Though beneficial for credit unions and members alike, the opportunities presented by immediate payments raise questions about the potential risk and fraud involved. Last month’s article (part one of two) focused on answering the following question: What levels of fraud are we seeing in immediate payments? As mentioned in part one, questions on fraud are some of the most frequently asked questions from credit unions. Today’s article dives into how to manage fraud for both types of participant profiles on the new immediate payment rails: Receive only and Send/Receive.

Fortunately, the RTP® network and the FedNow® Service have system fraud controls to aid your financial institution’s risk management. Based on the type of participant profile you choose, both payment rails allow your credit union to structure your financial institution’s immediate payment program to meet your risk appetite, just as you do today with wires and ACH. Let’s review those profiles now.

Managing fraud with a Receive profile

Most financial institutions start their immediate payments program on a Receive profile. This profile requires the smallest lift to get started and poses the least risk to your institution. The Receive profile has the least risk because immediate payments use a credit-push model, which ensures the funds your members are receiving are good funds (limiting settlement risk). The credit-push model is what gives financial institutions the assurance that received payments can be made immediately available to their account holders. A good tip to keep in mind here is that since many fraudsters are on the receiving end of a transaction, it’s important to have a robust Know Your Customer (KYC) process in place. ID verification technology will also help protect your institution from bad actors.

In addition, your credit union will need to create policies and procedures in the instance of a Request for Return message. Though immediate payments are irrevocable, money can be returned. Another way to think about it is that transactions are final and cannot be reversed, but the money sent in a transaction can be returned. Returning the money would be a separate transaction and would not necessarily have to be returned via an immediate payment; your credit union could use ACH, wire, or check.

Managing fraud with a Send/Receive profile

In contrast to credit unions that are Receive only, credit unions using the Send/Receive participant profile have a few extra things to think about. For example, before a member sends a transaction, you want them to authenticate into your payment system and verify their identity. I mentioned this in last month’s article, but it bears repeating that your credit union should tailor individual member transaction limits according to the risk they pose, just as you do with ACH and wires today. The goal here is to extend the fraud mitigation and protection strategies you already have in place with wires and ACH to your immediate payment program. In addition, consider how you can use messaging and/or alerts in your Send experience to educate/warn users of scams and/or to take a moment to pause and verify payment details.

Once your credit union is ready to evolve to the Send/Receive profile, there will be new opportunities for growth. This profile enables your members to access the other side of the P2P and A2A transactions, allowing them to send money in real-time. But sending payments isn’t just for consumers; businesses, including credit unions, have a lot to gain in this space as well. In fact, 85% of business leaders see access to immediate payments as the most important factor in choosing a financial partner. And 41% of U.S. businesses use immediate payments in some capacity.

Taking steps to mitigate potential fraud

As a reminder, fraud is minimal on the RTP network, according to the data reported in last month’s article. Credit unions are faced with the same fraud scenarios that are relevant to other payment channels with immediate payments, too. But even though the threat is minimal, we should still take steps to protect our members and our credit unions. As previously mentioned, some of these steps include the following:

  • Educate our staff and members on the threat of fraud and scams.
  • Help our members understand the threat scams pose because under Reg E there are few protections against authorized fraud.
  • Implement a robust KYC program and utilize strong authentication and ID verification tools.
  • Provide system-wide messaging and alerts to help keep members safe and on their toes.

We understand that the complexity of implementing a new payment rail and managing the potential associated risks can seem overwhelming. As there is no “one size fits all” model, each credit union will need to decide on the path that fits best within their credit union’s immediate payments journey. Corporate One is here to help you determine how to best access the new payment rails and provide guidance and support for connecting and managing your funds in a 24/7/365 payment environment.

I encourage you to visit our Real-Time Payments Info Center for more information and educational resources. You are also welcome to reach out to me at 866/MyCorp1 or via to have a conversation about the next steps in your immediate payments journey.