Faster Payments, Faster Criminals: Guarding Against Cybercrime in an Instant Payments World
November 5, 2025
By David Bryant, SVP, Chief Information Security Officer, Velera
Payments are moving faster than ever. But so are cybercriminals, who are gaining speed and efficiency through the use of artificial intelligence to create scams that are nearly indistinguishable from reality.
Real-time payment systems and money transfer apps are making the movement of money quicker and easier than ever before – but their speed, finality and always-on availability are proving to be extremely attractive to scammers.
- Speed – Clearing and settlement occurs almost immediately, minimizing the timeframe to detect fraud and stop fraudulent payments from processing.
- Finality – Immediate settlement equates to immediate irrevocability, with funds available for the payee to withdraw.
- Always on – Instant payments operate on a 24/7/365 basis, giving fraudsters the opportunity to attack at any time. That means that fraud detection must occur continuously, with processes or controls in place to act quickly.
Criminals exploit the unique attributes of instant payments by staging what is known as “authorized push payment” fraud, in which victims are tricked into willingly sending money to attackers posing as legitimate contacts. AI-powered deepfakes have made authorized push fraud infinitely easier to perpetrate. Using voice cloning and video impersonations, criminals trick people into believing that a trusted friend, family member or even an employer is asking for money or sensitive information. These scams are increasingly convincing, often delivered with urgency to pressure victims into acting quickly.
Other scams rely on building trust over time. In so-called “pig-butchering” schemes, fraudsters strike up online relationships – whether romantic or investment-related – and slowly persuade victims to invest in fake platforms or hand over funds, often through instant payments. These scams can run for weeks or months, making the eventual loss even more devastating.
The Guardrails: Minimally Invasive but Effective
Guarding against instant payment fraud presents a particular challenge: Members like instant payments for their convenience, immediacy and 24/7 access – which criminals favor as well. Therefore, guardrails must be minimally invasive, but effective and always-on in a financial world that never sleeps.
Consider an account-to-account transfer from a member’s checking account to their own savings account within their credit union. Both accounts are owned by the same member, and the funds never exit the financial institution – also known as a “book transfer.” There is very little risk in this transaction, and internal guardrails are effective and non-invasive.
If that same member “pushes” funds from their checking account to a beneficiary at a different financial institution, the potential risk factors just increased significantly – especially if delivered instantly, as that transaction is final and irrevocable. If the payment is legitimate, slowing it down or pausing it may feel too invasive for the parties. But if it is not legitimate, the parties will certainly welcome the minimal friction in the process, which prevented those funds from disappearing.
Depending on the cybersecurity capabilities of the payments provider, transactions can be protected by continuous AI monitoring of account activity to assess risk in real time, enabling them to respond immediately to suspicious activities. Machine learning algorithms can analyze large datasets and behavioral biometrics (like typing patterns and mouse movements) to detect fake identities and stop the transaction in its tracks.
To help protect their own members, credit unions can set transaction limits for some or all members to minimize risk. Also, with the FedNow system, credit unions can use the “Accept Without Post” feature to hold funds temporarily and delay their availability when fraud is suspected, allowing time for further investigation.
Members, of course, also hold responsibility for protecting themselves. With instant payments fraud, as with all other types of fraud, staying informed is one of the most effective defenses we have. If your credit union is offering a real-time payments solution or money transfer app, educate members by reinforcing the risks of “speed, finality and always-on.” Include in your message:
- When using instant payments, double- and triple-check the receiver’s information before clicking Send.
- Be skeptical of unexpected requests, even if they appear to come from someone you know.
- If a financial decision is framed as urgent, pause and verify before acting.
- Report fraud immediately. If you are the victim of a scam, notify the credit union as well as the FBI’s Internet Crime Complaint Center at ic3.gov.
- Protect your accounts with strong, unique passwords and enable multi-factor authentication wherever possible.
Cybercriminals may be adopting sophisticated new tools, but awareness and healthy skepticism remain powerful defenses. If you offer instant payments to your membership – or are considering offering instant payments or money transfer apps – talk to the experts to make sure your platform is secure and make sure your members are well-informed. Even though instant payments are designed for convenience and immediacy, they must be protected through a multi-layered approach to cybersecurity.
To learn more about Velera and the solutions they offer, connect with the GoWest Solutions Team today.
Posted in GoWest Solutions, Top Headlines.
Brittanie Bonanzino
AVP, Communications
Washington
Phone: 509.218.1192
Toll-free: 800.995.9064
Alyse Knudsen
Manager, Communications
Oregon
Phone: 971.450.5660
Toll-free: 800.995.9064
Madlynn Schreibvogel
VP, Public Relations
Colorado
Phone: 303.513.3765
Toll-free: 800.995.9064