FedNow launched in July 2023 with 35 early adopting financial institutions (FIs), and over the course of about six months, it added another 400. Such rapid growth of the network could very well make it increasingly attractive to fraudsters, and two characteristics point to the nature of that possible fraud:
FedNow, unlike FedACH, only allows for push payments (from the sender). As a result, it is particularly vulnerable to fraud that involves either getting access to consumers’ accounts or tricking them into making payments.
Payments settle instantly, and the money can be withdrawn within seconds. There is no recourse for a payment sent in error.
In other words, if a fraudster can induce someone to send a payment or get access to their account, the money is as good as gone. How do banks address it? Several years ago, the Faster Payments Council wrote a framework for how to manage fraud in faster payments. A key component of that framework is the tools and technology from banks and providers.
In the case of FedNow, some of the technology comes from the Fed itself. But to operate instant payments with minimal risk of fraud, banks need to bring more technology into the fray. FedNow itself provides basic anti-fraud features that include the ability to set risk-based transaction limits, manage conditions for rejecting payments, digitally sign the contents of payment messages, and reconcile transactions with the institution’s ledger. But the ability to manage payment fraud at scale depends on technical advances. Three areas where advances are required include:
Authentication. “Zero trust” identity is the idea that users should be “authenticated and authorized based on all available data points.” That ultimately includes identity verification in the creation of an account, the authentication of a session in which an account is used, and the continuous reassessment that someone logged in to an account is who they say they are. Day to day, that suggests consumers use both a password or other credential to log in and their behavior related to location, transactions, and device use is tracked. As of now, this kind of holistic approach to identity is still pretty rare.
Analytics. The shorter the time between sending and settling a payment, the less time there is to accurately flag and address fraudulent transactions. There is therefore a greater need for tools that monitor transactions in real time and enable straight-through fraud detection and prevention. Machine learning algorithms, a core component of modern fraud detection, can adapt transaction monitoring to new fraud patterns and help with faster fraud scoring. But such technology is certainly not universal.
Integrated data. Data that can inform fraud models is often fragmented across tech stacks that are patchworks of systems and not designed to exchange data automatically and seamlessly. To manage payment fraud, banks need to be able to follow patterns across channels and across payment methods for many different customers and do so continuously as data is created.
Additionally, there is a human component to staying ahead on this. What has happened with Zelle, a faster payment method that’s also push-only and free from purchase protection, is instructive. Zelle scams involve both credential theft (via phishing or smshing) and a variety of schemes that get consumers to voluntarily part with their money. Those schemes can include fake ecommerce listings that take Zelle as payment and social engineering schemes that trick consumers into sending money to false accounts. Consumer education is therefore also an important issue to address.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Instant Payments Pose a Fraud Management Challenge
Instant Payments Pose a Fraud Management Challenge
January 16, 2024
By: Tyler Brown
Request for Proposal
By: Tyler Brown
FedNow launched in July 2023 with 35 early adopting financial institutions (FIs), and over the course of about six months, it added another 400. Such rapid growth of the network could very well make it increasingly attractive to fraudsters, and two characteristics point to the nature of that possible fraud:
In other words, if a fraudster can induce someone to send a payment or get access to their account, the money is as good as gone. How do banks address it? Several years ago, the Faster Payments Council wrote a framework for how to manage fraud in faster payments. A key component of that framework is the tools and technology from banks and providers.
In the case of FedNow, some of the technology comes from the Fed itself. But to operate instant payments with minimal risk of fraud, banks need to bring more technology into the fray. FedNow itself provides basic anti-fraud features that include the ability to set risk-based transaction limits, manage conditions for rejecting payments, digitally sign the contents of payment messages, and reconcile transactions with the institution’s ledger. But the ability to manage payment fraud at scale depends on technical advances. Three areas where advances are required include:
Additionally, there is a human component to staying ahead on this. What has happened with Zelle, a faster payment method that’s also push-only and free from purchase protection, is instructive. Zelle scams involve both credential theft (via phishing or smshing) and a variety of schemes that get consumers to voluntarily part with their money. Those schemes can include fake ecommerce listings that take Zelle as payment and social engineering schemes that trick consumers into sending money to false accounts. Consumer education is therefore also an important issue to address.
You Might Like These, Too
David Rasson on Embracing Change at ING
Capital One: Trust, Identity and Authentication in Digital Banking
The Payments Stack is a Tech Issue and a Management Problem
Security Is Biggest Open Banking Concern in US
Leaders in Bank Consulting