For the first time since the introduction of the ACH in the 1970s, a new (and improved) payment system is being introduced in the United States.
This solution is ideal for businesses that want immediate, seamless payment processing that clears and settles instantaneously. This gives businesses access to resources faster, freeing them up to make other use of the funds right away.
The real-time payments service is a great way for FIs and service providers to offer a better user experience for customers - making payments easier, faster, and more convenient.
First, let’s look at what the FedNow real-time payments service is and what makes it stand out.
The FedNow Service is a real-time payments rail being introduced by the Federal Reserve, enabling instant payments for businesses operating in the United States. Available to financial institutions (FIs) of all sizes, traditional banks, Fintechs, payment processors, and service providers can use the service.
What makes FedNow’s real-time payments service stand out? Two main things:
- Real-time payments processing: Payment services will process payments in near real-time, giving users immediate access to funds.
- Full-time availability: The payment service is available to users 24/7/365. Theoretically, users always have access to the payment service at all times.
Unlike existing payment service systems, users have around-the-clock access, with payments clearing virtually instantly.
The FedNow real-time payments service is slated to be released in July 2023.
The service will be released in phases, with additional features periodically rolling out. This will help the Federal Reserve manage the product rollout and enable them to make improvements and respond to changes in the industry.
Keep in mind that pricing may change prior to launch.
Currently, the Federal Reserve has announced the following fees:
- $25 Monthly Service fee
- $0.045 Credit Transfer fee
- $1.00 Liquidity Management Transfer fee
- $0.01 Request for Payment fee
- $0.045 Return Customer Credit Transfer fee
In an effort to encourage adoption, pricing is designed to compete with alternatives like FedWire and the Automated Clearing House (ACH).
To help incentivize organizations to adopt at launch, new customers for 2023 are being offered discounts. Namely, these include:
- Waiving the $25 monthly service fee (up to $300 in annual value).
- Discounting the $0.045 customer credit transfer fee for the first 2,500 customers (up to $1,350 in annual value).
The fact is, for many businesses, real-time payments will cut costs and empower companies to offer faster payment services.
Fortunately, the introduction of FedNow - even as an adopter - means little changes from a compliance perspective. The same rules and regulations apply, and most organizations looking to make this switch will already have a handle on compliance operations.
One of the biggest questions that affects organizations' compliance and anti-fraud operations in relation to adopting the FedNow Service is that of liability. In the case of fraud, who will be liable? The sending bank? The receiving bank? Does the Federal Reserve absorb some?
The fact is, real-time payments rails are one of the most lucrative systems for fraudsters to use. Not because it’s not secure for users, but because once they’ve extracted the funds, it’s theirs at that point. Fraudsters will certainly seek to exploit this system, as was the case when the UK introduced a real-time payments rail for the first time.
It’s essential that organizations have proper controls in place to stay compliant with AML regulations as well as reduce the rate - and impact - of fraud. Below, we look at some of the top methods for staying compliant and safe from fraud when using the real-time payments rail.
Verify New Account Openings
Most FedNow service adopters will see an increase in new accounts; but not all of them will be legitimate. Fraudsters looking for access to the real-time payments service will create fraudulent new accounts to gain access.
Typically, this will be done using fake identities and even synthetic IDs, looking to gain access to the rail in order to commit fraud or money laundering.
It will be more important than ever to verify users during onboarding, ensuring that customers are who they say they are. Use adequate Know Your Customer (KYC) processes to make sure you verify any new user onboarded to your platform. Identify and root out potentially malicious new accounts so fraudsters can’t use your platform to exploit the real-time payments rail.
Monitor for Account Takeover
Some fraudsters will look to expedite the fraud process by hacking an existing user's account. This gives them immediate access to the account, so they can quickly commit fraud and move on to the next account.
Fortunately, there are ways of stopping these fraudsters before they can actually make a fraudulent transaction. For fraud prevention teams to do this, they need to look not just at transactions, but user activity that precipitates those transactions.
Monitor user activity for specific series of events that could signal account takeover (ATO) fraud. For example, create a rule that flags the following series of events: (1) a user logs in from an unrecognized IP address, device, or geolocation, and (2) the user changes their password, contact information, or address. While not all of these cases will be fraudulent, flagging these for review before approving further transactions by this user will significantly mitigate the impact fraudsters can have through ATO fraud.
Authenticate Users Before Processing Payments
It’s imperative that organizations authenticate a user at the point of a transaction. This creates an opportunity for risk management teams to implement policies that actually prevent fraud from occurring, essentially halting it in its tracks.
Use tools like multi-factor authentication, biometric verification, facial recognition, and more to make sure that the person making a transaction is the actual account holder, mitigating the impact of account takeover and other malicious types of fraud. Avoid using authentication with known problems - or at least refrain from relying on them exclusively.
For example, SMS authentication isn’t always the best method, as fraudsters have developed ways around this (SIM Swapping). If you are going to use this authentication method, make sure you have SIM Swap Detection tools to ensure it’s functioning properly.
Ultimately, user authentication is one of the best ways to protect against fraudulent transactions, as it can be used to stop fraudulent transactions from being completed.
Use Real-Time Transaction Monitoring
Transaction monitoring will be especially important - we are looking at real-time ‘payments’ after all. The fact is, this can be challenging when we’re looking at real-time payments. That doesn’t give risk professionals a lot of time to review the transactions for suspicious activity.
To manage this, most companies will need to rely on automated detection solutions that monitor transactions and flag suspicious activity for review. This can even involve pausing - or outright stopping - transactions in progress for review, if enough indicators exist.
Risk teams will need to balance this effectively; you want to stop fraud, but you don’t want to impede or hinder the user experience for legitimate customers. In some cases, transactions will need to be reviewed after the fact, but with the proper alert system in place, teams can pause transactions until a manual investigation and approval has occurred.
Therefore, organizations should adopt payment screening and transaction monitoring systems that allow them to not only review payments after the fact, but to also monitor them in real-time. Features like real-time rules paired with alert scoring capabilities can help strike this balance by automatically flag suspicious transactions as they occur - giving risk teams the ability to intervene.
Use Activity Monitoring Tools to Analyze Behavior
While monitoring transactions is going to be essential, that shouldn’t be all you monitor; there is a plethora of other user activities (or events) that organizations can draw valuable insights from.
Non-monetary events are extremely useful for identifying - and even predicting - fraudulent activity. Risk management teams can look at logins, account changes (passwords, addresses, etc.), and customer service requests. These can be used to study behavior and look at potential instances of fraud - or instances that lead to fraud.
Be Prepared at Launch
It’s imperative that organizations adopting FedNow’s real-time payments rail have adequate compliance and fraud protections set up from launch.
The fact is, fraudsters will flock to exploit the system early on, looking for any ways they can take advantage of the payment rail. As soon as you announce that you’ll be introducing and using FedNow’s new service, bad actors will target your organization, expecting that you haven't been able to set up adequate security controls.
First and foremost, you’ll likely see an increase in ATO fraud, as fraudsters look to take over existing accounts so they can exploit the payment rail. Beyond this, you’ll likely see a surge of new account openings, but a number of these accounts are likely to be using fake identities, in an attempt to exploit your platform and the real-time payments rail.
Have adequate compliance measures and fraud prevention solutions in place at the point of launch. Use user onboarding and transaction (and event) monitoring to protect yourself against threats at launch. Over time, you can perfect your rules to better identify and flag these attacks.
Adopt Real-Time Payments with Confidence Using Unit21
In particular, emerging Fintech providers stand to benefit greatly, catering to a demographic that is looking for fast, efficient services and a seamless user experience. Enterprise-level businesses and B2B companies also have a lot to gain, as they get access to funds sooner.
Organizations that plan on adopting FedNow’s real-time payments rail will need to have a plan in place to keep their platform (and users) safe. They’ll need to think in advance about what defense mechanisms to use to mitigate payment fraud threats. Clear, accessible internal policies and procedures must be developed to guide customers - and the organization - on best practices.
Unit21 is an ideal solution for effectively mitigating the risk of real-time payments. In Unit21, your team will have access to real-time rules for transaction and activity monitoring which will empower you to analyze edge cases and stop and prevent potential cases of fraud.
Schedule a demo today to learn how Unit21 can help you prevent fraud when using the real-time payments service.