Faster Payments, Faster Fraud? Not So Fast!

Fraud has been around for millennia, with the first cases being documented in the third century B.C. Two Greek sea merchants, Hegestratos and Zenosthemis, took out a “bottomry,” an insurance policy that included a loan to finance their voyage, with the ship as collateral. They were supposed to repay the loan with interest after selling their goods, but they concocted a plan to sink the ship so they could keep all the funds, while the lender lost the collateral. However, they were caught in the act; Hegestratos died trying to flee, while Zenosthemis met his fate in the Athenian courts.Is the notion of “faster payments, faster fraud” just a myth? So far, it appears to be, at least for two community financial institutions (CFIs) that participated in a March Federal Reserve online Town Hall discussing fraud management strategies for the FedNow® Service.The $1.3B-asset North American Banking Co. in Roseville, Minnesota has enabled its retail customers to use FedNow to send and receive instant payments and is now rolling the option out to its business customers. But before the payments are settled, the bank deploys controls like velocity, limits, and other measures that enable the bank to pull suspect transactions out of the process safely before they are settled, via the help of a vendor.“While FedNow does have instant payment capability, the only instant part of it is the actual execution of the payment,” says Ryan McNaughton, Vice President of Information Technology. “The lead time between when somebody wants to execute a payment and when it actually goes through is where we are focusing all of our risk mitigation activities. We are not seeing much in the way of fraud or attempted fraud on the FedNow network.”The $8.7B-asset 1st Source Bank South Bend, Indiana first allowed its business customers to conduct transactions on FedNow, with plans to extend capabilities to consumers. The CFI also uses vendors to connect with FedNow, as well as to help the bank stop transactions before they are settled using risk mitigation measures that also include Know Your Customer controls.“KYC is everything — we know our clients, and we can put internal controls on each of those clients, on who can approve payments that potentially leave our portals, as well as transaction limits and daily limits,” says Jim Hunt, Division Head of Payment Strategy.The CFI also partners with vendors to comply with the requirements of the Treasury Department’s Office of Foreign Assets Control to minimize fraud and other illegal activities by sanctioned countries and other bad actors.If transactions are automatically stopped by any of these measures, the goal is to then manually determine as quickly as possible if they are, indeed, fraudulent, Hunt says.“We really haven't seen any fraud and we are definitely scaling transactions quickly,” he says. “However, we always have to be aware that bad actors out there will find ways to exploit. There's always that next risk. Our concern is that we don't get complacent, so we try to make sure our solutions are state-of-the-art.”

FedNow’s Implementation of ISO 20022The instant payment rail has several built-in capabilities to help CFIs and their vendor partners mitigate fraud, including the implementation of ISO 20022, a new messaging standard by the International Organization for Standardization that enhances communication between financial institutions and customers globally. One of the biggest benefits of ISO 20022 is enhanced fraud and financial crime prevention. The structured and expanded payment format allows for more data to be included with every transaction. With elements like LEI and the purpose code, it’s easier to see where payments are going and why they’re being sent. Structured name and address details for senders and beneficiaries help improve anti-money laundering and KYC practices, which make screening more efficient and accurate.Unlike traditional Fedwire payments, where senders try to fit in data wherever they can, the ISO 20022 format is highly structured, with certain data restricted to specific fields. This enables artificial intelligence to detect payment anomalies that could indicate fraud or financial crimes. Additional FedNow Service Mitigation ToolsAs the two CFIs mentioned in the Federal Reserve’s Town Hall, FedNow includes additional tools for FIs to combat fraud, including the ability for financial institutions to establish risk-based transaction value limits; the ability to specify certain conditions under which transactions would be rejected, such as by account number (i.e., a “negative list”); message signing, which will validate that the message contents have not been altered or modified; and reporting features and functionality, including reports on the number of payment messages that were rejected based on a participating financial institution’s settings.The Federal Reserve is exploring other features like value limits that could be tailored to certain uses, aggregate value, or volume limits for specific periods (for example, per business day), and/or centralized monitoring performed by FedNow, such as functionality that leverages advanced statistical methods and historical patterns to identify potentially fraudulent payments.Other Ways To Minimize FraudThe Federal Reserve recommends that financial institutions take a holistic approach to combating fraud, and suggests the following:

Is it true that faster payments automatically lead to faster fraud? So far, the answer is not yet, and that’s likely because of the right risk mitigation controls that financial institutions and their vendors have put in place, and other built-in risk mitigation measures within the FedNow Service. But don’t become complacent — continue to evolve your fraud prevention practices, including educating your customers on how to spot would-be fraudsters from duping them into making instant payments.