November 28 • 2022

FedNow – Real Time Payments & Real Time fraud for all

Cybercrime is low risk, low investment, and high return. Not surprisingly, illegal financial gain is one of the biggest reasons for cyber-attacks. The result is a predicted USD 10 Trillion of damages by 2025. Our vision is to change that.

Written by @Rob.Tharle, CYBERA’s Head of Product.

The US already has RTP, Zelle and Venmo, to provide real time payments, but in just over 6 months, FedNow will join the party with discounted fees when it launches. This is great for mid-size and small banks and for their customers, to be able to receive the benefits of real time payments. However, it will come at the cost of higher level of fraud and scams.

What will FedNow look like?

Open to many more financial services institutions than RTP, FedNow will have a default limit of $100k, with the scheme limit of $500k. Firms will be able to move it up and down. As now, it is likely firms will set their own internal limits for customers, based on segment and use cases. This is lower than equivalent platforms, with UK Faster Payments and US RTP platforms being significantly higher at £1m and $1m respectively. EU SEPA Instant payments are EUR100k, which is similar, however, It is likely both will increase in due course. 

FedNow also incorporates Request for Payment functionality, like RTP, where funds, e.g. linked to an invoice, can be requested and approved and paid by the recipient.

What might we see when FedNow goes live?

A key point to bear in mind when shifting to real time payments are that they are irrevocable as well as instant. Therefore, net losses increase as funds have moved before any recalls can be made once the fraud has been noticed. Whilst RTP has fairly low fraud rates, this is in part due to the fact that the fraudsters are using Zelle and Venmo, instead of RTP. Many of the banks already had sophisticated fraud systems that they updated for RTP too, to help keep fraud down. With FedNow being available to Financial Institutions of all sizes, this will not always be the case going forward.

By far the biggest issue is the speed of take up of real time payments by consumers, businesses and fraudsters alike. The rise of digital throughout our lives has meant we expect everything to happen in real time. Once we have this capability with payments, we see organic growth on top of cannibalisation of legacy payments. 

This means the volumes of transactions just keep growing, making it harder to spot the fraudsters. To provide some context the UK has had real time payments since 2007. Even 14 years after it was introduced, volume of payments increased by 20% to 3.4bn and 24% by value to £2.6 trillion. This is in part due to new uses cases, such as open banking payments offering a replacement for other forms of payment, including POS & ecommerce as well as P2P.  Therefore, we should expect a fast take up of FedNow too.

Whilst real time payments helps consumers and businesses save time and money, fraudsters are also keen. In the first years the UK saw a 132% increase in online banking fraud. This has since increased in 2021 to unauthorised remote banking fraud (web and mobile app) of £199m and authorised frauds (e.g. romance scams, investment frauds etc.) of £583.2m. Card fraud for comparison was only £524m.

Closer to home in the US, the level of fraud associated with Zelle is well publicised, so there is no reason for FedNow not to be targeted too as banks and their customers start to use real time payments for the first time.

One thing all these sorts of frauds and scams have in common is the need for mule accounts. As financial institutions bring in FedNow to their customers it will make them more attractive to money mules, as this provides them the ability to move funds fast. 

These trends are happening globally, with a rise in authorised frauds such as investment scams and romances scams, as real time payments and improved security controls against unauthorised frauds are introduced. As a result, regulation is increasing too.

In the UK we are seeing the scope of regulation changing to bring liability on the beneficiary bank as well as the paying bank particularly for authorised frauds. This means that a focus on mules throughout the lifecycle is becoming more important, both to avoid liability and protect customers.

Even if there is no liability, there are other impacts, for example the operational impacts of the fraud reports and negative customer experiences that result. Therefore, investing in prevention is money well spent. However, investment in responding to the rise in fraud and scams is also important. Giving customers increased support when they need it most is key. Making sure victims can report fraud and scams easily and sharing that information with beneficiary Instiutions, whether fiat or crypto and law enforcement, helps increase the ability to freeze, recover and repatriate stolen funds.

There are clear threats for financial institutions from the introduction of FedNow. With the launch just over 6 months away, there is no better time to start dealing with them than now.

What should institutions do to Mitigate the threats posed?

There are at multiple areas in which financial institutions should focus on in order to mitigate the threats posed by real time payments

  1. Provide Multi-factor authentication options for customers, mandating for high-risk transactions. 
  2. SMS should be avoided due to the inherence security risks such as SIM Swap. If required add SIM Swap Detection.
  1. Undertake real time transaction monitoring of all the transactions, both payment and non-monetary. Ideally this should be a fraud hub to avoid proliferation of end point solutions.
  2. This should include any extra details submitted as part of the ISO20022 payment message, e.g. invoice details. 
  1. Expand Transaction Monitoring to cover inbound payments in real-time.
  2. Provide transaction enrichment by utilising external device intelligence, behavioural biometrics, telco data and Watchlists of known mules accounts and crypto wallets to improve model performance.
  3. Build multiple models using machine learning/AI to target unauthorised, authorised fraud and for mule behaviour.
  4. Ensure your fraud operations are can support the 24/7 nature of real time payments and have the right volume of trained staff.  Augment with smart workflows and automation to improve efficiency.
  5. Utilise a global fraud reporting service to improve the customer experience and help get victims funds back.
  6. Build the system to be scalable to ensure the performance is available when required. Instant payment values grow fast.
  7. Improve you application fraud and KYC at onboarding by adding mules watchlists and integrating with your fraud hub. This helps target mules throughout the lifecycle.

I hope this quick review of FedNow to a new range of institutions and customers might mean in terms of fraud and financial crime. It is clear that investment is required in fraud systems and people in order to protect the benefits that real time payments can bring to the economy.


At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.

CYBERCRIME WATCHLISTTM helps support firms to reduce fraud and money laundering and meet the requirements of the CRM as part of a holistic fraud and financial crime strategy.

Financial Institutions (FIs) can check against the CYBERCRIME WATCHLISTTM for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.

At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLISTTM to reduce opening new mule accounts.

CYBERCRIME COMPLAINTTM further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.

Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.