Will FedNow Be a Game-Changer for Instant-Payments Fraud Management?
Will a “fraud party” start in instant payments? Not on the Federal Reserve’s watch. See how the FED is protecting FedNow from fraud and cybercriminals.
On July 30, 2023, the Federal Reserve launched FedNow, its instant payment platform. In a world where digital payments are becoming the norm and fraud management is an ever-growing concern, a government-backed instant payment system might provide either one more important tool in the fight for fraud detection or can show how far behind the government is when it comes to financial tools.
What will it be? What exactly are the challenges when it comes to fraud detection in the financial system? There is no doubt they are great in number—so it raises the question: Can a government-developed system be effective against data fraud? Can it meet the demands and the expectations of the market? Will the customers be happy?
This is what we hope to answer in this article. Let’s get on with it.
First Things First: What Is FedNow?
FedNow is the initial government-created and backed U.S. portal that enables banks to send and receive funds virtually instantly.
As things stand, FedNow has some competitors—which are older and more firmly established with the public, such as Venmo, Cash App, Zelle, and The Clearing House’s RTP. Unlike these, though, the idea is that FedNow will enable faster payments through instant and irrevocable transaction settlement, providing the payee with access to funds in almost real-time, featuring an open-loop interbank system, which means that payments will be routed and settled between financial institutions over a shared network.
This real-time clearing and settlement service between banks enables depository institutions and other service providers to offer additional value-added services. Fednow also includes optional fraud prevention tools, the ability to opt-in as a receive-only participant, payment inquiry support, and payment capability request tools. It means that the customer will be able to make, say, a mortgage within seconds. However, as Forbes clarified, recently, the Fed is still phasing in the system. There’s a $500,000 cap on transactions as things stand (by means of comparison, RTP allows up to $1 million in transactions).
To begin, thirty-five banks and credit unions have already adopted instant payment capabilities through FedNow, alongside the U.S., Department of the Treasury’s Bureau of the Fiscal Service. Furthermore, sixteen service providers stand prepared to assist with payment processing for these financial institutions. Within the platform, the Fed has included Dropp, a micropayment platform powered by Hedera, in its list of service providers. This has made Dropp one of the various technology solutions that The Federal Reserve offers through its payment service.
This move should ensure that FedNow provides safety for its users.
And safety is something sorely needed in the current state of the digital world.
FedNow has joined the ranks of instant payments. Discover the state of digital financial solutions in the US. Click here and download our litepaper.
Fraud in the U.S.
A little technology is a dangerous thing. A lot of technology might be safe. This is at least what the data on fraud detection shows us right now in America.
According to Stripe, from $130 billion in 2020, the global cost of online payment fraud is expected to reach $206 billion by 2025. This number is itself an upshot from the acceleration COVID-19 fueled, which led to a 20 percent increase.
In this environment, synthetic identity fraud—where a cybercriminal creates a fake identity combining real and false information (like a real Social Security number linked to a fake name)—is on the rise. The same Stripe research indicates that by 2025 the losses it’ll entail will reach the $14 billion mark. Other online payment-related frauds will toll businesses anywhere from $35 to $50 billion.
There’s more. A study from PYMNTS.com states that in 2022 the real-time payments market hit about two billion transactions; the projection is that it’ll reach nine billion by 2026, totaling up to more than $10.5 trillion. It’s needless to say this is a deep blue sea for scammers, especially since this market is anchored in phone-based payment systems provided by Apple and Google. What’s more, the tendency is that big online retailers like Amazon will embrace instant payment solutions like FedNow—seeing as how it already started accepting Venmo in 2022.
And as time passes by more innovative solutions which are as of today incipient, will mature. One example is buy-now-pay-later (BNPL) digital solutions, whose economics, as the New York Times put it, grew out of control in great part because of the exploitation of dishonest players.
As the Consumer Finance Protection Bureau report on BNLP asserted last year, companies “are not providing the same rights and protections” customers—and businesses—need. One of the most common frauds in this kind of economics is the synthetic fraud already mentioned. All in all, the market is just too immature (regardless of the spectacular sixty million users it has today, and the projected $437 billion in spending it might see by 2027).
The Most Common Payment Frauds in the U.S.
TABLE 1.1: THE MOST COMMON PAYMENT FRAUDS IN THE U.S.
FedNow Fighting Fraud: Are They Fixing It?
In the months preceding FedNow’s release, Nick Stanescu, senior vice president and FedNow business executive, stated that fraud management features are a high priority for the project and solutions were being tested together with transaction flows in the new system. The verdict was that the team was “making great progress.”
But what kind of innovation has FedNow brought to fraud detection?
Network-level transaction limit
◍ According to the Fed, the $500,000 limit per transaction is a starting step in security policy.
◍ Financial institutions can designate suspicious accounts from which their organizations can’t send or receive transactions.
ISO 20022-level security
◍ FedNow participants can set preferences and use ISO 20022 messages to support their fraud mitigation and error resolution.
◍ The FedNow Service requires that messages exchanged with subscribers be cryptographically signed to verify the integrity and authenticity of messages.
Data Encryption and Tokenization
◍ Data in the FedNow Service environment is encrypted in transit and at rest.
◍ Certain sensitive data is tokenized.
Authentication and Authorization
◍ All connections to the FedNow Service are mutually authenticated.
◍ Access to the FedLine Solutions user interface is protected by multi-factor authentication.
◍ Throughout the system, role-based access controls and segregation of duties are implemented to enforce the principle of least privilege.
But all this begs the question: Will it be enough?
According to the Fed itself, not all of these measures will be available from the get-go. PYMNTS informs that the “Fed plans to roll out additional anti-fraud measures in 2024 and beyond.” Stanescu also said that more features are still “being built” into the service. As the list suggests, the bulk of the safety measures lies with the banking institution, not the Fed. The idea is that the institutions, that have extensive research and development into private fraud detection measures, can help to perfect the platform.
What Lies Ahead
Fraud and cybercrimes against financial institutions grow by the minute and at a greater rate than policy measures. For every innovation in fraud detection, a new crop of scams grows. As RSA research revealed, 70% of businesses stated that the efforts of companies are not achieving the desired effect, even with the use of various tools. This becomes especially concerning when considering the current landscape.
So no one payment platform can for a fact solve the problem of fraud detection. The reason is that the problem is systemic, ranging from data leaks, confidence tricks, data frauds, scams, and all imaginable sorts of sources. So while FedNow might provide an improvement regarding the unification of instant payment systems under the government banner, it’s imperative that financial institutions look after stronger and more resilient safety measures.