Abstract

Real-time payment (RTP) rails convert retail payments from a batch, revocable process into an always-on, irrevocable, data-rich transfer of value. In the United States, this transition accelerated during 2012–2023 as mobile wallets, account-to-account (A2A) transfers, and instant credit transfers expanded, culminating in nationwide rail competition between private-sector networks and the Federal Reserve’s FedNow Service. The same design features that make RTP economically attractive—immediacy, finality, and API-based integration—also magnify fraud externalities and operational-resilience demands. Authorized push payment (APP) scams exploit consumer initiation and social engineering, while mule accounts, synthetic identities, and rapid cash-out compress detection windows from days to seconds. Regulatory liability regimes (e.g., U.S. Regulation E) were built around unauthorized transfers and do not fully internalize APP harms, creating incentives that may underinvest in preventive controls. This paper develops a pragmatic–institutional risk framework for U.S. RTP ecosystems that integrates (i) fraud typologies and externalities, (ii) operational-resilience requirements for 24/7 settlement, and (iii) consumer-protection and governance mechanisms spanning federal and state authorities. Methodologically, we specify a replicable measurement architecture using a simulated institution–region–year panel (2012–2023) that combines RTP intensity, fraud loss proxies, incident-response performance, and governance strength indicators. We outline identification strategies suitable for U.S. data constraints—fixed-effects panels, staggered adoption difference-in-differences, and instrumented uptake using broadband penetration and legacy payment frictions. Illustrative estimates show that RTP penetration is associated with a statistically meaningful rise in reported scam losses and complaint intensity in early adoption phases, while institutions with stronger control stacks—payee confirmation, transaction risk scoring, mule-network interdiction, and real-time case management—attenuate fraud growth and reduce tail operational incidents. We translate these findings into a U.S.-specific governance blueprint that aligns rail operators, depository institutions, nonbank PSPs, and regulators around a shared ‘prevent–detect–respond’ control taxonomy, standardized reporting metrics, and consumer redress principles. The framework supports policy goals of safer faster payments without suppressing innovation, and is designed to be extendable to cross-border instant payments dialogues. Research highlights. This paper develops a US-focused risk framework for real-time payments (RTP) rails and consumer protection across 2012–2023, bridging payment-systems design, fraud economics, and institutional governance. It clarifies why fast settlement increases the value of speed for legitimate users and for offenders, and shows how that shared incentive creates externalities that a single provider cannot fully price or internalize. Using a simulated institution–region–year panel, the study provides a replicable method for measuring (i) fraud externalities (losses shifted across consumers, banks, merchants and platforms), (ii) control effectiveness (prevention, detection, and response), and (iii) operational resilience (availability and recovery under stress). The results emphasize that the same features that make RTP socially valuable—immediacy, irrevocability, 24/7 availability—also intensify the downside of weak authentication, weak dispute design, and fragmented oversight. Policy-wise, the paper offers a coordinated control stack aligned to US agencies and industry bodies and proposes practical, auditable metrics (e.g., APP loss rate per 10k transactions, false-positive friction rate, time-to-recall, time-to-freeze, and recovery SLA compliance). The governance contribution is a ‘rails-and-responsibilities’ map that connects economic function to supervisory responsibility, supporting activity-based regulation and reducing arbitrage across state and federal regimes.