How To Mitigate Payment Risks with the Right Banking Partner

“The global ISO 20022 standard can improve security and compliance by promoting richer, better structured transaction data,” says Michael Heinzl, Product Manager & Developer RBI Cash Management. “This helps to better identify risks such as fraud or suspicious activity and facilitates compliance with legal requirements such as AML (Anti-Money Laundering)   and KYC (Know Your Customer). On the other hand, new standards and formats also require advanced screenings to make sure to adhere to financial sanctions.” 

“ISO 20022 can bring significant benefits to customers by improving payment efficiency, data quality and global compatibility,” the expert is convinced. “The standard's rich, structured data promotes the streamlining of processes such as invoice reconciliation, tax reporting or supplier management, while reducing errors and delays, especially for international payments. ISO 20022 enables more seamless and efficient payments for businesses of all sizes. It can also give customers access to improved analytics that help them make smarter financial decisions.”

- Structured data: Transaction messages contain standardized fields that ensure no important information is missing or misinterpreted.

- Richer information: Messages can contain detailed data, such as full payer and payee details, making it easier to spot anomalies.

- Improved traceability: end-to-end data consistency means that payments can be tracked more accurately throughout their lifecycle.

“As more and more companies adopt ISO 20022 and ensure that their data is also compatible, implementation is accelerating across the financial industry. As a result, both customers and banks can benefit sooner from features such as faster payments, better data quality and increased security,” Michael Heinzl explains.

“EBICS sets the gold standard for secure transactions. With robust encryption, comprehensive authorization, and seamless multibanking capabilities, it ensures optimal security and efficiency for our clients,”  explains Philipp Höfer, Group Product Owner RBI Cash Management. “We provide the latest EBICS protocol for maximum security and stability.”

- Encryption and digital signatures: Ensures the integrity and confidentiality of data and prevents unauthorized access and manipulation

- Multi-layered security architecture: Uses double encryption and multiple electronic signatures to provide additional layers of security.

- Standardized protocol: Facilitates compliance with legal regulations such as SEPA and ISO 20022 and simplifies audits and reporting.

- Comprehensive authorization management: Detailed user authorization ensures that only authorized persons can initiate and approve transactions.

- Audit trails: Maintains comprehensive transaction logs essential for regulatory compliance and discrepancy detection.

“The security of our customers' transactions is our top priority,” says Mirko Jurisits, RBI Expert Compliance Officer. “We don't limit ourselves to regulatory requirements - we strive to be recognized as the safest bank in our markets.” In addition to the technical security measures described above, there is also a Group-wide system for combating fraud in payment transactions called “ARGOS”. Every payment initiated by RBI customers via digital channels passes through this system. It evaluates various aspects of the payment and compares them with the customer's previous transaction profile. “This happens in real time, using expert rules and machine learning algorithms. If the payment is classified as unusual or risky, we contact the customer who initiated the payment before we execute the transaction.”

“All employees receive annual training to refresh their awareness of all compliance issues. In addition, there is further advanced training for selected target groups,” says Catherine Hapke, Lead for RBI Group Compliance Training & Awareness.  RBI has also implemented a series of standard controls throughout the Group. RBI's training program is updated annually and on an ad hoc basis when new regulations come into force. “In Austria, we   regularly take part in various forums where market participants exchange information on fraud and security issues and where we regularly expand our know-how,” says Mirko Jurisits.

“In the area of transaction fraud, we consider authorized payment scams to be the biggest threat to bank customers,” says Mirko Jurisits    . These are scams where account holders are manipulated to make payments which are then received  by the perpetrators. Some examples are CEO fraud (management impersonation), invoice redirection (supplier impersonation) or repayment redirection (bank impersonation). “Although such attempts against RBI customers have been rare so far, we expect that advances in AI technology will make impersonation easier and more realistic and these fraud attempts will become even more dangerous in the future,” explains Mirko Jurisits. ”From an anti-fraud perspective, it is most important that employees in critical positions, especially those who can initiate or authorize payments, are aware of current fraud methods and follow internal procedures.”

In addition to general news, the RBI website and customer newsletters are a good source of information on new fraud schemes. “In 2025, we plan to further improve our customer communication with up-to-date information on the fraud schemes observed in our large network of subsidiary banks in Central and Eastern Europe and how our customers can protect themselves against them,” the compliance expert explains.

“We are proud of the fact that in the many years we have been providing digital payment services, not a single case of unauthorized access to RBI’s payment    systems has occurred,” says Mirko Jurisits. “This is also thanks to our customers, who have a high level of security awareness and use our digital services in a prudent and controlled manner.”