With the launch of the Federal Reserve's
Perhaps, but instant or Real Time Payment (RTP) fraud is a cash cow for online fraudsters, mainly because most of the fraud is authorized by the scam victim. Last year,
To get a preview of what FedNow fraud might look like, let's look across the pond to the United Kingdom's instant payment system. According to the
As for FedNow, what is sure to make a murky accountability trail even more so, is that unlike with Zelle, each financial institution that signs up for FedNow is responsible for the creation of the web/mobile pages and most of the security around the faster payment transactions. If fraud occurs because those pages were somehow compromised, lacking clear accountability trails, consumers may very well get caught in the middle as financial institutions and the Fed hash out who's liable.
But no one likes a fearmonger, right?
So, here's some good news. The Fed has stated that FedNow will launch with some (TBD)
These are smart, common-sense controls. Keeping in mind that much of instant payment fraud consists of scamming authorized users into approving a transaction, other measures include:
Looking at the age of the customer when assessing the transaction, because senior citizens and new-to-digital-banking consumers are especially vulnerable to these scams (e.g., grandparent scam/investment scam). Another effective measure is to use online transaction nudges (e.g., a popup with a tailored warning specific to what the customer is doing, such as 'Is someone on the phone directing you to send this payment?') with suspicious transactions and/or the first time a user pays a new recipient on FedNow.
The bank hasn't explained why person-to-person payments, bill processing and account-transfer services went down for parts of two days this week. But observers suspect glitches in its legacy systems could occur at other financial institutions and increasingly affect real-time payment networks.
Financial institutions can also have their telecommunications provider check if a customer is on an inbound mobile call while doing the transaction. A long call is also a good data point that something is not right. They can also do a confirmation of payee check (does the payee's name match the name on the receiving bank account?) and check beneficiary intelligence such as the age of account, number of incoming high value payments, etc.
In 2023, deepfake audio and video is becoming more convincing. For example, when a grandparent gets a call from their grandson about a "car wreck" or "kidnapping" and asks for money, it will sound real — because the fraudster copied the grandson's voice from TikTok and AI-cloned it. So, expect these victims to believe the scam/be scared if the fraud analyst calls to verify the transaction.
Financial institutions will also need to up their game in detecting and removing money mule accounts, their ubiquity, worldwide, being one of the main reasons why online fraudsters are so effective with scam activity. Something the U.S. can copy from the
Because instant payments are irrevocable, there are no
The U.K.'s experience can benefit everyone in the FedNow eco-system if participating financial institutions proactively deploy fraud prevention controls as a carrot, instead of waiting for the stick of regulation to arrive. They'll not only lower online fraud rates but also build digital trust with FedNow customers, which in the still-nascent world of instant payments, will be essential for FedNow to thrive. Until then, FedNow users will have little recourse if they are scammed into authorizing payments.
So … caveat emptor. At least for now.
