America loves its fast money. Two years after launch, the FedNow Service counts more than 1,000 participating financial institutions and now clears over a million payments a day, thanks in part to a February rules change that lifted the single-transaction ceiling to US$10 million. Yet the same rail that lets wages settle in seconds is turbo-charging “authorized-push” scams and mule-account fraud. Consumer losses tied to real-time and ACH transfers hit US$158 billion in 2023, the Financial Times estimates—nearly the size of Portugal’s GDP.
Federal banking regulators have taken notice. On June 16, 2025 the Office of the Comptroller of the Currency, Federal Reserve Board and FDIC issued a 35-page Request for Information (RFI) asking banks, fintechs and the public for “specific actions” that could blunt fraud across checks, ACH, wires — and instant-payment rails like FedNow and The Clearing House’s RTP. Comments are due September 18, giving the industry a 90-day window to help write the first national anti-scam playbook of the real-time era.
What the agencies are looking for
The RFI lists five buckets where regulators might intervene:
- External collaboration. Should operators create a shared negative-account list or a “do-not-originate” registry for scam phone numbers?
- Education. How can the government nudge big-tech ad platforms—where many fraud journeys start—to run scam warnings in real time?
- Regulation & supervision. Would mandatory reimbursement, modeled on the UK’s incoming APP-fraud rules, reduce losses or simply raise fees?
- Data sharing. Do U.S. privacy laws need tweaking so banks can exchange red-flag metadata without running afoul of Gramm-Leach-Bliley?
- Operator tools. Should FedNow embed a name-match API before funds leave a payer’s account?
Reading between the lines, the agencies are asking whether the United States should copy the “confirmation-of-payee” (CoP) controls that Europe and Australia now treat as table stakes.
Name-match is suddenly global best practice
Australia’s banks rolled out a nationwide CoP overlay that flashes a green/amber/red match for every BSB-and-account transfer. Early pilots persuaded customers to abandon or edit 31% of suspect payments on the spot.
Europe is going further. The EU’s Instant Payments Regulation mandates that all euro-area payment providers run verification-of-payee checks by 9 October 2025—a legal deadline that has already pushed Belgian banks live this month.
If Washington wants FedNow and RTP to interoperate seamlessly with European counterparts—or just to stem a flood of scam money hopping offshore—it will need a comparable guard-rail. The RFI’s repeated nods to “name-match solutions in peer jurisdictions” suggests regulators know the clock is ticking.
Liability shift or data fix?
Advocates for UK-style mandatory reimbursement argue that nothing changes bank behavior faster than forcing them to pay when customers are duped. But U.S. institutions fear a blunt liability regime could mirror the credit-card chargeback nightmare, pushing up fees and throttling adoption. The agencies’ wording hints at a compromise:
- First, build infrastructure—shared fraud-data pipes, standardized name-match APIs.
- Then, revisit liability once tools exist to keep losses within actuarial norms.
Behavioral biometrics firms such as BioCatch welcomed the approach, noting in a blog post that the RFI “may be the most significant U.S. action on consumer scams in five years” because it couples carrot (better data) with stick.
FedNow’s adoption paradox
FedNow’s growth is both its superpower and its weakness. Joint data from the Federal Reserve and U.S. Bank show the network’s daily volume has doubled since Q4 2024, while median ticket size hovers near US$780—prime territory for invoice-redirection scams. Yet only about 20% of banks have switched on receive-only mode, and fewer still let consumers initiate outbound payments.
Lobbyists argue that piling new compliance mandates onto a rail still in the “chicken-and-egg” phase could freeze adoption. Regulators counter that trust is a prerequisite for scale: if early users lose money, word-of-mouth will kill momentum faster than any rulebook.
Ideas on the table
Stakeholders have already floated fixes in early comment letters:
- CoP-lite via Open Banking. The Clearing House proposes repurposing existing ACH account-validation endpoints for name-match on faster rails, limiting cost.
- Real-time sanctions screens. FinCEN is exploring whether the existing 314(b) information-sharing safe harbor can cover scam indicators as well.
- Fraud ring fencing. Regional banks want FedNow to automatically quarantine funds for 60 seconds—a micro “regret window”—giving senders a chance to hit undo.
- Consumer-opt-in velocity limits. Several credit unions suggest a default daily cap for new payees that resets only after a 24-hour cooling-off period.
Expect the debate to crystallize around two poles: shared data plumbing versus legal liability. Europe has chosen both; the United States may try the plumbing first.
What happens after 18 September?
The agencies say they will “assess whether any actions, individually or jointly, are warranted.” Translation: options range from soft guidance to a formal rulemaking that could land sometime in 2026—just as FedNow’s next wave of mid-tier banks comes online.
If Washington opts for a mandatory name-match overlay, software vendors that already power CoP in the UK and EU will see a greenfield U.S. market. If it chooses liability instead, expect bruising lobbying from banks arguing that forced refunds could add billions in annual costs.
Either way, the RFI signals a policy shift: instant payments are no longer exempt from the consumer-protection spotlight. The freewheeling early years are over; the compliance era has begun.
The bottom line
The OCC’s crowdsourcing exercise puts the United States on a decision path familiar to regulators abroad: build anti-fraud guard-rails now or risk a backlash later that could slow real-time payments to a crawl. Australia’s experience shows a simple name-match check can neutralize a third of scams overnight. Europe will make such checks compulsory next October.
If FedNow and RTP want to remain competitive—and interoperable—Washington has about 15 months to catch up. The comment letters flooding in before 18 September will reveal whether the industry prefers shared data pipes, liability shifts, or both. What they decide will shape the trust equation for America’s instant-payment future.
One thing is certain: in a world where money moves at the speed of a text, the defenses must operate at least as fast.