from a units and dollars perspective? And when we do have a customer scam, how are we assisting that client on time to recoup those funds, and what’s our success rate?”
What action do you expect from regulators?
This is really playing out in the U.K. market, because the banks are going to be more on the hook from this, with the changing regulations by the Payment Systems Regulator in the U.K. market. Come end of this year, both the send and the receive side will be on the hook for the fraud liability.
What happens in the U.K. will cascade. It normally goes to Australia first, it’s already happening there. We're already hearing rumblings down in Brazil with their real-time payments, and then obviously Citi getting run through the wringer last week, in relation to wire fraud and non-reimbursement of those transactions. It’s starting to come across.
We anticipate, in the next 18 months, that there will be a stronger stance by the regulators to update the leading regulations related to consumer protection. Financial institutions will also have to address changing liability standards.
So you expect regulatory action in the U.S. to mirror what we’re beginning to see abroad?
I could foresee a flavor of that. What that might entail, that’s the million-dollar question right now.