Faster payments are a great business opportunity—from RTP today to FedNow in 2023, new payment rails open up fresh possibilities for revenue and growth. Unfortunately, these rails also create new avenues for fraud. As you consider adopting faster payments, there’s value in understanding what sets real-time payments (and the correlated fraud) apart from other payment methods like ACH. This journal also includes four tips for minimizing faster payments fraud, to ensure your business can leverage new rails with less risk.
Faster Payments Fraud: Unique Challenges
All payments introduce some degree of risk. For most businesses, the benefits of moving money digitally warrant this exposure. Although faster payments rails aren’t necessarily riskier than more established rails (including ACH), they are different in three meaningful ways. And each of these distinctions creates new fraud potential for high-growth businesses.
Faster payments are:
- Immediate. Faster payments are built for speed. When money moves instantaneously, fraud can be hard to detect and deter.
- Irrevocable. Faster payments cannot be reversed. Because settlement happens in real-time, fraudulent transactions are nearly impossible to pull back.
- Nonstop. Since faster payments are always on (24x7x365), companies need to be vigilant at all times. Without staffing around the clock, this can be challenging.
Naturally, fraudsters like faster payments just as much as companies and consumers do. When bad actors can move money quickly, leverage instant settlement, and strike at any time, fraud becomes that much more attractive. In response, businesses using faster payments need to establish and solidify safeguards.
It’s also important to note the high daily limits for faster payment rails—RTP has a $1 million general transaction value limit and FedNow’s credit transfer transaction value limit will begin at $500,000. Clearly, the stakes for understanding and averting potential fraud are sizable.
4 Ways to Minimize Faster Payments Fraud
A key part of faster payments preparation is security. The following suggestions can help companies root out and reduce fraud.
1. Examine risks
To grow a business is to assume some level of risk.
Determining your company’s risk tolerance requires balancing the desire for conversions and revenue with the need for compliance and security.
For many companies, some degree of fraud is the cost of doing business. PayPal, as an example, at one time purportedly lost up to $1 billion a year to fraud, with a fraud rate between 0.17 and 0.18 percent of revenue.
Fraud prevention must be balanced against friction in the user experience. A recent report found that the average fintech, in an effort to drive growth, loses $51 million to fraud (or 1.7 percent of its revenue) each year, with many losing even more. The report cited the dangerous ripple effect fraud can have, wherein incidents force fintechs to impose barriers that make their customers less likely to move money. This friction—e.g. asking users for more information, algorithms flagging the wrong users, and more manual reviews—can worsen the user experience and thus impact a company’s bottom line.
In striking a balance and assessing risk, it’s important to understand the different types of payments fraud. The Fed’s FraudClassifier Model is a valuable resource for understanding and naming incidents.
The Fed’s FraudClassifier Model
As the model shows, fraudulent activity in the payments industry nearly always follows five paths. The type of fraud depends on who initiated the payment (an authorized or unauthorized party) and how the fraud was executed.
- For authorized parties, fraud either involves (1) manipulation, (2) fraudulent actions, or (3) modified payment information.
- For unauthorized parties, the fraudster either (4) takes over an account or (5) misuses account information or a payment instrument.
Different businesses are susceptible to different types of fraud. If Uber gives promotions for inviting friends to join the platform, fraudsters will make up fake accounts to get those referral bonuses. In the case of a business like PayPal, account takeovers or fraudsters using stolen payment details are probably a greater concern.
Consider Zelle, which is embedded in a bank portal and involves push payments exclusively—as a result, it is more impacted by authorized fraud. In 2021, an estimated $440 million was lost by Zelle users via frauds and scams—and 90% of cases were not repaid by banks. These cases were phishing scams, in which a user was manipulated into authorizing a payment to another party.
Banks are still trying to arrive at the best solution for Zelle fraud, since technically, the bulk of these payments are authorized. As the problem has expanded in magnitude, pressure has increased for banks and/or Zelle to cover the loss. In fact, banks including JPMorgan are currently in talks to potentially reimburse scammed customers.
2. Assess tools and processes
When it comes to minimizing faster payments fraud, moving forward requires examining where you currently stand. The following questions can get you started:
- How well do your current tools and processes prevent fraud?
- What adjustments should you make to them?
- Which new tools will you want to add?
- Which processes, across departments, will need to be automated or reimagined to account for payments that are instant, irrevocable, and always-on?
- What process will you use for handling fraud if it arises?
- How will your vendors help mitigate fraud risks?
- What role will your bank partners play in minimizing fraud? See FI requirements for RTP and FedNow.
- Which organizations and communities will help?
Getting a clear understanding of how prepared your business is for faster payments security is crucial.
You’ll also want to ensure you’re using a multi-layered approach to prevent fraud.
A 2022 report breaks fraud prevention into three parts: new account creation, account log in, and distribution of funds. New account creation is the most susceptible to fraud by a wide margin within financial services.
Nevertheless, the incidence and cost of fraud, across all stages, can be scaled back with multi-layered digital identity solutions including email/device verification and behavioral biometrics. In fact, these measures can reduce funds lost to fraud by up to 22%.
Dual approval is another option to consider. This process requires that two authorized users approve a transaction between parties. While dual approval can slow down a payment, the extra time and added oversight can have huge security benefits for certain payment types.
3. Prepare stakeholders
Fraud prevention takes a village. From training team members to educating customers and consumers, reducing fraud requires deep comprehension, buy-in, participation, and diligence.
The Fed advises that business teams be prepared to verify the source of a payment request (e.g., from a supplier or biller). In addition, they should note any changes to payment accounts by using a requestor’s known phone number.
Educating customers and consumers is also a vital fraud deterrent when it comes to faster payments.
End-users should be encouraged to take precaution. Specifically:
- End-users should be urged to protect personal information like login credentials, ensuring their credentials are strong and unique for each account.
- End-users should be made aware of the irreversibility of faster payments.
- End-users should informed about their risk for potential fraud and scams.
Looking to the UK, where faster payments have been used since 2008, fraud is increasing among customers that issue authorized push payments. In 2021, this kind of fraud created losses totaling £583.2 million (nearly $698 million), up 39% from 2020. The issues other countries (further along with faster payments) are experiencing should be a strong motivation for companies to encourage diligence among their customers.
While FedNow has many advocates, customer security is a concern for some. In the US, the National Consumer Law Center has issued statements indicating that faster payments favor speed and convenience over protection, citing fraud in the UK and via Zelle as model examples.
Still, when companies use the right processes to prepare and educate stakeholders, there’s no reason faster payments can’t be both instant and safe.
4. Implement and automate security
Circumventing faster payments fraud can be a big undertaking. Companies must be ready to consider a broad array of signals into customer identities and the legitimacy of each transaction. As an example, does the customer pass KYC? Are they using a familiar device and IP address? Are they using a channel and payment type they regularly use?
For many businesses, seeking out the right solution to help is an important part of RTP or FedNow readiness.
In choosing the best platform to prevent fraud, be sure to look out for the following features and functionality:
- KYC. Your solution should utilize device and behavior analysis to create a risk score for each new user via multiple data providers (Modern Treasury uses more than a dozen for decisioning, with built in feedback and insights).
- Transaction monitoring. The solution should check for signs of fraud or money laundering, including higher-than-usual payment sizes or volumes, or evidence of structuring behavior. Ongoing checks of customer data are also important, including an updated sanctions screenings, which can catch a user recently added to any watchlists.
- Machine learning and rules engine. User risk levels should be evaluated via machine learning models trained with data from many customers to advance accuracy. A rules engine should also be used for deterministic behavior. Your solution should provide policy controls so that decisions can be automated or manually reviewed depending on risk factors.
Modern Treasury’s solution integrates compliance and payments to enable secure money movement.
The platform makes it possible to onboard users, run KYC checks, and manage faster payments, all without storing any PII on servers or using a tokenization provider.
This technology already powers companies offering instant ACH products and utilizing RTP, securely and at scale.
Teaming Up to Prevent Fraud
Minimizing faster payments fraud takes time and ongoing diligence—it can also be complex. Luckily, the right partner can shoulder some of the heavier (and more technical) lifting. Reach out to explore how Modern Treasury can help you launch, manage, and master faster payments, for sizable growth that’s safer.
Get the Inside Scoop on FedNow
Our co-founder and CTO was on a FedNow steering committee—here’s what he sees on the horizon.
There are a number of resources and groups to help companies keep abreast of evolving payment risks:
- Businesses can join the US Faster Payments Council and access fraud information sharing.
- For those using RTP, the Clearing House offers the Payments Authority program, which includes audits and risk assessment services.
- Lastly, the FedNow Community offers a “front-row seat to news and insights” related to FedNow and the Service Provider Showcase includes fraud prevention services.
The Fed has also put out a Synthetic Identity Fraud Mitigation Toolkit and a guide to mitigating authentication fraud.
Subscribe to Journal updates
Discover product features and get primers on the payments industry.