Key Risks in the FedNow Era

Key risks in the FedNow era

By Phong Q. Rock, EVP Global Strategy & Growth, Feedzai

FedNow has arrived. Aiming to modernize the existing payment infrastructure to meet the convenience and speed consumers expect, the US is finally joining a growing family of nations that have already launched their own payments systems.

Deployed by the Federal Reserve, FedNow will enable individuals and businesses to send and receive instant payments, operating on a 24/7/365 basis. Through the click of a button, customers will be able to access funding through interconnected payment infrastructure, unlocking the full potential of real-time payment capabilities for US financial institutions.

While the benefits are significant and should be welcomed, the arrival of FedNow does also bring about risks. Bad actors count on using real-time payments and settlement to their advantage, meaning banks and payment service providers participating in FedNow must remain vigilant.

The first step to combating financial fraud is for businesses, and consumers, to understand the risks, so they can better mitigate them. From account takeover fraud, right through to CEO fraud and money mule schemes, we’ve outlined the most significant risks to consider with the arrival of FedNow.

Account Takeover fraud

One emerging risk type that banks will have to navigate is account takeover fraud. By taking control of a business or individual account, fraudsters have the power to inflict significant harm. Bad actors are able to send payments to different accounts in their control, with funds settling instantly before the real account holder or bank realizes an account takeover attack is underway.

Business Email Compromise

Company employees with payment responsibilities must be vigilant – they are the high-value targets for criminals. Fraudsters can create fake websites or send fake emails (phishing), send highly personalized text messages (smishing) or target employees over the phone (vishing). With instant payments and settlement, criminals can convince employees to approve fake invoices that are immediately transferred to another bank, and will be extremely hard to claimback.

CEO Fraud

CEOs and C-suite executives will continue to be key targets for scammers. CEO fraud intensified during the pandemic when many began working remotely. After obtaining employees’ contact information from social media or data breaches, fraudsters send victims an email or SMS pretending to be the company CEO. This type of fraud has typically involved tricking victims into buying physical gift cards and sharing the codes.

In the FedNow age however, fraudsters may instruct employees to initiate payments from company accounts while pretending to be the CEO and jeopardizing the security of financial institutions in the process.

Malware and Phishing Attacks

The widespread and quick adoption of AI technology has intensified the use of phishing attacks, a fraudulent activity centered on various scams, including impersonation scams, romance scams, or tech support scams.

Cybercriminals have taken advantage of generative AI to target victims, creating increasingly realistic messages tricking unsuspecting individuals. Fraudsters can also use malware to steal a target’s personal information to take over their bank accounts and initiate unauthorized transfers.

Money Mule Schemes

Another risk in the FedNow era is the rise in money mule schemes, a type of money laundering activity. A money mule scheme happens when a person who receives money from a third party, transfers it to another, in order to obtain a commission for it.

Being able to send and receive money instantaneously creates money laundering opportunities. Bad actors can recruit victims using fake job listings into acting as money mules. Once money is received on the criminal’s behalf, funds to another account can be deposited quickly and repeated multiple times through different mule accounts. The more layered the money laundering approach, the more difficult it is to trace or recover funds.

Scams

Scams are one cause for concern that banks are currently firefighting at an increasing rate. While FedNow will initiate greater convenience for the consumer, fraudsters will view this as a prime opportunity to target victims.

Even though banks have bolstered their defenses against fraudsters, authorized push payment (APP) scams have been exploited by criminals to trick customers into committing fraud on their behalf.

As FedNow adoption picks up, financial institutions should expect an increase in APP scam variations, including investor, imposter, romance, phishing, smishing, and vishing scams – all of which banks will be fully acquainted with and briefed on.

Social Engineering Fraud

Finally, banks and employees must be mindful of social engineering fraud. Fraudsters can carefully study the victim’s habits and lifestyle, including their jobs, social media profiles, and more. This is called a social engineering scheme, where the criminal collates this information with the aim of manipulating or deceiving victims in order to gain control over computer systems. In many instances, criminals curate a social engineering scheme to convince their targets to send money for fake emergencies, such as an outstanding payment or helping a loved one.

Banks must be vigilant and prepared to tackle these risks. FedNow is an exciting development for US payment infrastructure, making payments as easy and efficient as possible. In a financial landscape that has faced a whole host of tests recently, FedNow will raise the pressure on banks to be alert to these risks, with little margin for error.

As new risks emerge on the financial fraud frontier, so too do solutions adapt and improve. New technology, like that offered by Feedzai, uses AI to help banks and financial institutions stay ahead of scammers, silently protecting millions of US citizens in the background and snuffing out financial fraud before it becomes an issue.