Skip to main content

FedNow fraud prevention for credit unions: A guide for AML, fraud teams

Mary Ellen Biery
January 24, 2024
Read Time: 0 min

Prevent fraud when adopting FedNow

Credit unions can prevent fraud as they connect to FedNow. Use this guide to understand available tools and the steps AML and fraud teams should take. 

You might also like this FedNow implementation guide with details on appropriate AML/CFT and fraud considerations.

DOWNLOAD

4% adoption so far

Why FedNow-related fraud worries credit unions

Preventing fraud is a top concern of credit unions considering adopting FedNow, the new instant payments infrastructure from the Federal Reserve. The worry is understandable, given the current impact of fraud on financial institutions and their customers or members.

FedNow, officially called the FedNow Service, says it has some built-in anti-fraud capabilities, discussed below, that will help limit fraud risk to credit unions. The service also plans to continue working internally with financial institutions to improve the ability of staff tied to anti-money laundering/countering the financing of terrorism (AML/CFT) and fraud efforts to:

  • Prevent a fraudulent event
  • Detect and stop one in progress
  • Manage or mitigate an event that has occurred.

Credit unions thinking of utilizing FedNow should consider taking the steps described here to protect the institution from increased fraud.

But first, understanding how FedNow works can help AML and fraud professionals better prepare their credit unions for adoption and avoid new fraud risks.

Real-time payments

FedNow uses for credit unions and their members

The Federal Reserve Banks designed the FedNow Service so credit unions and financial institutions of all sizes could offer members and customers a fast, efficient way to send and receive money around the clock. FedNow supporters envision many ways to use it for more efficient and more accessible business and financial transactions. Examples include:

  • A car dealer could quickly finalize a sale by receiving confirmation of the required payment immediately rather than in hours.
  • A fast-food worker could get paid at the end of their shift instead of days or weeks later.
  • Painters or other small businesses could access funds paid to them immediately when the job is finished to purchase supplies for the next job.
  • Plaid has said it’s using FedNow through a partner financial institution for instant payouts for investments, payroll, loan disbursements, and insurance claims. Through FedNow, the fintech also facilitates instant microdeposits, the small-amount transactions used to validate accounts.

FedNow fraud considerations

Given the competitive landscape, credit unions and other financial institutions know they must work toward faster payments. Despite the potential benefits for members and credit unions, the nature of the payment rail creates several important fraud-management considerations.

First, credit transfers using FedNow can clear the core and complete settlement virtually immediately, within seconds. This is much faster than current clearing and settlement timeframes for checks, ACH transactions, and mobile personal payment options like Venmo. While those payment types can provide information confirming the transfer request within minutes, settlement can take hours or days.

A second fraud management and prevention consideration for credit unions is that FedNow will operate around the clock every day of the year. Fraudsters can try to push through fraudulent transactions at any time, so fraud detection, processes, and controls must be in place to act quickly at all times.

Fraud increases at credit unions

Fraud is already a major challenge for credit unions. For example, an ATM scheme that operated through July 2023 targeted credit unions in six states, stealing nearly $6 million. According to news reports, one credit union alone had more than $1.7 million stolen. One study found that the rate of fraudulent calls to credit union call centers jumped 70% in 2022, to 1 in 974 calls.

The near-real-time settlement of FedNow transactions and the ability of payees to withdraw the funds immediately will attract crooks and raise the stakes for credit unions. That's one reason many credit unions are taking a wait-and-see approach and looking to plan now for FedNow fraud prevention before offering real-time transfers through the payment rail.   

According to FedNow, 400 of more than 10,000 eligible financial institutions, or 4%, have signed on since the July launch. 

Stay up to date with the latest fraud-related news on FedNow.

Only about 55 credit unions are on board, and among all adopters, many have set up to use the service solely to receive payments rather than both send and receive payments. Adopting FedNow is not mandatory.

Limits and rules

FedNow's built-in fraud-fighting functionality

Preventing FedNow fraud also requires understanding the features to prevent fraud that the payment rail has already included. For example:

  • Credit unions can limit the types of transactions they make available to members (e.g., allowing member businesses to make instant payments for payrolls but nothing else).
  • On top of transaction limits set by the network, credit unions can configure lower limits using institutional risk policies as a guide and adjusting the limit over time.
  • Financial institutions can set their own rules regarding which members or customers can send or receive transfers through FedNow.
  • Credit unions can create a “negative list” that provides routing numbers and accounts that should trigger a rejection of a transaction tied to a suspicious account at another financial institution.

"Accept without post" option

A critical way credit unions can prevent FedNow fraud is that staff investigating AML or fraud can hold funds or delay the availability of funds, perhaps even beyond Regulation CC requirements. They do this using the “accept without post” (ACWP) message outlined in FedNow’s operating procedures when responding to an instant payment. Accepting the credit transfer without posting allows the credit union to hold funds temporarily and delay availability when there are concerns about the legitimacy of the payment.

Here’s how an accept without posting response would work after receiving a message of an incoming instant payment in the event of suspected fraud:

Respond with ACWP

If the credit union’s screening software generates a match indicating the identified recipient is not entitled/permitted to receive the payment, the credit union can respond using ACWP. This status relieves the credit union of making funds immediately available to the member and provides a chance to investigate. Financial institutions will be able to request more details about the sender.

Meet the deadline for taking action

A credit union using the ACWP response has until midnight Eastern Time on the following standard business day to either reject the transaction and return funds to the sending institution or make funds available to the intended recipient.

Use PDNG if concerns remain

However, if by that deadline, the credit union remains concerned about the recipient’s entitlement to receive the payment and believes rejecting or approving it would be impermissible under applicable law, it could provide a status of pending (PDNG) to the FedNow Service sender.

Provide required updates to the sender's institution

The receiving credit union must provide a status update once the investigation is resolved or if the sender’s institution asks about the status.  

 

In other words, investigations must be conducted promptly to comply with Reg CC. They must meet the Federal Reserve Banks’ deadlines to either reject the transfer, return the funds, or make them available to the designated recipient.

Future fraud-prevention options in the works at FedNow

FedNow has also said it is considering adding the following additional fraud mitigation features in the future:

  • Giving institutions the ability to activate a “control setting” that rejects payments exceeding either a cumulative value or an established velocity limit over a certain period
  • Giving institutions the ability to leverage the FedNow Service network to monitor for aggregated concentrations of inbound or outbound transactions that might signal potential mule activity.

Credit union FedNow steps

Prepare for FedNow implementation and expected fraud

For credit unions seeking to prepare for FedNow transactions, the following actions can put you on track for optimal readiness for fraud across the institution.  

Understand FedNow and its differences from other payment processes.

The FedNow Service offers various educational resources, as do other industry groups. Staying attuned to these resources will help financial institutions learn more as more institutions roll it out.

Involve the right people to create a retail solution tailored to risk tolerance and customers or members.

As they do when offering any new product or service, financial institutions will control certain aspects of their FedNow instant payments offering. The AML and fraud teams’ input is key to safeguarding new banking products from fraud.

Spell out the details.

In developing the credit union’s FedNow product, determine:

  • When to begin using FedNow. Each credit union can set its implementation timeline.
  • How the credit union will use FedNow. Will it be for sending and receiving? For what purposes will using the network be allowed vs. restricted (e.g., making instant payments for payrolls but not for account-to-account transfers)?
  • How much can be sent. Will the credit union configure a lower transaction value limit? This can be adjusted over time using the institution’s risk policies as a guide.
  • Who can send or receive. Each financial institution can set its own rules and limits regarding FedNow payments. Review members using a risk-based approach.
  • How to accept, reject, or accept without posting. Credit unions would need to clarify their affected policies and procedures, especially those related to submitting an “accept without posting” status. Identify what occurs when ACWP is used and ensure compliance with Reg CC and FedNow operating procedures.

Careful product design is vital. “Even though FedNow is available 24x7x365, at the end of the day, the product being offered to the customer is a [credit union] product … and so the [credit union] gets to control how they’re going to offer that product,” Peter Tapling, a board advisor with the U.S. Faster Payments Council, said in a video interview with Information Security Media Group. Designing FedNow implementation with anti-fraud measures in place includes involving fraud and AML/CFT staff in product and capability planning, technology planning, and treasury planning.

Talk to technology partners.

Financial institutions must be able to connect to the FedNow Service, either through the core or another service provider. They will also need front-end services for members to initiate payments and receive payment requests. This can be either through their own online capabilities or an app. Analyzing incoming transactional data with robust fraud detection and AML systems is vital. Credit unions need fraud detection software capable of strong security measures, including cross-channel detection for evaluating transaction patterns across all payment types.

Review the credit union’s current tactics to fight fraud

Do you have robust user authentication methods? What are the procedures to prevent account opening fraud? Do you understand normal client behavior? Understanding normal client transaction behavior across channels and payment types helps fight fraud of all types. Collect and assess behavioral data continuously and continually verify customer contact information.

Consider boosting anti-fraud and AML/CFT protection.

Steps to increase fraud protection could include:

  • Adding suspicious accounts and aliases to a watch list to block potentially fraudulent transactions before affected funds leave or enter the institution.
  • Protecting your members and your credit union's reputation with fraud detection software tailored to meet your specific needs. Use a platform that provides enterprise-wide fraud case management to resolve alerts and cases quickly and efficiently.
  • Reviewing and considering additional security controls for account enrollment. If a credit union will support sending requests for payments, have the controls in place to ensure it’s a legitimate company or individual and a legitimate request.
  • Boosting security controls around how payments are initiated. FedNow officials have said such controls can include a pop-up message asking customers or members, “Are you sure?” before they execute the request to transfer funds.
  • Educating members and member businesses on preventing fraud when using instant payments such as the FedNow Service. Remind them of best practices for handling suspicious emails and the importance of secure passwords. Encourage them to enable account alerts and verify their contact information. Reiterate that credit union staff will never ask for login information over the phone, via email, or text. Urge businesses to have two-step approval processes for certain types of payments so they can pause and validate before sending funds. Explain the importance of having employees verify the legitimacy of someone claiming to be a supplier or biller who asks for a payment or a change to payment accounts.

Most importantly, consider from a strategic perspective when the right time is for implementing FedNow. The competitive environment may pressure credit unions to a sooner-than-expected implementation. Even so, aligning processes and procedures with the credit union’s risk level will allow it to stay ahead of fraud compliance requirements. As importantly, it will limit chances for bad actors to commit fraud against credit union members.

Stay up-to-date with other AML/CFT hot topics. Listen to this on-demand webinar about what financial crime professionals can expect ahead.

keep me informed Watch On Demand
About the Author

Mary Ellen Biery

Senior Strategist & Content Manager
Mary Ellen Biery is Senior Strategist & Content Manager at Abrigo, where she works with advisors and other experts to develop whitepapers, original research, and other resources that help financial institutions drive growth and manage risk. A former equities reporter for Dow Jones Newswires whose work has been published in

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.