When a shopper is tricked into making a fraudulent purchase, they expect recourse from their financial services provider. These guardrails are one of the reasons credit cards have become predominant in the U.S.—not only can consumers dispute charges after the fact, but many issuers proactively alert users when suspicious activity occurs.
Similar protections exist for ACH payments, but they are largely a function of the lag between payment initiation and settlement. With real-time payments, such as those facilitated by FedNow and the RTP network, this buffer disappears.
As both systems gain traction, particularly in B2B use cases, fraud prevention strategies must evolve to address payments that are instant and irreversible.
In a recent PaymentsJournal podcast, Darren Beyer, Chief Product Officer at Qolo, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how the convergence of faster payments and increasingly sophisticated fraud is fueling a full-scale redesign of fraud prevention architecture. It has also placed a demanding onus on financial institutions to implement highly precise risk controls while preserving the customer experience.
The Window Is Closing
As faster payments erode the traditional safety net around transactions, institutions must shift fraud detection to earlier stages of the payment process. In the past, organizations benefited from extended review periods, during which funds could be reversed if necessary. That capability is quickly becoming a thing of the past.
“In the world of instant payments, specifically around RTP and FedNow, you’ve got an instantaneous movement and settlement of money. And that’s where the problem lies, because there’s no longer time to pull this stuff back,” Beyer said. “There’s no window where you have an ability to say, ‘I really didn’t mean to send it’ or ‘I fat-fingered this particular account number.’”
“With that gone, it’s less of an opportunity for the people sending payments to fix problems, and that opens the window for fraudsters,” he said.
In this environment, striking the right balance between strong fraud prevention and a seamless customer experience is difficult, especially given the high expectations shaped by card and ACH transactions.
These challenges are accelerating the need for real-time decisioning, where firms analyze multiple data points to assess payment risk before processing. However, achieving high decision accuracy will likely require introducing some level of friction. While this may feel new in the context of real-time payments, methods like multi-factor authentication are already familiar to both banks and customers.
“Every time I log into YouTube, I get a six-digit one-time passcode,” Beyer said. “If I have to do that for YouTube, why is my financial institution not making me do that? They do when I log in, but if I’m doing a big payment out, shouldn’t the same thing be happening? Isn’t the ‘friction’ of getting a one-time passcode worth the extra two or three seconds it takes to put that into the website? I think the answer is yes.”
The challenge lies in applying the right amount of friction in an emerging payments model. This is where step-up authentication plays a key role. It allows institutions to adjust controls, enabling low-risk payments to proceed smoothly while subjecting higher-risk transactions to greater scrutiny.
Even so, introducing any friction into the customer journey can raise concerns for financial institutions.
“There has been an assumption that strong security will ruin the customer experience, but Javelin has found that good security can improve trust and adoption of certain payment channels and methods and new technologies,” Sando said. “Consumers and businesses want to know that their accounts and their money is protected and that they can trust the institution and the organizations that they choose to do business with.”
The Widening Technology Gap
Implementing safeguards that remain invisible to legitimate users yet highly effective against bad actors is no small feat, but the tools to optimize this balance are rapidly improving.
Artificial intelligence has been instrumental in advancing these capabilities, as it has across nearly every sector. However, many financial institutions have lagged in adopting these technologies.
“This is a scenario where it’s so rapidly changing the industry but the traditional players—processors and banks who are operating under a regulatory environment and are operating under an environment where you can’t inhibit people from getting access to their money—they have all these constraints,” Beyer said. “Fraudsters don’t, and they can just start playing with all these great new AI tools.”
“There’s always been a gap,” he said. “Fraudsters have always been ahead of the financial institutions and the processors, and the reason for that is they’re more nimble; they’re able to get things done quicker. If you didn’t have that gap, you wouldn’t have fraud.”
Unfortunately, this gap is not only persistent but widening. Rapid advancements in generative AI and the emergence of AI agents have enabled cybercriminals to scale both the speed and scope of their attacks.
“Bad actors can adopt those technologies quickly, and they’re incredibly creative. I don’t want to give them applause for that, but they’re incredibly inventive in the way that they take risks to use new technology,” Sando said. “It’s difficult for FIs to keep pace when it comes to the adoption of any innovation.”
“It’s no surprise that AI is a problem for criminal manipulation,” she said. “But we also know that it’s a huge asset for financial services that they could make great use of in terms of automating certain aspects of the customer experience. Or even the employee experience, for things that maybe used to be a manual review of transactions, or typical tasks that were completed during fraud investigations.”
Buttressing the System
AI has quickly become central to modern fraud defenses, given its ability to detect anomalies across massive datasets. However, the rise of real-time payments is fueling the demand for intelligent infrastructure that can function as an authentication layer within the payment flow.
This is especially critical in commercial environments, where overly restrictive controls can lead to false declines or delays—issues that can quickly escalate into serious operational and reputational damage.
Ultimately, faster payments are not just driving the need for better technology, they are forcing financial institutions to rethink their entire approach to fraud prevention.
“The organizations that are succeeding in instant payments are going to be the ones that can make the competent decisions on risk just as quickly as that money is moving in that real-time setting,” Sando said. “Fraud detection isn’t just this back-office function anymore, that just happens in the background without real knowledge of it. You have to highlight fraud detection because it’s now a critical piece of the payment experience.”
This shift in mindset is essential. The fraud threat is not going away, but institutions can take advantage of one constant: the pursuit of easy money often leads criminals down the path of least resistance.
“Fraudsters are always going to find a way, but they are fundamentally no different than anybody else in business,” Beyer said. “They have an ROI, their time is valuable, and they’re going to go where they can make the most out of their time. If your bank or your processor is tougher to get through than your neighbor’s bank or processor, they’re going to go to your neighbor.”
“Make your buttress, your fortress, your castle gate—all the armor that you’re going to put around your system. Make that better than your competition and they’re going to go to your competition,” he said. “You’re never going to get a 100% fraud-proof system. Fraudsters will always be ahead, but if you can make yourself better than the people around you, then you’re not going to be the target, they are.”
[contact-form-7]
The post Instant, Irrevocable Payments Demand a Fraud Prevention Reboot appeared first on PaymentsJournal.
