Westpac outs NPP as enabler for abusive payment messages

Westpac has outed the New Payments Platform (NPP) as the vehicle being used to ferry abusive messages in transaction descriptions.

In a Westpac In-Depth post early Thursday, the bank's general manager for customer solutions Lisa Pogonoski squarely put the problem - seen by CBA and Westpac - at the feet of the NPP, which enables real-time payments.

The NPP launched in 2018 and offers a 280-character description field that, in some cases, is being laced with serious abuse.

“The issue can be traced back to about a year after the New Payments Platform went live and the industry detected – in Westpac’s case, by our fraud team – a notable increase in “colourful” language in payment messages,” Pogonoski said.

“While most of this was simply banter … some was far more sinister, with abusive, harassing and sometimes violent undertones.

“The perpetrators were making low value transactions – often as little as one cent – as a means to contact their victims.

"From that moment, banks moved to deal with these unintended consequences."

Westpac now needs to run data analytics across the payment field descriptions to locate abusive messages or patterns that may indicate abuse.

Pogonoski said since switching on the analytics technology in January, more than 6000 payments made by Westpac and St. George customers have been blocked and the customer notified “because they included a message with words deemed inappropriate or offensive.”

“We took another major step last month, enabling customers who receive an abusive message to report it to us by clicking a report button, alerting a dedicated team," she wrote.

“The importance of introducing these capabilities – in particular, the abuse reporting function – cannot be underestimated and the implications have been eye-opening.”

An NPPA spokesperson told iTnews that transaction descriptions relayed via its service are encrypted in transit, therefore it was not able to see harmful content at its end.

The spokesperson said it had "provided guidance to financial institutions that use the platform" since launch that "contemplates that financial institutions could monitor how their customers are using NPP payment narratives, could screen payments for offensive content (potentially using mechanisms in place for other transactional products), as well as providing services to support vulnerable customers, such as ‘holding’ messages from specific payers, so they’re not displayed to the payee customer.”

NPPA had also collaborated with institutions "to strengthen this approach by defining automated alert messages”, the spokesperson added.

These can be used by "participating financial institutions to notify sending institutions of potentially offensive or abusive messages requiring investigation.”

Meanwhile, the messages continue at an alarming rate; CBA's deputy CEO David Cohen told a senate hearing this month that "between October 29 [2020] and January 29 [2021], so a three month period, somewhat alarmingly, we have blocked 162,000 transactions".

“Of those 162,000 that were blocked, customers tried again, and 115,000 of those were blocked completely," he said.

“That is really alarming. That is 115,000 in three months.”

The Commonwealth Bank first raised concerns in June 2020, with more than 8000 customers reporting abusive messages sent via the banks payment transaction field.