The launch of FedNow has brought high-dollar, real-time payments to the financial marketplace. Proponents who believe the service has been a long time coming tout it as good for consumers and the economy.
Bank customers should benefit from the convenience, but so too will another group of unintended beneficiaries: cybercriminals.
The chatter of bad actors has lit up the dark web with schemes to exploit instant access to high-dollar transactions. For them, early adopter financial institutions will provide a training ground to test and perfect fraud tactics they can scale when FedNow is more widely utilized.
As with every new challenge that appears on the fraud horizon, the opportunity to learn and improve is there. To prepare for what’s to come with FedNow, financial institutions can look to the recent past for valuable lessons in early and collective action.
Uniting the fraud community in proaction
Financial institutions need to look no further than what’s happened with peer-to-peer (P2P) platforms to imagine the scale and impact of FedNow-enabled fraud. Speed, the central benefit of FedNow, enabled criminals to commit tremendous P2P payment fraud in recent years. It cost victims more than $250 million in 2022 alone and brought a level of scrutiny from consumers, regulators and the media that banks don’t want to repeat.
Though not a P2P platform, FedNow replicates cybercriminals’ favorite aspect of P2P transactions—fast transfers—and amplifies it. With the ability to move up to $500,000 in a single transaction, the stakes are high. One wrong action by victims and money leaves their account instantly and is just as quickly deposited and retrieved by perpetrators. The money is long gone by the time the victim or bank can react.
The growing pains experienced from P2P fraud provide a compelling reason for engaging fraud professionals early and building upon the lessons learned. Best practices—such as applying fraud detection models and establishing stringent standards for payor/payee authentication—can go a long way. But the temptation of high-dollar payments will inspire novel fraud methods that banks likely will not be fully prepared for.
The nationwide network of financial institutions will benefit tremendously if fraud professionals engage and share what they witness and learn. A collaborative approach that tracks and analyzes everything—from macro-level trends to micro details—will enable the larger fraud community to more quickly synthesize, report and act on emerging schemes. This, in turn, could allow the broader adoption of FedNow to occur with greater confidence and fewer risks.
Equipping customers against fraud
Bank customers, who are the likely targets of FedNow-enabled schemes, will need to be part of an offensive strategy underpinned by good communication. Though FedNow is on the radar of financial professionals and the media, it’s not a consumer-facing product. The rewards and perils are largely unknown to financial consumers.
In addition to promoting the benefits for consumers, banks should include risk education as part of the program, too. Banks should push security and authentication best practices to the customers most likely to use FedNow-enabled services. Clear prompts can help drive action, including the setup of security notifications, two-factor authentication and two-way alerts, such as text messages that allow customers to validate large transactions before they are executed.
Banks can also focus educational efforts on the customers most likely to be targeted by cybercriminals looking for a FedNow payday. Those who have had more sensitive personal data exposed in data breaches and made available in cybercriminal forums are low-hanging fruit. They are easier to impersonate in fraudulent transactions or perpetrate convincing scams upon. Newer forms of artificial intelligence are helping banks identify these customers, enabling the institution to automatically turn up security controls or encourage customers to adopt more stringent settings themselves. When they understand the reason why, most customers are willing, and they appreciate the insight from their bank.
The ability to instantly transfer hundreds of thousands of dollars will create meaningful risk for financial institutions and irresistible opportunities for criminals. This doesn’t mean that banks shouldn’t move forward with implementing FedNow. It just means that they shouldn’t wait to see how far cybercriminals are able to exploit an enticing new opportunity. Banks can start fraud protection early, communicate and be as proactive as possible.
Jason Laky is the executive vice president and head of financial services at TransUnion.
In this webinar, Sai Huda, CEO, CyberCatch, a globally recognized cybersecurity expert and author of the best-selling book, Next Level Cybersecurity, will cover what every role in your financial services organization needs to know about cybersecurity, going beyond basic phishing...