American Banker: Navigating the FedNow Fraud Frontier

The groundbreaking FedNow initiative initiated by the Federal Reserve in July 2023 ushered in an era of instant financial transactions up to $100,000, transforming the landscape of digital banking. By October 2023, over 100 members were actively participating in this service, paving the way for a revolution in how financial transactions are conducted in the United States.

However, this innovation is not without its challenges. The introduction of FedNow opens new avenues for cybercriminals, and FedNow fraud is a reality that US banks must prepare for. Historical data from countries that have transitioned to instant payment systems, such as the UK with its Faster Payments Service, show a direct correlation between the adoption of such services and a rise in cybercrime.

For instance, the UK banking sector witnessed a drastic increase in phishing attacks, resulting in losses of £36 million by 2006. This trend emphasizes the need for robust security measures in the face of evolving cyber threats.

As the US moves towards embracing FedNow, banks must draw lessons from past experiences with similar systems. The launch of Zelle in 2017, for instance, saw US banks grappling with fraud losses as high as 7 percent of the total money transferred. This situation underscores the need for adaptive and flexible security controls to combat the sophisticated techniques for FedNow fraud employed by cybercriminals.

Preparing for FedNow Fraud Challenges

Scam Detection Capabilities

With the advent of generative AI and deepfake technologies, social engineering attacks are becoming increasingly sophisticated. Banks need to enhance their scam detection models and educate their relationship managers to verify transactions, especially those involving high net-worth individuals.

Leveraging Behavioral Biometrics

Experiences from the UK and Australia show that behavioral biometrics are effective in detecting unauthorized account takeovers and impersonation scams within instant payment systems. US banks should integrate similar technologies for better security.

Collaboration with Banking System Providers

Banks should closely examine the fraud detection capabilities of their banking system providers, focusing on configurable elements and gaining insights from the provider’s broader customer base.

Empowering Customers with Controls

Engaging customers is crucial. Banks should offer options for setting personal transaction limits on FedNow, along with cooldown periods for significant transfers. Educating customers about the risks associated with FedNow, including the threat of deepfakes and AI-generated scams, is equally important.

Proactive Customer Outreach

Rapid and effective communication with customers is key to understanding the context behind their transactions, particularly in complex scam scenarios. Digital and automated communication tools can enhance these efforts.

Establishing a Joint Command Center

Close collaboration between business and cyber intelligence teams within banks is essential. A joint command center can facilitate the continuous updating of security controls and effective communication with customers.

The launch of FedNow is a double-edged sword, bringing both convenience and increased risk. Read the full article in American Banker (subscription required).