The Iron Triangle of Service Suggests Limitations in Payment Speed and Security

The Iron Triangle of Service posits that a product can excel in being good, fast, or cheap—yet not all three simultaneously. This principle has gained new significance in the realm of instant payments, where rapid transactions have often compromised fraud detection mechanisms. Can financial institutions achieve both speed and security, or must they settle for one over the other?

A recent report from Javelin Strategy & Research, Foolproof Payments: How AI Is Revolutionizing Payment Fraud, delves into this question in an era dominated by artificial intelligence. Jennifer Pitt, a Senior Analyst of Fraud Management, scrutinizes where fraud prevention has fallen short and explores how banks can leverage AI to enhance payment oversight.

No Buffer for Suspicion in Real-Time Payments

Traditionally, organizations had several days to evaluate payments as they navigated through various systems. For example, checks could take multiple days to clear, with opportunities for institutions to intervene if suspicious activity was detected.

Real-time payments eliminate this buffer. Once a payment is initiated, it cannot be halted before settlement. While banks can still seek reimbursement or dispute transactions later, they no longer have the option to prevent them outright.

Consumers now expect faster payment services, but many recognize that effective fraud prevention requires some level of friction—small steps to ensure neither customers nor institutions fall victim to fraud. Educating consumers about the necessity for this friction is crucial, yet striking a balance remains essential. Some early real-time payment systems prioritized speed over security; however, Zelle and Cash App have since enhanced their fraud protections.

Identifying Fraud in Real-Time

In the age of real-time payments, the focus has shifted to recognizing potential fraud before customers finalize transactions. This involves analyzing historical data and behavioral patterns: device intelligence, account activity, and user behavior. For instance, deviations such as unusual login locations or sudden changes in account credentials can flag suspicious activities.

Account takeover fraud serves as an illustrative example. A criminal might log into the account, change some details like email addresses, and proceed to initiate a transaction. Stopping such activity early prevents fraudulent payments from occurring altogether. The new frontier in payment fraud prevention involves moving from transaction-level intervention to preemptive action.

“Consumers can’t wait a week for transactions; organizations must ensure legitimacy while protecting customers from fraud,” according to Pitt. “AI tools help by analyzing behavior, customer device intelligence, and historical information, speeding up the process.”

Making Authentication Seamless

Authentication inevitably introduces some friction, such as requiring codes via phone or email. Financial institutions need to make this process seamless while minimizing unnecessary steps. Technologies like passkeys and biometrics can replace cumbersome multi-step verification processes.

“Institutions can introduce step-up authentication if higher risks are flagged,” says Pitt. “If I log in daily from Switzerland, suddenly logging in from Taiwan might trigger a step-up to verify my identity.”

Criminals’ Advantages and AI Solutions

Banks face regulatory compliance while avoiding excessive customer friction. Criminals operate without such constraints and rapidly evolve using AI tools, refining tactics that can exploit yesterday’s schemes.

While banks must navigate approvals and red tape to implement new safeguards, they often respond reactively to current threats. Advanced AI tools help them keep pace with or even anticipate emerging risks.

“There’s a lot of attention now on mobile check deposit fraud,” says Pitt. “We should have anticipated this long ago, focusing not just on present threats but also potential ones.”

Redistributing Resources for Efficiency

Banks can enhance their effectiveness by reallocating resources to leverage technology more effectively. Manual reviews generate vast volumes of alerts, many with high false-positive rates, which consume personnel time chasing benign activity instead of addressing actual threats.

“Legacy systems flag these alerts, while proactive real-time detection could be better,” notes Pitt. “Investing in the upfront technology is less costly than dealing with fraud’s consequences or additional personnel and fines.”