Real-Time Payments: Pre-Verification Helps, In-Flight Detection Matters Most | Part 6 | Bottomline

There’s a strong focus on defending real-time payments across the whole payments journey, before, during, and after each transaction. The key message is clear: pre-verification (like the UK’s Confirmation of Payee) boosts trust, and tools such as Request to Pay can help, but none of this is enough on its own. With settlements happening in seconds, banks need in-flight analytics that use data and AI to flag unusual behavior in real time, backed by solid post-event playbooks and fair reimbursement (e.g., the UK’s APP fraud rules).

Fraudsters will keep evolving, so this has to be a continuous, end-to-end effort and not a single control.

Northey Point, in conversation with Bottomline, gives a “yes and no” answer. Yes, pre-verification like the UK’s CoP, has improved trust by checking that the name matches the sort code and account number before money moves. People feel safer paying known and unknown recipients however, it isn’t enough on its own.

Northey Point frames protection across three stages: before, in-flight, and after a payment. Before the payment, verification of payee is essential and Request to Pay is underused; structured requests can clarify who’s asking and why, reducing misdirection.

In-flight is the biggest gap. Real-time rails settle in seconds, so risk decisions must fuse behavioral patterns, device/session risk, beneficiary scoring (e.g., mule intelligence), and network signals, ideally with AI, without breaking the user experience. After the payment, strong reimbursement processes matter; the UK’s authorised push payment (APP) reimbursement regime improves consumer protection when customers acted reasonably. However, focusing only on front-end checks and back-end redress misses the decisive in-flight moment.

Fraudsters adapt and they shift tactics, from physical theft and cheque fraud to social engineering and account manipulation on fast rails. For banks, PSPs, and fintechs, the call is continuous improvement rather than one-off fixes.

In practice: keep tuning pre-payment controls (CoP, sanctions/KYC refreshes) and adopt Request to Pay where it fits. Build real-time decisioning that scores both payer and payee, blends rules with explainable ML, and shares signals across the network. Strengthen post-event playbooks for rapid recalls, clear customer comms, and fair reimbursement. Track metrics that balance security and experience: interception before irrevocable send, millisecond decision times, false-positive and drop-off rates, recovery rates, and model drift.