Finance & Banking
,
Fraud Management & Cybercrime
,
Fraud Risk Management
Experts Discuss Fraud, Security, Implementation Hurdles With Fast Payment Program
The Federal Reserve’s launch of an instant account-to-account payments system on July 20 is to the financial services industry like the Chicago Cubs winning the World Series after a 108-year drought was to baseball: highly anticipated and long overdue.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
The new service has been hyped as a way to revolutionize in the U.S. approach to payments, thanks to the Federal Reserve’s perception as a stable payments network provider and its access to a built-in customer base of thousands of national, regional and community financial institutions.
The large volume of banks with access to an instant payments network will lead to a “game-changing growth” in faster payments adoption, Jessica Cheney, vice president for digital banking solutions at payments processor Bottomline Technologies, told Information Security Media Group.
FedNow may not be the only instant payments service in the U.S., but it allows access to any depositary institution eligible to hold accounts at Federal Reserve banks – unlike its competitor, The Clearing House. So far, only 35 banks and credit unions and 16 service providers are certified to use the service. This includes community banks and large lenders such as JPMorgan Chase and Bank of New York Mellon.
“Many of the financial institutions I’ve spoken to will go live on day one but won’t offer any products to their customers on day one,” Peter Tapling, board member for the U.S. Faster Payments Council, told ISMG. “As with The Clearing House’s real-time payments, most institutions will join as receive-only in any case, so customer-facing product development is minimal.”
FedNow allows payments of up to $25,000 to be made in real time, from one bank account to another. The money is immediately available and irrefutable. Each financial institution has the ability to go to market with its own unique value-added solution based on the Federal Reserve’s real-time clearing and settlement network. Another advantage: The solution isn’t dictated by a fintech company and offers business payments unlike most peer-to-peer payment systems such as Zelle.
Launch Timeline: Quick Enough?
When it comes to real-time payments solutions, the U.S. has lagged behind the U.K. and Europe for years, said Karen Helmberger, director of payments at cyber intelligence firm Financial Services Information Sharing and Analysis Center.
“This comes down to the fundamental difference in our approach to a market-driven economy,” Cheney said. “The U.S. does not have a regulatory dictate to innovate in the payments space – we leave that to the players in the industry to accomplish.” The Federal Reserve solution is not mandated, but offered as an option for banks to use voluntarily.
But a four-year timeline between conception and launch of a “major solution” such as FedNow is not “overly long,” Helmberger told ISMG. This is especially so for a risk-averse and conservative organization like the Federal Reserve, Cheney added.
Challenges Ahead?
Large-scale adoption of FedNow will take time, and growing pains are to be expected, Helmberger said. “It will also take time to fully understand the benefits as well as challenges, including with regards to security.”
Faster payments leads to faster fraud. “For financial institutions, that changes the emphasis from fraud remediation, where they reverse payments after fraud is suspected or discovered, to fraud prevention, where they ensure the frauds don’t happen in the first place,” she said.
Fraud intelligence sharing, Helmberger said, will be more important than ever to help the sector fight large-scale fraud.
If the Federal Reserve creates a repository of fraud data and uses it to trigger alerts related to suspicious transactions, it will be able to feed this information to banks, enabling them to stop fraudulent transactions before they’re completed, said Carlos Kazuo Missao, head of innovation for Americas at GFT. GFT is partnering with U.S. banks to help them adopt FedNow.
Slower adoption is another hurdle waiting. FedNow is often compared to The Clearing House’s RTP money transfer system. The lackluster response to the latter from banks, especially smaller receiver-only banks begs the question: Will FedNow attract wider adoption?
Industry watchers predict that FedNow is likely to see more interest from banks and credit unions, but smaller banks will likely wait and watch. “They want to see how the FedNow service unfolds before participating. Most aren’t yet technologically ready and still have infrastructural needs to address. Some are having conversations with tech companies and other service providers about what they need to do to prepare internally, but they’re not there yet,” Missao said.
The Federal Reserve of Chicago told ISMG that unlike the privately-owned RTP program, where banks are required to set up an account that maintains a minimum balance, all financial institutions already have an existing master account with the Fed that eliminates the need to open one for FedNow.
Community banks and smaller financial institutions can connect to FedNow either directly or through a processor such as FiServ or Jack Henry. This can help banks bring down the cost of implementation as they buy the service off the shelf from processors, which already have built-in fraud detection tools. If they associate with the Fed directly, they will have to build and implement the fraud tools themselves, a Federal Reserve of Chicago spokesperson said.
Larger banks and financial institutions, on the other hand, are ready from a technical standpoint and in a position to comply with its policies and guidelines.
“We expect that a majority of the later adopters to take a phased approach to integrating FedNow, starting on the receiving end by allowing their customers to accept transactions through the service,” said Missao. “This is easier to implement, and less resource intensive. But they will inevitably find that their customers want more, at which point offering a full suite of instant payment services will be a non-negotiable for all banks and institutions.”
An issue that needs immediate attention is ubiquity between the FedNow service and The Clearing House’s RTP network, said Cheney.
FedNow and RTP also follow different guidelines that govern the solutions, which could cause a “messy situation if the two guidelines ever differ on major topics,” Cheney said. “Nacha emerged as the single source of ACH processing rules. The Fed and The Clearing House both abide by those rules for ACH processing. In the future, we are going to see the need for one set of operating rules for real time, instant payments as well.”
With no interconnectivity between the two solutions, banks will be forced to join both in order to have the broadest reach for their customers. Until the eventual synergy, banks will have to depend on their technology providers to bridge the gap with routing solutions.
The Role of FIs
As a payment rail available only to financial institutions, many of the security measures will be their responsibility on either end of the transaction, Tapling said.
FedNow does offer some tools, including how institutions can set their own payment limits, and it maintains a “negative list” to identify accounts ineligible for FedNow. FedNow users also are required to report fraud on their platform to the solution provider, but the reporting guidelines are unclear as is what happens with the data, he said.
From a cybersecurity perspective, FedNow will follow the same guidance and protocols as most existing payment rails, Missao said. The Federal Reserve will follow ISO20022, a universal financial industry messaging scheme, potentially implement encrypted messaging between payers and payees, as well as multi-factor authentication and rule-based access on the banking side, Missao said.
While banks already have fraud departments in place, they need to strengthen these, making them faster and more agile than the protocols they have in place for traditional payments, he said. Banks can also take additional measures on top of what the Federal Reserve is already doing, such as using its negative list of accounts to proactively identify and respond to fraud in real-time, he said.
Financial institutions should treat instant payments security with the same scrutiny as any other payment solutions they offer, Cheney advised.
Financial institutions implementing FedNow also must review training materials and resources such as the Federal Reserve’s FraudClassifier model to actively monitor activity, Helmberger said.
Whether the new U.S. government-backed, real-time payments system truly rewires the country’s payments system or not depends on whether it is able to get financial institutions across the spectrum to adopt FedNow and use it to offer their own B2C payments solutions – while baking in sound anti-fraud and cybersecurity measures.