Cybercrime

FedNow Banking Cashes Out Faster, With New Fraud Risks

online banking digital payment transactions

A new banking system that instantly pays out digital transactions could be a big money gain for crooks as online fraud worsens.

The Federal Reserve on July 20 announced the FedNow Service is live. Banks and credit unions of all sizes can now sign up and use this tool to instantly transfer money for their customers, any time of the day, on any day of the year.

“The Federal Reserve built the FedNow Service to help make everyday payments over the coming years faster and more convenient,” said Federal Reserve Chair Jerome H. Powell. “Over time, as more banks choose to use this new tool, the benefits to individuals and businesses will include enabling a person to immediately receive a paycheck or a company to instantly access funds when an invoice is paid.”

According to the Board of Governors of the Federal Reserve System, instant payments will provide substantial benefits for all consumers and businesses when fully available. They include rapid access to funds when needed to help manage cash flows in bank accounts. For example, individuals can instantly receive their paychecks and use them the same day, and small businesses can more efficiently manage cash flows without processing delays.

“The FedNow Service is an extremely timely and needed payment service given today’s increased reliance on technology for various financial transactions quickly. In the past, instant payments have posed a major challenge for financial institutions and their customers,” Justin Newell, CEO of software provider Inform North America, told the E-Commerce Times.

However, the need for speed and the convenience of instant transaction payments comes at the cost of new security challenges, he warned.

Speedy Delivery of Digital Funds

The FedNow Service operates alongside other longstanding Federal Reserve payment services, such as Fedwire and FedACH, as an interbank payment system.

To participate in FedNow, financial institutions must demonstrate a higher level of security. They must complete a certification process to ensure their preparedness to address instant payment-related fraud by implementing effective operational and communications tools. Computing security infrastructure, however, may not be as easy to certify.

Newell explained that the FedNow Service differs from other payment applications because transactions are completed in seconds directly between bank accounts without the delays typically incurred in payment applications. Many alternative payment platforms require users to hold balances in the apps rather than sending and receiving money directly to or from their bank accounts.

Other payment services or apps allow funds to be sent directly from a bank account, with funds instantly available to the recipient. But in those cases, the money transfer from bank to bank is delayed. That is where the credit risk appears, he offered.

The FedNow Service also can be used with all types of payments between businesses (B2B) and between businesses and consumers (B2C). Another difference is that only banks and credit unions can access FedNow, but no third parties.

No AI Cyber Fix to the Rescue Yet

Card-skimming fraud is already at all-time highs. FICO last month released new data about card skimming increases this year. Criminals put small card-reading devices into payment terminals to steal card information.

According to the data, skimmed card instances jumped 77% YoY from roughly 70,000 cards in 2022 to nearly 120,000 in just the first six months of this year. Other kinds of payment fraud are also on the rise, including authorized-user- and first-party fraud.

So far, AI is unable to help. New data from Brighterion, a Mastercard company, cites a shortage of data science capabilities as the top barrier to using AI to prevent fraud.

The ongoing labor shortage among cyber experts is impacting IT staffing capabilities, which also strains businesses’ ability to act on other business plans.

Other top barriers for financial institutions to utilize AI for payment fraud prevention include complex and drawn-out implementation. The technology many financial institutions use to prevent fraud is clunky and requires a lot of maintenance, according to industry reports.

However, no AI applications are available to act independently and more accurately identify fraudulent transactions before they happen.

Instant Payments Intensify Fraud Risks for Merchants, Banks

The new FedNow approach will not actually provide them with better security, which is a cause for concern, warned Newell.

“The rapidity of instant payments intensifies the difficulties in fighting fraud. Instant payments, while susceptible to similar fraud types as other payment methods, present unique obstacles due to their swift completion and non-reversible nature,” he explained.

For most payment methods, a customer can retract a mistaken payment before it gets processed. However, instant payment is finalized within seconds, he continued. Since it is irreversible, the payer cannot cancel the transaction. Moreover, the payee can immediately access the funds.

Newell cautioned that if the payee is a fraudster, these features make it harder to identify and halt a fraudulent instant payment transaction before the fraudster has already taken the funds.

“Although FedNow will offer new tools for fraud prevention, too, for example, to establish risk-based transaction value limits, I am afraid this alone will not guarantee the security needed,” he said.

FedNow Advantages Shadowed by Persistent Fraud Risks

FedNow’s new features may do little to curb the online fraud landscape. Instant payments will offer many benefits for many stakeholders, but they also bring unique risks.

“Regardless of the payment method, the strategies to fight fraud remain consistent and involve multiple layers of protection,” said Newell. “This includes the security features integrated into the payment systems themselves, as well as those incorporated into the systems of the participating financial institutions.”

He suggested that financial institutions adopt a comprehensive fraud-fighting strategy to secure instant payments better. This recommendation becomes particularly important when their existing solutions and processes for combating fraud still rely on batch processing or manual intervention.

For truly holistic fraud prevention, banks must analyze a vast array of data from various sources for each transaction within milliseconds to assign an accurate risk score. This analysis must factor in information about all involved banks, accounts, the people behind those accounts, apps, channels, amounts, timing, locations, involved devices, whitelists, blacklists, sanctions lists, and much more.

“This can only be done with contemporary AI solutions that incorporate all these factors,” Newell observed.

Navigating Fraud and Risk in the Instant Payments Era

With current technology, banks cannot speed up the typical cycle time needed to comb through data to identify trends in fraud and risk. Accelerating this process is only possible with state-of-the-art AI solutions, which are not yet available.

On the one hand, Newell noted, banks need to use machine learning to investigate incredible amounts of data for fraud and behavior patterns and learn from them. On the other hand, rigid rule systems, such as those still frequently used by many banks, have had their day.

“We need dynamic profiling, flexibly adaptable rules in real time by algorithms, but also by human experts. This is where questions of software usability also come into play. It often must happen quickly. Otherwise, the criminals will cause incredible damage,” he predicted.

This need for AI assistance will also apply to traditional or established banking systems. Holistic risk and fraud management solutions must be able to communicate with various banking and other IT systems.

“It is important that financial institutions can easily integrate them into their IT landscape,” Newell urged.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Cybercrime

E-Commerce Times Channels