GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX
06 / OPERATIONS & ARCHITECTURE8 MIN

Payment security and fraud basics

Payment security in layers: authentication, dual control, Verification of Payee, monitoring, and why instant rails move controls earlier.

NOT STARTED

L0 Explain simply

An everyday analogy: a bank branch never relied on one lock. The door had a key, the vault had a combination, the teller checked signatures, large withdrawals needed the manager, and cameras recorded everything anyway. Payment security works the same way — in layers, on the assumption that any single layer sometimes fails. Some layers check who you are, some check whether this payment looks like you, some make a second person approve, and some just watch and remember. The fraudster's job is to beat every layer at once; the defender's job is to make the layers fail independently, so that beating one tells you nothing about beating the next. No single layer is the security; the layering is.

L1 Core concepts

Threats cluster into a few families. Customers are deceived into authorising payments themselves — impersonation and invoice-redirection scams — or their credentials are stolen and payments made for them. Insiders can abuse access. And the bank's infrastructure can be attacked directly, with fraudulent interbank instructions injected or systems manipulated. Controls map onto the lifecycle: strong authentication and Verification of Payee at initiation; limits, dual authorisation, and anomaly monitoring in processing; network-level trust controls such as RMA governing who may even exchange messages between banks; and reconciliation afterwards, as the detective layer where injected or altered payments surface as breaks. Sanctions screening is a neighbouring but distinct discipline — a compliance obligation, not a fraud control, even when one system hosts both.

L2 Practitioner view

Two practitioner themes. First, speed changes the geometry: instant rails leave no overnight window in which to catch a payment, so controls migrate to before authorisation — real-time scoring, Verification of Payee results in the approval flow, friction added selectively when risk is high. The recall exists, but recovery after the fact is uncertain by design, as every fraud-operations team learns. Second, friction is a budget: every control spends customer convenience, and spending it uniformly means both annoying legitimate customers and under-protecting the risky moments; mature programmes spend friction where the signals concentrate. Institutional designs vary widely — team structures, tooling, where fraud ends and disputes begin — and this topic stays at the pattern level deliberately: fictional examples only, and no playbook detail that would help the other side.

L3 Technical details

Authentication proves who is acting; authorisation approves this specific payment; entitlements bound what a user may ever initiate — payment types, accounts, limits. Maker-checker splits capture from release: the maker records the instruction; a different user with release entitlement approves it. Velocity and threshold controls trip on amount, count, or cumulative value per window; beneficiary-change controls force review or re-authentication when a new or amended payee appears. Confirmation-of-payee name checks — SEPA's Verification of Payee is one — return a match result into the approval flow. These sit beside sanctions screening but differ: fraud controls score risk and may add friction or decline; screening enforces legal prohibitions, with separate queues, owners, and release authority. A fraud clearance never releases a screening hold.

Sources for this topic1
  1. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    What this simplifies: The layered-controls model is a didactic composite. Real control frameworks are institution-specific and partly confidential; threat descriptions are generalised, all examples are fictional, and no real incident, institution, or person is described.

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Deepest material on this page: L3 Technical details. Where a topic stops short of implementation depth, that is a deliberate coverage decision, not an oversight — see coverage.