- The FedNow Program launched on July 20th
- In 2008, the UK Faster Payments System launched - with some negative consequences
- These negative consequences were quickly addressed, offering an example for the U.S. system
We've addressed in an earlier post the fundamental challenge of offering real-time payments in an era where fraud is rampant. The public has embraced options like Paypal, Venmo, Zelle, and CashApp -- and, why not? They're handy, easy-to-use, and fast.
On the other hand:
The very elements that makes these services so valuable and desirable - simplicity and speed - also create opportunities for fraud... and hesitancy for adoption by financial institutions.
Lack of Fraud on FedNow a Cause for Apprehension?
Within 3 days of the launch, banks were already experiencing a rash in Account Takeover attempts through multiple channels – online and social engineering.
- Credential Stuffing – Online banking channels at banks began to see a spike of fraudulent logins, followed by account takeover and bleeding accounts dry.
- Social Engineering – Call centers were flooded with social engineering attempts by fraudsters luring customer service representatives to change addresses, credentials and then bleed accounts dry.
On the other hand, Frank also points out that the UK system did not just sit back and take it:
Banks in the UK rushed to make measures to stop the fraud including lowering daily limits, introducing more front end authentication controls and training call center staff on how to stop the rash of account takeover.
Technology vendors even came up with clever authentication devices where consumers could even use their own debit cards to generate one time passcodes.
It provided an ultra secure, if not clunky way, to avoid account takeover.
Lessons Learned from the UK
Education about the new system, with respect to financial institutions, businesses and the broader public will be key. The Fed has had an intense marketing campaign in place for months now, with the central bank announcing last month some 57 companies as early adopters.
On the threat of bank runs, she stressed that financial institutions will have flexibility to impose restrictions that should fend off such problems. For example, banks will be able to lower dollar limits on transactions and could shift to a receive-only mode if they like, she said.
With respect to interoperability, she explained that such cooperation between payment rails has been an issue in the past and that it sometimes took decades to create better connections. Still, FedNow is designed in keeping with the international ISO 20022 standard and it has that in common with the U.S. private real-time payments system known as the RTP network, which is operated by The Clearing House, which is owned by a group of banks, she noted.
Maybe it is just too quiet and that has us fraud fighters nervous?
Or maybe, we owe a debt of gratitude to UK banks for carving the path and making the US journey to instant payments safer.
The UK learned the hard way and to be honest, we may as well.. But for now, it’s all eerily quiet on the FedNow fraud front.
Financial Institutions Need to Stay Proactive
While it is all quiet on the FedNow front -- in terms of fraud -- financial institutions cannot sit back and relax. Fraudsters notoriously find any vulnerability in any system, and it's only a matter of time until fraudsters find a penetration point.
With faster payments, the ability for financial institutions to perform fraud detection requires technologies like AI and machine learning that are powered by GPUs to reduce latency and provide immediate results. This includes checks -- which previously took 24-48 hours to process. However, through the power of APIs, financial institutions will be able to send checks through the fraud detection system and receive near-instantaneous results -- ensuring check payments are not counterfeits, forgeries, or alterations.
As the FedNow and real-time payments achieve mass adoption, financial institutions need to be prepared with the right technologies as fraudsters turn their attention to the channel.