The Real-Time Payments Fraud Arms Race Nobody Has Priced

In 2024, the Real-Time Payments network operated by The Clearing House processed 343 million transactions worth $246 billion, a 94 increase in value over the prior year. FedNow, the Federal Reserve's parallel rail launched in 2023, crossed $20 billion in payment volume in a single quarter (Q4 2024) with roughly 1,400 institutions onboard.

For the first time in U.S. payments history, money is moving instantly between banks at scale. Sub-second clearing. Final and irrevocable settlement. No reversal, no claw-back, no overnight batch window where a fraud analyst can pull a transaction back.

The fraud detection systems running inside U.S. banks were built for a different world. Wire-room manual review at 30-minute decision windows, ACH next-day batch reconciliation, card-network real-time decisioning at hundreds of milliseconds. None of those defense layers were built to score, hold, and decide on a payment in 800 milliseconds end-to-end. The arms race between real-time payment volume and real-time fraud detection has not started yet, because the fraud has not arrived at scale yet. When it does, the banks that did not build for sub-second decisioning will lose.

That window is the Pain Point.

The fraud rates on FedNow and RTP today are extraordinarily low. The 2025 Association for Financial Professionals Payments Fraud and Control Survey found that only 2% of firms reported attempted or actual fraud on RTP or FedNow in 2024, compared to 63% on checks. The Clearing House reported a fraction of one percent of fraud loss on the RTP network. In April 2025, RTP processed 35 million transactions and saw just 123 reported fraud cases.

That low base rate is misleading. It reflects three things, none of which will hold.

First, fraud volume scales with payment volume. RTP value grew 94% in 2024 alone. Even with constant fraud rates, the dollar amount of attempted fraud rises in lockstep. The fact that current fraud is low does not mean future fraud will be low. It means future fraud has not arrived yet.

Second, the existing detection stack at most banks is not sub-second capable. Bank fraud orchestration vendors built decisioning engines for ACH, wire, and card-network speeds. FedNow ISO 20022 messaging operates in millisecond windows. Many community banks and credit unions are sending real-time payments out the door without ever running the transaction through a behavioral fraud model, because the model takes too long to score. They are operating on simple positive-pay lists and Federal Reserve-published "negative lists" of known bad actors. That is not defense. That is hope.

Third, fraudsters have not yet specialized in real-time payments because they do not have to. Check fraud and ACH fraud are still profitable. As those rails continue to lose share to real-time, fraud strategy follows. The lag between when fraud volume migrates and when bank-side detection catches up is the structural opening.

Three forces converged in 2024 to 2026.

First, real-time payment volume crossed the threshold where banks can no longer treat it as a pilot. FedNow added institutions through 2024 and 2025 at a rate of dozens per month. RTP saw nearly 100% year-over-year value growth. Real-time payments are now a real product line at most U.S. banks.

Second, the Visa acquisition of Featurespace in September 2024 at a reported figure near $937 million validated the category as acquirable. That deal told every bank-side fraud orchestration vendor that real-time decisioning at network scale is a strategic asset, and it told every founder that the buyer pool has appetite.

Third, FraudClassifier and ScamClassifier models from the Federal Reserve are now widely adopted as a standard taxonomy, but the Fed has explicitly signaled it will not build a centralized fraud detection service. Detection stays at the institution. That confirms the market lives at the bank tier, not at the central-bank tier.

The window: real-time payment volume is here, fraud is not yet, and the standardization layer is mature enough to build against. Three years from now, the category winners will already be installed across the largest banks. Two years from now, the second-tier banks will be hiring vendors to compete with the first tier's defenses. The window to define the category is the next 18-24 months.

Three distinct buyer pools.

The first is community banks and credit unions on FedNow. There are approximately 1,400 institutions onboard with hundreds more queuing for onboarding. Most have between $500 million and $10 billion in assets. They cannot afford enterprise-tier fraud orchestration, and they cannot build sub-second detection internally. The product opportunity is a turnkey real-time fraud orchestration layer purpose-built for community banks, sold per institution per month with usage-based scaling on transaction volume. Verafin, owned by Nasdaq, is the dominant incumbent here but priced and configured for larger institutions. Jack Henry's Yellow Hammer competes for the smaller end.

The second is mid-tier and regional banks adding RTP and FedNow capability. These are $10 billion to $250 billion-asset institutions with internal fraud teams already running ACH and wire monitoring. Their product opportunity is a real-time decisioning layer that integrates with their existing Verafin, FIS, or Fiserv fraud stack but adds sub-second capability for instant rails. Sold as a co-deployment alongside the existing vendor.

The third is core banking platform vendors and BaaS providers (Unit, Synctera, Treasury Prime, Bond) that need to offer real-time payments compliance and fraud as part of their stack to their fintech customers. The product opportunity is a wholesale fraud-orchestration API that core platforms embed and resell.

Comparable acquisitions to anchor pricing intuition: Visa acquired Featurespace in September 2024 at a reported $937 million range. Featurespace had raised $111 million across nine rounds before exit. Sift has raised $162 million total. DataVisor has raised $129 million total. The instant-payments-specific category has no acquisition comp yet. The next $500 million+ acquisition in this segment will most likely be a sub-second decisioning specialist with reference deployments at multiple top-50 U.S. banks.

The wedge most likely to produce a fundable company in 2026 is not generic real-time fraud detection. Generic detection competes with Verafin and Featurespace. The wedge is community-bank-tier real-time fraud orchestration sold turnkey, priced for institutions under $5 billion in assets, deployable in 30 to 60 days.

The status quo at a $1 billion-asset community bank is a part-time fraud officer running positive-pay lists, the Federal Reserve negative list, and a vendor model that scores in seconds, not milliseconds. The product opportunity is a decisioning engine that sits in front of FedNow ISO 20022 messages, scores in under 200 milliseconds, applies a configurable risk policy (auto-approve, hold-and-confirm, decline), and produces an audit trail the bank's compliance officer can defend in regulatory exam.

Same logic for credit unions. Same logic for the BaaS layer. Detection plus configurable risk policy plus audit trail, sold to institutions under $5 billion in assets at standardized pricing.

The first customer is a $1 billion-asset community bank or credit union that is already on FedNow but is currently operating on the negative list alone. Sales cycle: 60-90 days. The first product can be built by a team of four engineers, one bank operations veteran, and one compliance officer in 9-12 months.

Platform fee plus per-scored-transaction usage. The platform fee covers integration with the bank's core, ISO 20022 message handling, audit logging, and ongoing FraudClassifier alignment. The usage fee captures the value moment, which is the scored real-time payment.

ACV $35,000 to $750,000 depending on institution size. Gross margins 75-85% at scale, dragging to 60-70% in year one because of integration services with bank cores (FIS, Fiserv, Jack Henry).

The alternative model worth considering is OEM licensing to core platform vendors (FIS, Fiserv, Jack Henry, Finastra) where the orchestration layer becomes a feature inside the core. Higher revenue per deal, fewer deals, longer sales cycles. For most teams, direct sales to community banks at standardized pricing is the cleaner wedge.

Volume-driven fraud has not yet arrived. If it stays low for another 24 months, banks will not feel acute pressure to upgrade and the buying cycle slows. The right play is to position the product as compliance and audit-readiness defense, not just fraud-loss defense, so the buying motivation does not depend on a major fraud event.

Visa absorption is real. Featurespace under Visa now has the resources, brand, and incumbency to dominate at the bank tier. The defensible play is community-bank-specialist positioning, where Featurespace is overpriced and overconfigured for the buyer.

Federal Reserve action is the deepest non-obvious risk. The Fed has signaled it will not build a centralized fraud detection service, but it has built FraudClassifier as a taxonomy and could expand. A vendor that aligns tightly with FraudClassifier and is positioned as the "implementation layer" for Fed taxonomy stays defensible regardless of Fed expansion.

Bank IT cycles kill startups. Community banks have 6-12 month procurement cycles, regulatory review windows, and core-vendor integration constraints. A startup that does not budget for a long sales cycle dies before traction.

The right mental model for this category is not "build a faster fraud model." It is "build the orchestration layer that gives a community-bank fraud officer an audit-defensible answer in under 200 milliseconds." The product is the configurable policy plus the audit trail, not the model.

Builders should ask themselves: would my product still be valuable if my detection model were 80% accurate? If yes, the orchestration and audit layer is doing the real work. If no, you are competing on model accuracy with Featurespace, which has 12 years of training data and Visa's checkbook.

Investors should ask the team: what is the regulatory exam case for buying you instead of staying on the Federal Reserve negative list? If the team cannot articulate the exam-defense argument, the buying motivation is fragile.

The common evaluation mistake here is treating this as a generic fraud-detection category. It is a community-bank infrastructure category. The buyers are bank operations officers and compliance leaders, not chief fraud officers. The pricing has to fit institutional procurement. The integration has to fit Fiserv, FIS, and Jack Henry cores.

Pricing intuition: the buyer is paying for sleep, regulatory exam confidence, and one fewer headcount on the night shift, not for incremental fraud-loss recovery.

Founders. Pick the community-bank tier specifically (institutions under $5 billion in assets) and build the turnkey orchestration layer. Avoid mid-tier banks until you have 10 community-bank reference customers. The mid-tier bank conversation is much harder to win without them.

Investors. Ask the team to name three community-bank or credit-union reference customers under contract within the first 12 months. If they have not lined up letters of intent or pilots, the GTM is theoretical.

Operators at community banks and credit unions. Run an internal audit this quarter on your real-time payments fraud posture. The question to answer: what is your decisioning latency on outbound RTP and FedNow, and what is the audit-defensibility of your current process if the OCC or NCUA examines you in the next 12 months.

Acquirers. Watch for startups with three or more named community-bank deployments and a documented integration with Fiserv, FIS, or Jack Henry cores. That reference and integration set is the leading indicator of acquisition readiness for FIS, Fiserv, Jack Henry, or Visa as natural buyers.

• The Clearing House reported its RTP network processed 343 million transactions worth $246 billion in 2024, a 94% increase in dollar value year over year. April 2025 alone saw 35 million RTP transactions with just 123 reported fraud cases.
• FedNow exceeded $20 billion in payment volume in Q4 2024 across roughly 1,400 onboarded institutions, with the Federal Reserve continuing to add dozens of institutions per month.
• Visa acquired Featurespace in September 2024 at a reported figure near $937 million, the most significant real-time fraud detection acquisition to date.
• The 2025 Association for Financial Professionals Payments Fraud and Control Survey reported only 2% of firms experienced fraud on RTP or FedNow in 2024, compared to 63% on checks. The base rate is misleading; volume is exploding.
• The Federal Reserve has explicitly signaled it will not build a centralized fraud detection service for FedNow. FraudClassifier remains a taxonomy and a model adoption framework, not an operational tool. Detection responsibility stays at the bank.
• Verafin (Nasdaq-owned) and Featurespace (Visa-owned) released specific RTP and FedNow decisioning module updates through 2024 and 2025, signaling the incumbent vendors are positioning aggressively at the enterprise tier and leaving the community-bank tier underserved.