There’s a lot to love about instant payments (a specific type of faster payment): Consumers benefit from increased flexibility and transparency into payment status; businesses benefit from improved cash flow and money management; and financial institutions benefit from new solutions that enable them to better serve their customers.
While many can benefit from instant payments, as with any type of payment, the potential for fraud exists. But some characteristics of instant payments may increase fraud concerns. Read on to learn about various types of fraud involving payments, the particular challenges posed by the unique characteristics of instant payments, ways to protect your organization and customers against instant payments-related fraud, and some tools that the FedNowSM Service1 will offer to help financial institutions prevent fraud.
Let’s begin with a basic understanding of the most common ways in which fraud involving payments occurs. Fraud scenarios that are relevant for other payment types can also occur within instant payments.
Those who need to understand key fraud categories might start with the FraudClassifierSM Model (Off-site), which enables organizations to systematically classify fraud involving payments based on three key questions. The first question asks whether an authorized or unauthorized party2 initiated the payment. The second and third questions ask how the fraud was executed and what tactic was used.
While prone to types of fraud that are similar to those for other payment types, instant payments pose some unique challenges due to their speed and irrevocability. With most payment types, a customer can recall a payment made in error before it is processed. In contrast, an instant payment is completed in a matter of seconds, and because it is irrevocable, the payer cannot cancel the transaction. In addition, the payee can withdraw the funds immediately. When the bad actor is the payee, these characteristics make it more challenging to detect and stop payment on a fraudulent instant payment transaction before the bad actor has already withdrawn the funds.3
Regardless of payment type, however, the actions that can be taken to combat fraud are consistent and involve multiple layers of safeguards, including the security measures built into the payment systems themselves, as well as those built into the participating financial institutions’ systems. With respect to instant payments, financial institutions should consider taking a holistic approach to combating fraud, particularly in cases where existing fraud solutions and processes may be based on batch processing or manual intervention. An analysis of processes, technology, staff training and approaches to customer education may be beneficial in order to identify opportunities for improvement.
Here are some tips for how financial institutions might begin to take a more holistic view of their solutions and processes for instant payments.
In addition, as with other payment types, fraud prevention doesn’t rest solely with financial institutions. Necessary safeguards also include actions end users take to protect their personal data, such as user IDs and passwords. Educating consumers about social engineering scams – not only in their personal lives, but also at work – can raise awareness about potential fraud risks and make them more inclined to take appropriate precautions.
Straightforward enough, but end users may not fully understand that instant payments’ speed and irrevocability make them different from most payment options. As a result, educating end users about these differences and how they can help prevent fraud is a critical complement to all the other security measures that can be taken by instant payment systems and the participating financial institutions.
Besides what financial institutions can do, below are some best practices for how consumers and businesses can add security measures to prevent fraud.
Beyond what financial institutions and end users can do to prevent fraud in instant payments, the Federal Reserve is taking action to support these efforts in a number of ways. First, the recently-released FraudClassifier Model provides a common language for classifying fraud. The payments industry can use this model to better understand current and emerging fraud trends across multiple payment types, which can then help the industry refine approaches to combat it.
Second, the Federal Reserve Banks’ forthcoming FedNow Service, will provide tools to assist participating financial institutions in their role as the primary line of defense against fraudulent transactions. Per a recent Federal Register notice (Off-site), the features at launch include:
The Federal Reserve is exploring other features that could be made available as part of future releases to aid participants in managing fraud risk, including, for example, value limits that could be tailored to certain uses, aggregate value or volume limits for specific periods (for example, per business day), and/or centralized monitoring performed by the FedNow Service such as functionality that leverages advanced statistical methods and historical patterns to identify potentially fraudulent payments.
Here are some key takeaways from this article:
1 FedNow is a service mark of the Federal Reserve Banks.
2 An authorized party is an individual or entity with the right to initiate the payment; whereas an unauthorized party does not have the right to initiate the payment.
3 When the bad actor is the payer, however, instant payments may make it harder for that payer to succeed in committing a false claim fraud.
4 The maximum transaction limit amount will be consistent with market practices and needs for instant payments.