The increased adoption of ISO 20022 represents a significant milestone for the financial services industry, changing how financial data is exchanged, interpreted and used across the entire ecosystem. As a globally recognized financial messaging standard, ISO 20022 provides more structured, richer data about financial transactions, which can enable better decisioning and analytics as well as increased operational efficiency for financial institutions.
Today, financial institutions are exploring how these benefits can be used to enhance customer experience, drive the development of value-added services, and promote industry innovation. The first in a series of articles exploring how ISO 20022 data requirements are enhancing the payments system, this article examines how financial institutions can leverage ISO 20022 to enhance their fraud mitigation efforts.
By shifting from less structured to more structured, standardized data, ISO 20022 may create opportunities to detect fraud faster, earlier, more accurately, and more efficiently.
Faster, more accurate pattern detection
Fraud detection models are only as strong as their underlying data. Legacy payment messages often contain fragmented or ambiguous data, resulting in incomplete or inconsistent inputs, which can be difficult for fraud models to effectively use. Without accurate inputs, even the most advanced models can struggle to identify fraud.
ISO 20022 can help enhance fraud models by providing richer and more structured payment details around the payer and payee, remittance data and purpose of the transaction. Higher-quality data inputs and additional data elements can make it easier for financial institutions’ fraud detection systems to interpret data more precisely, aiding in faster and more accurate risk pattern detection. These benefits likely apply to both rule-based fraud detection and advanced machine learning approaches. Rules can be applied to precise elements rather than loosely interpreted text, making them more accurate and easier to maintain. Similarly, for machine learning-based models, ISO 20022-based payment messages provide more consistent, accurate data for model training. More accurate risk pattern detection can also reduce false positives, leading to improved operational efficiencies for financial institutions.
Greater insight into payment counterparties and transaction intent
The structured, richer data that ISO 20022 provides may also allow institutions to more accurately validate counterparty details. ISO 20022 enables names, organizational identifiers and address components to be transmitted in discrete fields rather than free text. This can help institutions more reliably identify whether the payee is an individual or a business, distinguish between similarly named entities, and perform name-matching or account validation checks.
In addition, ISO 20022-based payment messages make the purpose and business context of a given payment clearer and more explicit. In contrast to legacy payment messages where the payment intent is often inferred from freeform text descriptions, remittance information is standardized. For example, ISO 20022 uses standardized category and purpose codes to identify the reason a payment is being made. Fraud detection models may be able to more accurately assess whether a transaction’s characteristics are consistent with the transaction’s stated purpose or payee details. When behavior diverges from what is expected given the purpose, the transaction can be flagged as anomalous or suspicious.
Specifically, structured, standardized fields for payee details contained in ISO 20022-based payment messages can help financial institutions identify anomalies that may indicate fraud. For example, a sending institution may more accurately determine whether the payer details and remittance data align with those included in past payments to the same supplier. Similarly, the use of a different or mismatched purpose code compared to previous payments to the receiving financial institution and account could indicate fraud risks. Such checks can occur during payment initiation, reducing the risk of funds being sent to a fraudulent account.
Use Case: Detecting Business Impostor Scams with ISO 2002
- A criminal sends a fake invoice to a junior finance analyst at ABC Construction, posing as one of its trusted suppliers.
- The criminal urgently requests $75,000 wire payment for construction materials.
- The analyst, believing that the request is legitimate, enters the payment details into the company’s payment system,
which is ISO 20022-compliant.
- The financial institution runs various checks during pre-processing of the transaction
- During its checks, the financial institution flags a new BIC identifier (Off-site) in the payment message.
- Additionally, the payment amount is determined to be much higher than has been the case historically. It also identifies the use of a new purpose code compared to historical patterns and detects some unusual language in the remittance information.
- The financial institution decides to verify with the receiving financial institution that the name associated with the receiving account provided by the sender matches the registered account name.
- The receiving financial institution returns a response indicating that there is “No Match.”
- The financial institution holds the payment and contacts ABC Construction for additional verification.
| ISO 20022 Tag | Expected Value | Suspicious Payment Message Value |
|---|---|---|
| <Dbtr><Nm> | ABC Construction | ABC Construction |
| <DbtrAgt><FinInstnId><BICFI> | DBTRUS533XXX | DBTRUS533XXX |
| <Cdtr><Nm> | Trusted Supplier Co. | Trusted Supplier Co. |
| <CdtrAgt><FinInstnId><BICFI> | SUPPLIERDEFFXXX | NEWBINNL2AXXX → New BIC |
| <Purp><Cd> | SUPP (Supplier Payment) | TRAD (Trade-related payment → Purpose code mismatch) |
| <Rmtinf><Ustrd> | Invoice TS-2025-112: Excavator and backhoe components | Invoice TS-2026-021: URGENT new construction → Sense of urgency, Purpose mismatch |
| <intrBkSttImAmt> | $8,500.00 | $75,000 → Amount outside normal range |
Stronger industry collaboration to address fraud
Another potential benefit of ISO 20022 for fraud prevention is improved industry collaboration. As a global standard, the common data model that it provides can enable more consistent aggregation, analysis and sharing of fraud-related information internally, as well as across institutions, payment networks, risk signal systems, and even jurisdictions. Supplemental data fields can be used by institutions to exchange fraud or risk signals. This type of additional information could provide the receiving institution with greater insight into whether a transaction may indicate fraud.
Additionally, ISO 20022 can help facilitate more efficient collaboration during fraud investigations. When financial institutions request additional information, issue recalls or respond to inquiries, the structured data allows them to reference specific elements of a transaction. This can help improve dispute handling and may improve the likelihood of timely resolution or recovery of stolen funds.
Conclusion: ISO 20022 as a Strategic Tool for Fraud Mitigation
Financial institutions have many opportunities to explore the benefits of ISO 20022 for payments fraud mitigation. By replacing fragmented, free-text payment information with more detailed, standardized data, financial institutions have access to data that is richer and more actionable. This can enable earlier and faster detection of fraud patterns and anomalies, more accurately verify payment counterparties, and provide a deeper understanding of transaction intent. Beyond improving internal fraud controls, it can also unlock improved industry-wide collaboration globally through a common interoperable standard. As the payments ecosystem continues to evolve, ISO 20022 provides the common language that can help fraud prevention keep pace with criminals and ultimately better protect customers and safeguard trust.
Stay Connected
Keep informed about the Fed’s efforts to support payment security and mitigate fraud by joining the FedPayments Improvement Community.