How to Fortify Fintech Against APP Fraud Using Open Banking

The fintech industry is on high alert as authorized push payment (APP) fraud continues to escalate. This type of financial scam happens when a fraudster poses as a bank or another trusted organization and deceives a victim into sending them money.  In the UK alone, APP fraud losses amounted to £293,3m in the first half of 2023, with £42.6m of it being business losses.

Open banking can help companies in mitigating these risks. It’s a new technology that allows traditional banks to share data with fintechs (legally named third-party providers) through the power of application programming interfaces (APIs). Consumers consent to the sharing of their data, and fintechs use it to create personalized products and secure payment flows.

Security Features to Prevent APP Fraud

"To effectively counter APP fraud, we must leverage Open Banking's advanced security measures,” said Lasma Gavarane, Chief Risk & Compliance Officer at Noda. “These tools enable us to build a fortress of trust with our customers and stay several steps ahead of fraudsters." Let’s take a look at the security features she recommended.

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a legal requirement under PSD2, the European open banking regulation. It follows a two-step authentication protocol, where the customer must confirm the transaction with two of these: something they know, like a password; something they possess, like a phone; or/and something they inherently are, like their fingerprint.

In terms of APP fraud prevention, the third factor may be especially valuable. While a fraudster may trick their victim into sharing their password or an authorization code, they cannot impersonate their fingerprint or facial features.

Real-Time Transaction Monitoring

Deploying advanced transaction monitoring systems that leverage open banking APIs can help businesses in catching fraudsters. Real-time monitoring, while it may sound time-consuming at first, is an excellent feature to improve security algorithms.

To detect APP fraud with this method, fintech companies should monitor for unusual behaviors and transaction patterns. They can also set automated alerts for high-risk indicators such as new payees, large sums of money being transferred, and rapid frequency of transactions. It may be useful to establish a dedicated team responsible for monitoring.

Educating Customers

Knowledge is power. The nature of the APP fraud is such that if customers are aware of its intricacies, they can easily detect and report the fraudster.

To inform consumers, fintech companies can invest in online courses as well as send client communications and content about APP fraud risks and how to avoid them. This measure can go a long way in preventing customers from falling victim.

Uniform Security Protocols

While it may seem self-evident, applying consistent security protocols across an organization is key. Crafting accessible procedures and guidelines for employees is arguably the most important element in mitigating fraud that stems from human error. Companies should also regularly update security protocols and ensure they are ahead of evolving fraud tactics.

This applies to SCA, real-time monitoring, and other facets of cybersecurity. In terms of open banking, fintech companies should follow their local open banking security guidelines. In-depth compliance audits can help in verifying adherence to legal standards.

Final Thoughts

Fintech firms will benefit from a proactive approach to the prevention and detection of APP fraud. By educating customers, ensuring strong security systems and protocols, as well as leveraging SCA, which is legally required in open banking, fintechs can safeguard themselves and their clients from this elaborate scam.