How an Open Loop Identity Network Can Harden VRPs Against Fraud
When a new technology or process appears, you need something distinct, uncomplicated, and beneficial to prove the point. Open banking is an example of a disruptive force that looks set to shake up incumbent systems such as direct debits; Juniper Research expects open banking to handle more than $116 billion in global payment transactions by 2026.
Variable Recurring Payments (VRP) offer a way to prove the flexibility and harmonious nature of the Open Banking rails. But every time a new banking innovation happens, fraudsters seem to follow. So here is a look at VRPs and how an Open Loop Identity Network Layer can help protect this useful device against fraud.
What are the benefits of using VRP?
The VRP system is fast and cost-effective and follows the appetite across industry for faster payments. A VRP provides a mechanism to allow customers to set up payments using an app: a Payment Initiation Service Provider (PISP) provides the VRP service to transfer funds on behalf of a customer. A VRP uses this PISP service to handle recurring payments within the constraints of policies and rules. Unlike the direct debit system, the VRP model is based on a push mechanism that uses Open Banking alongside a centralised consent-to-pay component to place the customer at the centre of the transaction.
The VRP model offers benefits to customers, banks, and retailer stakeholders in the payments ecosystem:
Customers: A VRP gives a customer more control and transparency. The customer can set up variable payments, instantly change or stop a variable payment, and consent to payments: VRPs incorporate the Open Banking and OIDC consent model.
Retailers: VRPs are cheaper to process than other payment mechanisms based on credit cards or bank transfers. VRPs are based on faster payments so are quick, so retailers receive payment almost instantly.
Banks: The VRP model provides banks with the innovation needed to improve customer experience and offer wider choices in banking products.
Sweeping and other VRP use cases
Sweeping was the first use case for VRPs. Sweeping allows a customer to automate payments between accounts under the same name. However, innovating banks have recently extended the use cases for VRPs into the non-sweeping scenario that can offer an open banking alternative to direct debits and online card payments.
However, VRPs have an Achilles Heel: a 2021 consultation from the Open Banking Implementation Entity (OBIE) exploring VRPs and use cases such as Sweeping, pointing out several issues related to potential fraud in a VRP ecosystem; these issues include the following:
A TPP (third-party provider) should use a mechanism to assure the identity of the owner of the destination account. This will help reduce the risk of APP (authorised push payment) fraud and misdirection fraud.
TPPs may not have mechanisms to check the link between a card and a specific account during a card-based Sweeping transaction.
Creating a secure environment for VRPs to soar
VRPs are an important innovation in banking that can facilitate faster payments, but they must be fraud resistant. A core area that must be hardened for inter and intra-account transfers is the ability to cross-check identity and perform on-the-fly identity uplift along with AML checks.
Using an Open Loop Identity Network Layer provides this functionality, merging identity verification, AML checks, and identity verification into a VRP user journey. A rule-per-transaction model drives this functionality to ensure that the checks are up to date, reflect current compliance, and are dynamically applied. The result is identity assurance that aligns with the VRP model. In addition, this capability closes the door to the pushback from credit card companies, who would lose custom to this much faster, cheaper, and user-centric method of recurring payments.
Dynamically assured identifiers and VRPs
The VRP model is dynamic, so verification and anti-fraud checks must similarly be applied dynamically to reflect this; fraud can be mitigated, and use cases expanded by following the lead of VRPs and the open banking rails. The concept of a ‘Variable Recurring Identity’ (VRI) is achieved using an Open Loop Identity Network Layer; this provides a synergistic system that is deeply integrated at key user journey points in a VRP use case. Each time a VRP transaction occurs, checks can be made via specialised services that provide AML and other identity checks. The rules of the system behaviour are modifiable and adjust to regulatory compliance and market changes. This capability is vital in a lively market.
A VRI can mimic the VRP mechanism for Sweeping and other extended VRP scenarios. This concept can also be used in non-payment scenarios, for example, updating an electoral register. The user could update if they move house, or rules could require a verification check based on a specified rule. This is analogous to building an ongoing relationship; the system automatically updates the relationship between a service (e.g., a government service or bank) and a customer. In this case, that relationship would be facilitated through open banking.
The VRP concept is gaining traction, with banks like NatWest leading. But to deliver on its promise, anti-fraud must be an intrinsic part of the design of VRP-based systems. An Open Loop Identity Network Layer provides the framework to develop hardened, fraud-resistant open banking solutions that retain a seamless, customer-centric focus.