Technology Archives - Wisconsin Bankers Association

Posts

Understanding the Impact of Quantum Computing and AI on Cybersecurity

By Rob Foxx

The topics of quantum computing and AI are often new and confusing—and unfortunately, they haven’t been well explained to many people. However, these technologies are already changing the ways in which attackers gain access to systems and data.

According to a recent report by Mimecast, 95% of breaches are caused by human error. This staggering figure highlights the critical importance of training your staff as a core part of any cybersecurity strategy. These errors typically occur because someone or something appeared legitimate enough to prompt user action. This allows attackers to bypass most traditional security controls, since the malicious action is performed by an authorized user. As technology continues to evolve, we can expect human error to play an even greater role in future breaches.

How Quantum Computing Changes the Game
Before diving into its implications, it’s important to define what quantum computing actually is. Traditional computers use binary logic, representing data as either a 1 or a 0. In contrast, quantum computers leverage qubits, which can represent 1 and 0 simultaneously through a principle called superposition. This allows quantum computers to evaluate many possibilities at once, significantly accelerating complex computations.

While quantum computing demands more power and specialized hardware, its speed poses a serious threat to current cybersecurity defenses. For example, tasks like reversing a hash (e.g., an encrypted password) — which would take traditional computers days, weeks, or even years — can potentially be performed in a fraction of the time using quantum technology.

Quantum computing can also enable more sophisticated malware, especially under ransomware-as-a-service models, and may dramatically accelerate the discovery of zero-day vulnerabilities — making patching and proactive defense more critical than ever.

The Role of AI in Evolving Threats
Artificial Intelligence, at this point, should be a familiar concept. AI consumes vast amounts of data, analyzes it, and uses that as a foundation to learn, reason, and solve problems. While it’s far from perfect, AI has become a powerful tool — especially for bad actors.

Cybercriminals are now using AI to improve their research, enhance targeted phishing, and execute more convincing social engineering attacks. With access to better, more personalized data than ever before, AI-generated threats can appear highly authentic — even to seasoned users.

Additionally, AI can be used to create ransomware faster, with greater effectiveness, and with less technical skill required than in the past. These advantages make AI an indispensable tool for attackers — and a growing concern for defenders.

What You Can Do
The most important thing you can do today is educate your team and ensure you have access to cybersecurity experts who can help manage these risks. Strong security practices are more critical than ever, including:
• Longer passwords, as recommended by National Institute of Standards and Technology (NIST)
• Multi-factor authentication (MFA) for system access
• Continuous logging and review of activity within your environment

In addition, legacy tools are no longer sufficient on their own. Many environments now require upgraded solutions, such as:
• Next-generation antivirus (NGAV)
• Managed Detection and Response (MDR) services from providers like Cynet 360, CrowdStrike, and SentinelOne

These solutions can analyze logs, detect threats, and issue alerts far more quickly than human analysts ever could. They typically cover:
• User behavior analytics
• System and process monitoring
• Network traffic inspection
• File and endpoint analysis

Most importantly, these tools are also AI-powered, allowing them to defend against AI-driven attacks using similar technology. In the rapidly evolving cybersecurity landscape, staying ahead means adopting the same tools and techniques your adversaries are using — and doing it before they do.

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

July 18, 2025/by Katie Reiser

News, Resources

Charles Potts: Turning Strategy Into Success With the Right Tech

By Charles Potts, ICBA’s executive vice president and chief innovation officer.

In the current economic environment, your bank’s strategy is worth its weight in gold. Coming out of a little bit of rate malaise and deposit liquidity challenges, today’s environment delivers much more potential. In fact, the next couple of years provide the opportunity for banks to grow through their technological investments.

When it comes to broadscale business growth, community banks typically have three buttons they can push: 1) reduce costs, 2) increase revenue and profits, and 3) become more efficient and effective.

Technology can help bankers achieve all three goals, but it’s your strategy that will guide you to the right technological solutions to achieve your vision. For instance, if you’re looking to acquire new accounts, consider how your digital transformation initiatives can support you in delivering a more seamless, frictionless customer experience. How can technology help you create a consistent environment across channels, including digital, mobile, ATM, call centers and more?

If you’re striving to reduce costs and make your bank more efficient and effective, explore how artificial intelligence (AI) can provide that support. How can AI shore up back-office operations, simplify risk monitoring and even ease customer interactions?

We are in an era where technology complements community banking more than ever before. So, embrace how new partners and solutions can help your bank’s business vision become a reality.

But to reap those rewards, community bankers must start from a firm foundation. You have to step back and look holistically at your place in the market landscape. Who are you competing against? Where is deposit leakage happening?

Answering these questions requires another technology foundation: strong data. To get the information you need, you have to be able to analyze customer insights to make smart decisions. A data-centric approach will allow you to uncover the holes in your offerings, whether they are payroll, brokerage/wealth management, peer-to-peer, payments apps or something else. You will be able to determine where your bank customers are moving money, identify a short list of features, and target solutions you can bolt into your existing product suite to respond to those needs.

Resources exist to cull that data and drive decisioning. Take a look at ICBA’s ThinkTECH Accelerator alumni (icba.org/innovation) and Preferred Service Providers (solutions.icba.org) in the data space. Many of them are already primed to help you realize your strategic next steps for technological investments.

Because in today’s landscape, technology matters. Your bank’s strategy may very well be your golden ticket, but it’s your technology stack that will provide the Midas touch. With the right, data-backed strategy in place, community banks can ensure that all that technologically glitters really does turn into customer gold.

Potts will be speaking at WBA’s Innovation Showcase on September 22, 2025, in Wisconsin Dells.

July 9, 2025/by Katie Reiser

Member News, Uncategorized

Safe Internet Browsing Tips to Keep Your Bank Secure Online

By Alex Hinsch, Technical Account Manager, Locknet Managed IT, A WBA Associate Member

Community banks in the Midwest are increasingly targeted by cybercriminals due to their limited IT resources, making them vulnerable to phishing attacks, malware, and data breaches. Implementing secure web browsing practices across the workforce can be one effective tool to help protect your organization. Below are essential tips to safeguard your organization from cyber threats.

Understanding Secure Web Browsing

Secure web browsing involves practices that protect corporate information, privacy, and data from cyber threats like phishing scams, malware, and data breaches. By adopting these strategies, community banks can mitigate risks and ensure a safer online environment for their operations.

Top Ten Safe Internet Browsing Tips for Community Banks

1. Implement a secure web gateway: Secure web gateways filter malicious websites, prevent access to dangerous content, and block malware, serving as the first line of defense against online threats.
2. Educate employees on phishing and social engineering: Regular cybersecurity awareness training can help employees identify suspicious emails, avoid clicking on unknown links, and verify website authenticity before entering credentials.
3. Enforce strong password policies and Multi-Factor Authentication (MFA): Use strong, unique passwords for each online account and enable multi-factor authentication (MFA) for all business accounts to add an extra layer of security.
4. Use secure and updated browsers: Ensure that all company devices use the most secure internet browsers with automatic updates enabled. Opt for browsers with built-in security features and options to block suspicious websites.
5. Restrict access to risky websites: Implement content filtering policies that restrict employee access to high-risk websites, including those associated with gambling, adult content, and pirated software.
6. Deploy endpoint security and antivirus software: Equip all company devices with reputable antivirus software that includes real-time scanning, web protection, and automatic updates to detect and block cyber threats.
7. Encourage the use of Virtual Private Networks (VPNs): For remote employees or those working from public Wi-Fi networks, use a company-approved VPN to encrypt internet traffic and prevent hackers from intercepting sensitive data.
8. Limit administrative privileges: Grant administrative access only to essential personnel to minimize the risk of malware installation and unauthorized changes to security settings.
9. Monitor and log web activity: Regularly monitoring employee web activity can help identify potential security risks. Use web filtering solutions and endpoint security platforms to track internet usage and detect suspicious behavior.
10. Establish a clear internet usage policy: A well-defined internet usage policy sets expectations for employees regarding safe web browsing habits, outlining guidelines on acceptable website usage, prohibited activities, and consequences of violating security protocols.

Final Thoughts on Secure Web Browsing

Implementing these safe internet browsing tips can significantly reduce the risk of cyberattacks. Prioritizing secure web browsing protocols, employee education, and proactive security measures can go a long way in protecting your bank. Foster a culture of cybersecurity awareness to create a safer digital environment for employees and customers alike.

May 21, 2025/by Katie Reiser

News

AI Governance

By Rob Foxx

In the past few years, our world has turned a corner with new trends in technology. Unless you have been living a simpler and happier life than the rest of us you have either had an encounter with or conversation about Artificial Intelligence (AI). There has been a lot of talk and speculation about what that means for the work force. Will it replace traditional workers? Will it bring about the end of all things? Or something in the middle? Knowing the extent of its capabilities is important to its implementation. More importantly, how will we manage, limit, and protect ourselves from AI and its implementation? One of the best ways to answer these questions is with AI Governance.

AI is a wonderful tool. It is capable of completing work in just seconds that would normally take humans hours or days. AI can draft legal documents, policies, emails, and so much more ranging from the extraordinary to the mundane. This is not to say you can remove your work force. You could ask AI to explain how to perform a heart transplant in detail as if it were explaining it to someone with a 3rd grade education, and it will. Does that mean you should perform said heart surgery? Consider if it is something you could not do without AI, it’s something you should not do with AI.

Advanced AI already exists in the workplace and if it is not there it will be shortly. Windows 11 comes with copilot by default, and unless you disable it, copilot will be both accessible and collecting data in the background. Nextgen antivirus suites run on AI. Chat GPT and other AI engines are accessible from a web browser. Keep in mind these technologies are higher risk and lower maturity than your typical application.

How do you know who or what to trust? A good perspective to consider is if you are not buying goods or services then you likely are the goods being purchased. Your vendor provided services will usually specify items in the contract that should be things considered when risk assessing. These contracts should be reviewed with AI and privacy as a consideration. What data is collected? How will it be used? Will it use personally identifiable information? Will it gather critical or sensitive business data? It is even possible it will do this unintentionally? Another consideration is how AI is trained. AI is given data to train and learn from, but raw data may have a bias. AI, like anything else, can be inaccurate or even wildly wrong if it has too much or not enough information. AI can make a guess; this has been referred to as AI hallucinations.

For good management of AI consider restricting use of company approved tools. Always classify and protect your internal data. Know your risk and what you will accept. Define as an organization the proper use of AI tools. Allow for reporting of suspicious activity. Communicate your stances as an organization to your employees.

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

January 16, 2025/by Katie Reiser

News

Was the CrowdStrike Incident a Fluke or the Beginning of a Trend?

By Rob Foxx

On July 19, 2024, CrowdStrike pushed out an update to their customer base that disabled an estimated 8.5 million computer systems across the world. This not only damaged their reputation, but it also sent fear and uncertainty into those businesses that utilize IT services. This single event cost about $5.5 billion in damages and business loss.

The real question is who can be affected by an event like this. The short answer is anyone who uses any products or services that can affect the system files of a computer. This includes Microsoft Windows automated updates, antivirus, remote configuration tools, and many others. For those who are not familiar with the previously mentioned list you have several of these on any given business computer.

So why do we not hear about events like this more often? The reality of the situation is these events happen every day. Windows updates pushed out by a managed service provider that removes all network drivers, thus disabling the connection to the login service rendering a computer useless, was my personal CrowdStrike. This happened several times over the course of a month, anti-virus similar to CrowdStrike that disables use of business-critical software or core access. An update to Windows that prevents backup software from running correctly. These have all happened. Most people have never heard of these events as they did not have a worldwide impact or cost billions of dollars in losses. CrowdStrike made news because of their wide adoption as they offer a service only a handful of other companies do.

So how do I protect my organization? The only 100% means of protecting your computer environment is to power it down, unplug it, and bury it in concrete. Business, however, runs on acceptable risk, so let us look at what could help lower your risk and impact. During the course of onboarding or reviewing a vendor for contract renewal, you can verify or request that they add in testing criteria before sending out updates. Comparing vendor services with an RFP (Request for proposal) can identify whether a service fits your needs. Several similar companies allow for the designation of a test group which includes a sampling of computers across your organization. This group should fill all the key roles to running your enterprise and test for a week or more before the updates are pushed to the rest. Perhaps one of the best means to protect yourself is to have knowledgeable IT on staff or as an on-call vendor. The fix to restore CrowdStrike would take per computer less than 10 minutes at a keyboard. A little longer if the computer has BitLocker or other similar protections in place. A good recovery plan and continuity for running on alternate systems can also save quite a bit of recovery time.

I do believe there will be more events like the CrowdStrike outage, especially given how large some services grow to global offerings. I believe vendors will be more cautious in their products. Will you be more cautious in your implementations?

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

October 22, 2024/by Katie Reiser

Member News, News, Resources

How the Right IT Managed Security Services Provider Can Help You Optimize and Grow

Sponsored content by Wipfli, a WBA Silver Associate Member

By Tom Wojcinski and Jeff Olejnik

IT Managed security services are vital in helping financial institutions oversee IT operations and compliance — but the right provider can take that role further.

IT Managed security services that bring increased capability and industry specialization can go from managing your IT infrastructure to modernizing it, acting as a strategic partner in identifying the solutions you need to optimize workflows and enhance the customer experience. And it can help you understand the latest updates to the cyberthreat landscape and regulatory priorities so your operations stay secure and compliant.

When you’re working with the right provider, you’re not just getting support for your servers — you’re getting support for your business.

Here are four ways IT managed security services can help you hand off operational tasks and grow your institution:

1. Modernizing your IT infrastructure

To implement the latest solutions, increase productivity and better reach customers, you need the right infrastructure. IT services can be a valuable source of insights into how your organization can create a modern workplace environment.

The right provider can help you update your IT infrastructure by switching out legacy systems and implementing cloud infrastructure — including helping you address the resulting security concerns.

Software as service (SaaS) platforms come with built-in security features, but they often leave you responsible for establishing things like permissions and access control. Your provider can help you build security strategies for cloud services and integrate new solutions with your core banking system.

2. Meeting customer needs

Customers expect services to be faster and more accessible across industries. If your financial institution wants to stay competitive, it needs to evolve the customer experience.

Managed services can help by taking on a more strategic role, providing guidance on an IT road map that supports technologies to help you:

Use dashboards to track key customer metrics.

Create a better omnichannel experience.

Use customer data to effectively cross-sell and increase wallet share.

Partnering with an effective provider can help you better strategize on how your institution can improve workflows and productivity so that you can deliver the experience your customers expect.

3. Enhancing your cybersecurity

Cyberattacks continue to increase in frequency and severity. Your IT managed security services should be helping your institution keep pace with support for:

Being proactive: In addition to addressing server performance issues, your provider should be proactively looking for indicators of compromise. They should employ 24/7 monitoring that can quickly identify and research any anomalies so that potential compromises can be solved before they escalate.

Staying updated: As AI continues to increase the frequency and sophistication of cyberattacks, your provider should not only be helping your institution enhance data protection but also adapting its own capabilities. An effective provider has the tools, infrastructure and threat detection in place to help them identify indicators of compromise faster, such as advanced endpoint detection and response and AI-powered threat correlation.

Meeting regulatory expectations: managed IT support with industry specialization can help ensure your institution meets key regulatory priorities in areas including ransomware, operational resilience and incident response. For example, it’s crucial that financial institutions use a provider that can retain security event logs if an incident does occur.

4. Providing crucial talent

For most institutions, establishing 24/7 security operations in-house is neither cost-effective nor viable.

Employing enough staff to provide that level of support requires substantial resources. And attracting and retaining staff can be equally challenging, given the current labor shortages and the relative lack of complexity and challenge financial institutions provide for these roles.

Outsourcing these positions with managed services provides you with the necessary staff and infrastructure without the cost of hiring. They can also help guide your institution’s data security at the executive level with fractional or virtual CISO services.

How Wipfli can help

Wipfli’s managed services go beyond IT operations and compliance to help your financial institution evolve. With industry specialization and deep cybersecurity capability, we can provide your institution with the solutions and strategy it needs to optimize operations and further its growth. We can also work alongside your current provider to augment your existing support.

September 18, 2024/by Katie Reiser

Member News, Resources

Association Update: WBA Associate Members Support Bankers Across Wisconsin

By Daryll Lund

Every year, the banking industry becomes increasingly competitive and with new trends, technology, and specialized services emerging at rapid speeds, there is no way for one single business to do it all. The Wisconsin Bankers Association is pleased to offer WBA bank members access to the over 150 vetted, dedicated companies that make up the Association’s Associate Member program.

Made up of a broad spectrum of third-party providers from around the country, WBA’s Associate Members program features companies that specialize in specific products and services related to banks. In forming strong partnerships with third-party vendors, many WBA members have found great benefit directly impacting their bank’s growth to the satisfaction of their customers.

Furthermore, Associate Member companies serve as valuable partners of the Association. From sharing their expertise through resources published in our publications to presenting on hot topics at WBA events, our Associate Members help us create meaningful, relevant content that informs bankers throughout Wisconsin. WBA’s Associate Member program offers just the place for banks to locate whatever niche expertise and product specialization they need to stay ahead in our continuously evolving industry. WBA stands ready to identify companies that seek to assist Wisconsin’s banking industry and connect banks with the vendor(s) that will meet their needs.

To learn more about WBA’s Associate Member program and how your bank can make the most of the resources available, please visit wisbank.com/Associates or contact Nick Loppnow, director – associate membership and business development, at nloppnow@wisbank.com.

March 27, 2024/by Hannah Flanders

News, Resources

The Evolution of Cyberthreats: Preparing for AI-Powered Attacks

By Brett Gilsinger

The latest arsenal of tools that cybercriminals will harness for their illicit activities is increasingly being powered by artificial intelligence (AI). The transition to AI-driven cybercrime is already underway. Traditionally, cybercriminals have relied on a plethora of tools acquired from the dark web to penetrate their targets. These off-the-shelf tools have allowed cybercriminals to gather the information they need effortlessly. Instead of developing code specifically for a target, attackers have been able to purchase these tools through underground networks and dark web marketplaces. Such tools permit them to tailor malware or compile exploits from pre-packaged kits. As long as profits continue to soar, the underground market for cybercrime services thrives, fueled by robust demand for illicit tools and the ongoing supply by clandestine developers.

This underground ecosystem has been operating for years and shows no signs of diminishing. Yet, with the advent of highly sophisticated large language models such as ChatGPT, the tools available to wrongdoers are transforming. GPT stands for “Generative Pre-trained Transformer.” It is an artificial intelligence model designed to generate text by predicting subsequent words in a sentence based on the preceding words. This technology, developed by OpenAI, uses deep learning algorithms and a large amount of data to understand and generate human-like text. We are witnessing the emergence of unregulated AI models like FraudGPT and WormGPT. These models function without the ethical constraints usually imposed on publicly available versions like ChatGPT. Offered via subscription services in the more obscure regions of the internet, they harness stolen or open-source training datasets to power private GPT systems that assist cybercriminals indiscriminately, completely disregarding the legality or ethics of their facilitation.

Reports indicate that some of these emerging systems possess the alarming capability to generate undetectable malware. They can orchestrate comprehensive phishing operations, crafting the deceitful messages and the code for the malicious landing pages designed to harvest credentials. With such technology at their disposal, the scope of advanced criminal activities is limited only by the perpetrator’s creativity — or perhaps not even that, should the AI itself suggest ways to refine their malicious endeavors.

Facing these sophisticated threats, institutions and individuals must remain vigilant and proactive in safeguarding their operations and personal information. While these advancements pose a significant concern for the security of our data in the era of AI, there are measures that can be taken to protect your institution from these threats. Almost all of these attacks rely on human error to grant bad actors access to your environment. Regular training and awareness programs are the first line of defense. Employees should be consistently educated on the most recent cyber threats and the critical nature of security best practices to avoid successful phishing and social engineering attacks.

Beyond improved training programs, hardening your processes and technology can establish a more secure infrastructure. Implementing multi-factor authentication (MFA) and biometrics for identity verification and performing routine internal security audits to ensure all systems are current and free of vulnerabilities are essential steps. Opting for the right technology security solutions, such as Managed Detection and Response (MDR), can automate the threat identification process and significantly diminish the likelihood of breaches.

By focusing on people, process, and technology, institutions can construct a formidable defense against the complex realm of AI-enabled cybercrime, thereby securing their assets and maintaining the confidence of their clientele. Moving forward, institutions will need to focus on evolving their security solutions to stay ahead of the quickly changing threat landscape.

Gilsinger is executive vice president – CTO of IT Resource, a WBA Associate Member.

About IT Resource

IT Resource provides technology solutions to streamline IT environments, enhance productivity, and lower costs. And now we are excited to announce that IT Resource is evolving into Endeavor IT! While maintaining the same dedicated team, ownership, and management, we’re expanding our already exceptional services to offer a broader range of IT solutions with offices spanning across the North, Midwest, and South. Curious to explore further? Check out endeavorit.com.

December 5, 2023/by Hannah Flanders

Advocacy, Education, News

From the Fields: Recap From the 2023 ABA Agricultural Bankers Conference

By Chris Schneider

This November, about a dozen ag bankers from Wisconsin and I made the trek to Oklahoma City for the 71st annual American Bankers Association (ABA) Agricultural Bankers Conference. This year, the number one message was getting the ACRE Act through Congress to help the American farmer. This act, which would create a tax exemption on ag loans and rural home mortgages, will aid in saving approximately $1.15 billion in ag loan interest and will reach 17,000 local communities across the country.

In attendance at this year’s event was Congressman Glenn “GT” Thompson (R–PA), who chairs the House Committee on Agriculture. During his opening session, GT offered updates on agricultural policies including the Farm Bill and shared what bankers need to know going into 2024. My impression of him was that he is committed to helping the American farmer and local communities.

Interest rate discussion was no surprise due to the past 12 months of increases. While many were questioning whether we will see it rise more, stay stable, or flatten out some, we will have to see if — as usual — the election year brings with it some softening of rates. I’m not sure if we will see the low rates of past years again in future.

Representatives from the ABA and Farmer Mac shared with attendees the results of the 2023 ABA/Farmer Mac Agricultural Bankers Survey. A few of the top and notable themes from this past year have been interest rate volatility, lender competition, credit quality, increased regulator burden, and weak loan demand.

In just the first day of the conference, attendees gained insight into food spending trends (a shocking 51% is spent on food outside of the house), student loan debt, legal cannabis, and more. Throughout the rest of the event, topics including new technologies and artificial intelligence (AI) and ESG trends and the sustainability especially the ag community. To me, the greatest take away from this year’s event was that in order to have successful farmers, ag bankers should be prepared to aid them in strengthening their ag IQ. By understanding the cost of production, strengthening their balance sheet, developing a marketing plan, and utilizing technology to set next level, we can help our clients do all the little things even better.

Schneider is vice president – senior ag banking officer at Nicolet National Bank in Manitowoc. Schneider also serves as Past Chair of the 2023–2024 WBA Agricultural Bankers Section Board of Directors.

November 28, 2023/by Hannah Flanders

Businesswoman with smartphone using application

News, Products

The Rise of Instant Payments

The Federal Reserve Launches FedNow® Service

By Hannah Flanders

In 2022, research by the Pew Research Center found that over 75% of U.S. adults have utilized PayPal, Venmo, Zelle, or Cash App at least once to send and receive payments. Of these users, ease is cited as the main reason for their adoption.

As banks look to further engage their customers, remain competitive in a quickly advancing society, and provide a safe and trusted alternative to popular payment apps, the Federal Reserve has launched its long-awaited FedNow instant payment service.

What is FedNow?

Launched in July 2023, FedNow allows financial institutions of all sizes to provide safe and efficient instant payment services to customers nationwide. Already, over 100 financial institutions across the U.S. have begun offering FedNow to customers. Of these institutions, First Citizens State Bank in Whitewater is currently one of the few in Wisconsin.

“As early adopters of the service, our team believes that FedNow, and other real-time payment systems, are the future of payments,” states Nate Parrish, First Citizens State Bank president. “We want to ensure our bank is on the cutting edge and not left behind when this technology really takes off.”

The release of the FedNow Service includes baseline functionality including core clearing and settlement capabilities. Currently, FedNow not only facilitates the peerto- peer (P2P) functionalities many customers are familiar with, but also has the capabilities to facilitate payments between businesses or between businesses and consumers. Further developments are expected to launch in phases as industry demand evolves.

FedNow, however, is not the first service to provide real-time payments to banks. In 2017, The Clearing House launched its Real Time Payments® (RTP) service to all federally insured U.S. depository institutions. As of mid-2023, over 350 banks and credit unions were listed as participants in RTP.

With several banks in Wisconsin signed on as RTP participants, the most significant difference bankers will notice with FedNow is the development of a new rail. The rail, which runs concurrent to already existing credit card and Automated Clearing House (ACH) payment rails, is overseen by the Federal Reserve Bank. Additionally, beginning in 2024, certified institutions will pay a monthly participation fee of $25. On the customer end, varying transaction limits (only $500,000 for Fed- Now) and clearing times occurring in just a matter of seconds may be the most obvious difference.

“‘Instant’ is the next modernization of ‘faster’ in the payments landscape,” says Julie Redfern, chief banking officer at Lake Ridge Bank in Monona. “Services such as Fedwire and FedACH, which are only available during certain windows, will always have a place. Fed- Now is the next step in remaining competitive and providing our customers the services they expect.”

For banks in deposit-gathering mode, the implementation of Fed- Now will help increase cash flow by allowing customers to move funds directly from one bank account to another, rather than storing funds within third-party apps. These capabilities to move money instantly can be found on the certified bank’s website or mobile app.

Getting Started

Unlike previous real-time systems, FedNow is generally seen as more accessible to mid-size and smaller banks. In this, smaller banks utilizing FedNow will now have the ability to access real-time payments without having to pay their larger competitors for the service.

Both First Citizens State Bank and Lake Ridge Bank, which is currently in the implementation process, are connecting to FedNow’s receiving rail (i.e., the bank cannot initiate customer payments) via integration of their core system. However, participation in the FedNow service is flexible, meaning that banks may opt to both send and receive payments, support liquidity management transfers, or access settlement services between correspondents and respondents. Additionally, banks may also choose to connect to the rail network through partnership with a FinTech company.

“FedNow has been slow out of the gate mainly due to bottlenecking on the core’s end,” says Redfern. “If an institution is considering going through a Fin- Tech, it’s important to make sure that they are already Fed approved rather than having to face additional delays.”

Parrish also emphasized the importance of getting ahead of the instant payment movement. “Especially with core providers being slow to adopt the idea of instantaneous movement, it may take several years for interested institutions to get on the rail. Even if 900 institutions are able to join in the next year, it could still take another nine or 10 years before FedNow is fully implemented across the country.”

To begin the process of implementation, banks are encouraged to consider their overarching payments plan and examine their operating processes to determine if the institution has the capabilities to support real-time payments. This process may require meeting with third party service providers or enhancing in-house technology.

From there, banks must undergo onboarding and testing. Certification, according to the Fed, is the final stage which entails the completion of an operational readiness test and network experience checklist. The Independent Community Bankers of America (ICBA) has emphasized that this process is not meant to be difficult, but rather to ensure that institutions are prepared to support instant payments.

The Future of FedNow

With just over 100 providers across the U.S. connected to FedNow’s rail as of October 2023, the main issue currently certified institutions are facing is the lack of transactions.

“Aside from conducting P2P payments, many customers are not entirely aware of the possibilities of FedNow,” says Parrish. “As bankers, it is our role to help inform our customers and small business clients of the possibilities of instant payments. From payroll to recurring bill payments or emergency disbursements, the ability to immediately move money will impact the way many operate.”

Though the Fed expects usage to increase as more institutions go live, banks that have incorporated FedNow into their payment offerings play an important role in emphasizing the key use cases and sharing with customers the possibilities of real-time payments.

Parrish also adds that the prospect of conducting Government-to- Consumer (G2C), Customer-to-Government (C2G), and Business-to-Government (B2G) payments on FedNow to be a significant factor as to why banks should become participants. Already, the U.S. Department of the Treasury’s Bureau of the Fiscal Service is ready with instant payment capabilities via FedNow.

Of course, as fraud continues to evolve, especially as increasingly more services become digitalized, risk mitigation and security is a significant consideration for many banks. While many theorize that the use of FedNow’s instant payment service will significantly cut down the number of uninsured, fraudulent payments that occur on third party apps as well as reduce check fraud scams across the country, it is vital that participating institutions have up-to-date strategies and procedures to mitigate risk.

Through FedNow, key risk management and information security solutions, such as accepting payments without posting, the ability to request more information from the sending or receiving institution, data encryption and tokenization, as well as several authentication and authorization measures, are available to participants. These tools, too, are expected to evolve and expand as the service grows. However, as the first line of defense against fraud, the Fed emphasizes that all participating institutions ensure that their overall fraud management strategy is consistent with the evolving payments landscape, communicated with vendors and customers, and regularly reviewed.

As ‘instant’ becomes the status quo for payments, FedNow can help drive commerce in new sectors, increase cash flow throughout communities, and offer financial institutions of all sizes innovative solutions to meeting the ever-evolving expectations of customers. To learn more about FedNow, and what its services may offer your bank and its customers, please visit frbservices.org/financial-services/fednow.

November 7, 2023/by Hannah Flanders

Posts

Get our Newsletter!