Blog
February 25, 2026

Why US Banks Can't Wait for a Centralized Instant Payment Fraud Solution

Why_US_Banks_Can't_Wait_for_a_Centralized_Instant_Payment_Fraud_Solution
Compliance
Fraud
Michael Moon
Michael Moon
Author
Strategic Market Development
iPiD

In 2024, the UK implemented mandatory reimbursement rules for Authorized Push Payment (APP) fraud. Banks would absorb the cost of scam losses even when customers had technically authorized the transactions, a shift that directly reshaped APP fraud liability for banks.

The UK launched Faster Payments in 2008 without pre-transaction verification. APP fraud grew for over a decade, eventually overtaking card fraud at £485 million annually by 2022. Regulators responded with Confirmation of Payee (CoP) in 2020 and mandatory bank reimbursement in 2024, more than 15 years after the problem started. Instant payments without verification infrastructure led to unchecked fraud growth, followed by regulatory intervention that shifts liability to financial institutions.

The US is accelerating down the same path. FedNow launched in 2023. RTP adoption is growing. Both clear transactions in seconds without equivalent fraud prevention infrastructure designed to mitigate instant payment fraud risk.

Where the US Stands Today: FedNow and RTP Without Safeguards

RTP (Real-Time Payments) and FedNow are accelerating across the US financial system. Banks are connecting to instant payment rails. Payments clearing that once took days now happens in seconds. But there's no equivalent to the UK's CoP. No centralized pre-transaction payee verification scheme that binds participants to validate beneficiaries. No infrastructure to validate recipient details before funds move irrevocably and increasing exposure to FedNow fraud and broader instant payment fraud scenarios.

Meanwhile, Nacha is implementing enhanced fraud safeguards for batch ACH, the slower payment rail.  

Zelle, the bank-owned P2P payment network, has faced Consumer Financial Protection Bureau (CFPB) scrutiny for inadequate fraud prevention, before having the case dismissed. CashApp was not as fortunate being ordered USD 175 million in payments to redress consumer losses.  

The regulatory signal is unmistakable. When instant payment fraud becomes systemic, intervention follows, and that intervention increasingly means shifting liability to financial institutions, as seen in evolving debates around APP fraud liability for banks globally.

The Disconnect: Fastest Rails, Weakest Real-Time Payment Fraud Protection

ACH processes in batches, settles three times daily, and faces Nacha's enhanced fraud monitoring requirements (effective March 2026).

RTP and FedNow process instantly, with irrevocable payments executed in seconds and carry essentially no equivalent fraud prevention mandates to address instant payment fraud.

This is backwards from a risk perspective. The payment rails with the least time to detect fraud have the weakest prevention infrastructure.  

For banks and PSPs operating across multiple rails, this creates asymmetric exposure:

  • ACH fraud: Can be caught during batch processing windows and stopped before payment processing
  • Instant payment fraud: By the time it's detected, clearing and settlement have often reached finality

Your customers won't distinguish between payment rails when fraud happens. They'll hold their bank accountable regardless of whether it was ACH, RTP, FedNow, or wire.

Why the US Can't Just Copy the UK's Confirmation of Payee

The US banking system's fragmentation makes centralized solutions years away.

The UK has a handful of major banks. Coordinating a centralized fraud prevention system across that concentrated market was achievable (though it still took 12 years after Faster Payments launched).

The US has over 9,000 financial institutions. Three parallel payment systems (ACH Same-Day, RTP, FedNow) operate together with other closed loop services such as Zelle, CashApp, Venmo, Paypal and others. There is no central mandate for payee validation and no unified regulatory framework requiring real-time verification. New payment rails such as those proposed by stablecoin providers complicate the landscape further.

Building consensus across this fragmented landscape will take time. But instant payment fraud is accelerating now.

FedNow launched in 2023. RTP adoption is growing. Every month, more transactions shift from batch processing to instant processing. The window to bring fraud under control is closing now, not in a decade.

The Cross-Border Gap: Where US Banks Are Most Exposed Today

While domestic instant payment validation capabilities are "in development", cross-border payments represent an immediate, wide-open vulnerability. This is where the liability exposure is most acute and where cross-border payment fraud prevention remains weakest:

Why Cross-Border Payments Are the Widest Fraud Gap

  • No international Confirmation of Payee (CoP) equivalent exists. The UK's CoP validates domestic UK payments. It doesn't verify beneficiary details in the US, EU, Asia, or anywhere else.
  • SWIFT has limited payee validation capabilities. SWIFT routes payment messages between banks. It does not verify that the beneficiary's name matches the account number at the receiving bank.
  • Each country operates independently. There's no global directory. No unified validation standard. No cross-border verification infrastructure.

Yet banks process billions in international wire transfers daily with essentially no pre-transaction verification that payments are going to the intended recipients.

The BEC Attack Vector

Business Email Compromise (BEC) attackers specifically target this gap. The FBI reported $2.9 billion in BEC losses in 2023. A significant portion involves international wires, making BEC fraud prevention critical in cross-border environments:

  1. Attacker compromises corporate email
  1. Intercepts invoice from international vendor
  1. Substitutes fraudulent banking details (often a foreign account)
  1. Finance team processes "routine" vendor payment
  1. Wire clears internationally
  1. By the time fraud is detected, recovery is nearly impossible

Domestic misdirected payments are difficult to recover. Cross-border misdirected payments? Recovery rates are under 5%.

Corporate Clients Will Hold Banks Accountable

When a corporate treasury team loses $500,000 on a fraudulent international wire, they don't blame SWIFT's lack of validation infrastructure. They blame their bank for processing the payment without verification.

Nacha's 2026 rules explicitly place fraud monitoring responsibility on payment originators, but banks are the face of the payment system. When fraud happens, corporate clients expect their banks to have prevented it.

What Banks and PSPs Can Do Now  

You don't need to wait for a US-wide Confirmation of Payee system to start validating payments.

1. Prioritize Cross-Border Validation First

Domestic instant payment validation is coming (eventually). Cross-border validation infrastructure already exists but it's just not widely deployed.

Solutions exist today that verify payee details across 100+ countries in real-time:

  • Account number validation against receiving bank records
  • Beneficiary name matching
  • Routing code verification

iPiD provides exactly this capability for cross-border payments.  

Starting with cross-border validation also does the following:

  • Protects your highest-risk payment category immediately
  • Demonstrates proactive fraud prevention to regulators
  • Reduces BEC exposure for corporate clients
  • Positions you ahead of inevitable liability shifts to occur in domestic payments

2. Build Validation Into Payment Workflows Now

Don't treat validation as a separate fraud-detection step. Integrate it into existing payment processing:

For corporate banking clients

  • Real-time validation at payment initiation
  • Automatic flagging of name/account mismatches
  • Clear exception handling for validation failures

For treasury platforms

  • Pre-transaction verification before batch submission
  • API integration with payment systems
  • Validation reporting for compliance documentation

For PSPs and fintechs

  • Validation embedded in payment APIs
  • White-label validation for client platforms
  • Risk scoring based on validation results

3. Position Validation as Risk Management, Not Cost Centre

The UK banks that resisted Confirmation of Payee investment in 2008-2018 are now absorbing mandatory reimbursement costs. That's the expensive way to learn.

The cheaper approach is to invest in validation infrastructure before regulators force liability shifts.

The business case is straightforward:

  • Average BEC loss per incident: $125,000 (FBI data)
  • Cross-border recovery rate: <5%
  • Cost of pre-transaction validation: Pennies per transaction
  • ROI: Preventing a single fraud event pays for thousands of validations

Banks that build validation capabilities now will have:

  • Lower fraud losses when liability shifts arrive
  • Competitive advantage in corporate banking
  • Existing infrastructure when domestic validation mandates arrive

The Regulatory Clock Is Ticking

The CFPB is initiating a broader regulatory response to instant payment fraud. See for example how the CFPB ordered CashApp’s owner to pay USD 175 million towards consumer redress of losses.

Nacha's 2026 fraud monitoring rules signal the same direction with enhanced fraud prevention requirements. The pattern from every other market is consistent and knowable:

  • Instant payments launch
  • Fraud explodes
  • Regulators intervene
  • Banks absorb liability

The US won't be different. The only question is timing.

Cross-Border Validation: The One Part You Can Control Now

You can't control when the Fed builds a domestic Confirmation of Payee system. You can't control Nacha's rulemaking timeline. You can't control when regulators shift instant payment fraud liability to banks.

But you can control whether you validate cross-border payments before processing them. The UK's mistake was assuming fraud prevention could come later. The US banks learning from that mistake are acting now.

Get ahead of the liability shift and see how validation integrates into your existing payment workflows.

References

  • UK Finance - Annual Fraud Report 2023 (2023)
  • Consumer Financial Protection Bureau - CFPB Proposes Rule to Protect Consumers from Fraud on Payment Apps and Digital Wallets (2024)
  • National Automated Clearing House Association - Risk Management Topics (2024)
  • Federal Bureau of Investigation Internet Crime Complaint Center - 2023 Internet Crime Report (2024)
  • UK Finance - Confirmation of Payee: Preventing Misdirected Payments (2021)
  • The Clearing House - Real-Time Payments Network Statistics (2024)
  • Federal Reserve - FedNow Service Launch Announcement (2023)

Schedule a demo

Simplify Payments with KYP

iPiD, a global Know Your Payee (KYP) verification provider, empowers financial institutions and corporations to minimise fraud and enhance compliance worldwide.
Get a demo
Home
Verification of Payee
Confirmation of Payee
Global Validation
Solutions
Request a demo
Whitepapers
Events
News
Blog
About
Careers
Contact
50 Southeast Asia Tech Startups to Watch
Certified CoP Aggregator
Marketplace
© 2025 iPiD. All rights reserved.
Privacy Policy
International Payments Identity (iPiD) Pte. Ltd.
iPiD company logo
We use cookies to enhance your browsing experience, serve personalised content, and analyse our traffic. By clicking “Accept all,” you consent to our use of cookies. View our Privacy Policy for more information.
Deny
Accept all