Faster Payments Technology Considerations PDF

Summary

This document discusses the technological considerations for enabling faster payments. It explores various components such as APIs, QR codes, encryption, and authentication. The text is part of a handbook, likely covering financial processes and technologies.

Full Transcript

The payment industry has witnessed significant change in recent years thanks to various technological
components that power the Faster Payments rails. Numerous technology factors including APIs, tokenization,
network connectivity, and many more have changed the payments industry. Some parts like the core banking
system and APIs are fundamental to the operation of the payment transaction interworking whereas directory
services, secure authentication processes, and network connectivity all provide enriched and reliable payment
experiences for all users.

Faster Payments rails are empowered by various technology components that that have begun transforming
the payment landscape, enabling faster, more secure, and highly available payment experiences.

Application Programming Interfaces (APIs) are sets of protocols and tools that enable different software
applications to interact with one another. They define the methods and data formats that applications can
use to request and share information and enable smooth communication and interaction between different
players in the payment ecosystem, including financial institutions, payment processors, third-party service
providers, and even payment infrastructures. APIs permit the development of flexible and customizable
solutions within the payment system and enable participants to integrate with various services. APIs allow
for the real-time exchange of data and support the seamless flow of information and transactions.

Quick Response Codes, QR codes, are a versatile type of bar code that can contain various types of
information. One such usage is the encoding of information needed to process payment transactions
between accounts through either cloud-based or local merchant systems. QR code payments can be initiated
by either a merchant or a customer. Some of the potential benefits of QR codes include cost-effectiveness,
simplicity of use, and flexibility, as QR codes can contain both static and dynamic information.

Static QR codes contain information that remains constant and can be printed and exhibited in different
locations like the point of sale, menus, bills, etc. Conversely, dynamic QR codes can carry up-to-date
information along with optional transaction-specific details. QR codes enhance the user experience by

THE 2025 AFPP HANDBOOK 107
streamlining the payment initiation process, proving especially beneficial in situations such as PoS transactions
and peer-to-peer (P2P) payments.

Static QR codes contain information that remains constant and can be printed and exhibited in different
locations like the point of sale, menus, bills, etc. Conversely, dynamic QR codes can carry up-to-date
information along with optional transaction-specific details.

Directories are databases of payment-related information and simplify payment routing by enabling payment
initiation using aliases such as email, cell phone number, etc. These aliases are linked to payment account
information and replace the necessity of memorizing or sharing sensitive and complicated information, thereby
facilitating payment initiation and assisting in fraud prevention. Faster payment directories support multiple use
cases such as P2P, C2B, B2C, and others.

Encryption and tokenization are two methods that provide additional layers of security to transmitted data. Data
encryption is where data is reversed using an algorithm to encode information into an indecipherable form.
Decryption uses private and/or public keys, making the data useless without them. Tokenization enhances the
security of sensitive payment data by turning a meaningful piece of data into a random string of characters
known as a token. While encryption is useful when data needs to be decrypted and reused, tokenization is more
appropriate when data only needs to be referenced and not reused. Additionally, tokenization reduces the risk of
data exposure as the sensitive data is replaced with tokens that have no meaning outside the system.

FIs connect to Faster Payments rails both directly or indirectly via third-party service providers or correspondent
banks. These connections occur on each payment rail network, which ensures secure exchange of payment and
non-payment messages among various participants. Third-party providers can include a core processor, a hosted
gateway, corporate credit union, etc. Depending on various rules-based guidelines of each payment rail, certain
participants are obligated to validate their abilities to meet requirements.

Payer authentication is the process of verifying the identity of a user, often as a prerequisite to allowing
access to valuable information before payment initiation. This is particularly critical in Faster Payment
systems as a prevention mechanism to protect end users against fraud by preventing unauthorized entities
from initiating payments. Faster Payments manages security risks by protecting transactions with robust
security measures augmented by technology, such as two-factor or multiple-factor authentication, biometric
verification, and real-time monitoring. These technologies provide an additional layer of security, ultimately
contributing to the speed and efficiency of the overall payment system.

A responsive and efficient core banking system that can respond to the various payment processes challenges
brought about by Faster Payments is very important. These can generally include accounting, customer
relationship management (CRM), risk management, operations, and reporting. Technology has advanced
the core banking systems to support payment processes to better manage account information and balance
updates continuously 24/7/365. Core banking systems have traditionally been built for a batch-based world,

108
which is no longer fit-for-purpose, so it is important that FIs participating in one or more Faster Payments
systems have a core banking platform that is up to the challenge.

Quick availability is a fundamental characteristic of Faster Payments in the United States. The necessity for
speedy posting times has prompted traditional payment origination methods to adapt. Payment providers
adopted application programming interfaces (APIs) to facilitate seamless and instant connectivity between
corporate originators, merchants, consumers, and payment providers. The most effective approach utilizing
APIs involves establishing connections between corporate originators and various payment providers, such as
financial institutions and third-party payment processors. APIs empower participants to develop adaptable
solutions within each payment system and support varying use cases.

APIs and Faster Payment solutions are often developed by each payment provider, meaning APIs are not likely
based on an open framework, making integrating other service providers more challenging. This complicates
and slows the FIs’ ability to add new services and innovate. Within the payments ecosystem, Faster Payment
APIs have five core functions as categorized and defined by the Faster Payments Council’s API Working
Group: registration and onboarding, log-in and API access management, payment initiation and payment
processing-related, directory functions, and embedded and additional functions.

TABLE 56 CORE FUNCTIONS OF INSTANT PAYMENT APIS

Registration & onboarding Registration APIs enable corporations to enroll in a provider’s Faster Payments
API service, while onboarding APIs streamline tasks like KYC validation and user
authentication for employees or customers accessing the service.
Log-in & API access management Maintenance APIs facilitate the administration of tasks like adding or adjusting
account settings, including managing log-in/API access, usernames, passwords,
and channel access via methods such as mobile phones, digital wallets, email, and
online platforms.
Payment initiation & payment processing-related This extensive category of APIs supports various Faster Payment processing
functions, encompassing activities such as initiating payments, request-for-payment
initiation, receiving acknowledgment or response codes, and querying and
reporting payment status and account balances.
Directory functions A directory API grants access to information related to customers or entities,
including bank routing numbers, account details, aliases, and other data essential
for payment or transaction processing, usually maintained by a central authority or
organization like a payments network.
Embedded & additional functions This category of APIs encompasses a wide range of supplementary services
including fraudulent transactions prevention controls, sanction screening features,
and transaction data reporting features.

Payment systems employ diverse methodologies to secure data during transmission and storage. Among
the most utilized technologies are tokenization and encryption. Specific rule-based guidance governs the
protection mechanisms for certain systems.

The FedNow Service requires that all messages are cryptographically signed, utilizing participant key pairs,
a combination of public and private keys. These keys provide a layer of security controls, helping verify the
integrity and authenticity of messages exchanged through the FedNow Service. All messages in the FedNow

THE 2025 AFPP HANDBOOK 109
Service is therefore signed with the sender’s private key and verified by the receiver using the sender’s public
key. The service rejects messages without a signature, those signed with an expired key, or those bearing an
unrecognized key, indicating a specific error code. Participants are encouraged to maintain multiple active key
pairs, each with a unique one-year expiration date.

The RTP network introduced enhanced security through a capability called Secure Token Exchange, providing
account tokenization for financial institutions. This feature issues tokens for account credentials, reducing
vulnerability from storing information outside the banking system and thus preventing information theft and
fraud. RTP payments using tokens operate similarly to those with real account numbers. All RTP participants,
whether issuing or receiving tokens, must ensure compliance with practices like AML monitoring. The RTP
network further employs Transport Layer Security (TLS), a cryptographic protocol that encrypts data sent
over the Internet, and each message is digitally signed to ensure authenticity in accordance with ISO 20022.

The ACH network defines information security as protecting information against unauthorized access to or
modification of information. The key components of information security consist of confidentiality, data
integrity, and availability. Furthermore, the Nacha Operating Rules require protecting the security and
integrity of certain ACH data throughout its life cycle by establishing access controls, self-assessment, and
verifying the identity of third-party senders and originators. All non-consumer originators, DFIs (Depository
Financial Institutions), TPSPs, and third-party senders must also establish, implement, and update security
procedures, policies, and systems related to the initiation, processing, and storage of entries.

Each Non-Consumer Originator that is not a Participating DFI, each Third-Party Service Provider, and each
Third-Party Sender, whose ACH Origination or Transmission volume exceeds 2 million Entries annually must
protect DFI Account Numbers used in the initiation of Entries by rendering them unreadable when stored
electronically no later than June 30 of the year immediately following the year in which such volume first
exceeds the 2 million Entry threshold, and consistently thereafter regardless of annual volume.

The Payment Card Industry Data Security Standard (PCI DSS) founded and developed by Visa, Mastercard,
and other industry leaders, sets a baseline level of protection for customers, merchants, and service providers to
help reduce fraud and data breaches. PCI DSS applies to all entities that store, process, or transmit cardholder
data and/or sensitive authentication data, enhance consumer confidence, and protect the overall integrity of
the payment system.

Every transaction moving on Visa‘s trusted global network is supported by a multi-layered system of risk and
compliance controls available, which consists of tokenization, fraud controls, and robust program governance.
Tokenization replaces sensitive credit card or account numbers with a token, consisting of a value-ID or
meaningless alphanumeric ID. Visa Direct APIs are required to support Message Level Encryption (MLE),
which serves the dual purpose of securing information and communication with other parties by preventing
unauthorized parties from understanding the information or communication.

For Mastercard Send, communication between client applications and Mastercard is safeguarded through TLS/
SSL (Transport Layer Security/Secure Sockets Layer), ensuring automatic data encryption during transmission
over networks. Moreover, certain services incorporate end-to-end payload encryption. For instance, services
handling sensitive information, such as cardholder Personally Identifying Information (PII), must adhere to the
PCI DSS by encrypting the transmission of cardholder data across open, public networks.

110
Financial institutions connect to Faster Payments platforms directly or indirectly via third-party service
providers or correspondent banks. Further detail on participation types and service offerings as well as
eligibility requirements for each payment rail is available in Chapter 1.

Financial institutions have the option to connect to the FedNow Service either by utilizing a direct FedLine
Solutions connection (WAN or VPN) for message exchange, profile administration, and other functions, or
through a third-party service provider like a payment processor, bankers’ bank, or corporate credit union.
Service providers that act on behalf of participating FIs establish connections to the FedNow Service using a
FedLine Solution. These providers can process transactions for multiple financial institutions through a single
connection, be it WAN (FedLine Direct) or VPN (FedLine Command or Advantage). For fintech companies
or other providers exclusively offering instant payment solutions to consumers and businesses (e.g., payroll
providers, payables and receivables vendors, treasury management platform enablers), a partnership with a
FedNow participating FI is required. Third-party service providers, on the other hand, may or may not have a
direct connection to the Federal Reserve.

Similarly, FIs can connect to the RTP network directly or using a third-party service provider, such as a core
processor, a hosted gateway, a bankers’ bank, or a corporate credit union. Any federally insured depository
institution has the eligibility to become a participant in the RTP network.

The ACH Network allows direct access to originators, third-party senders, or third-party service providers
who act as an intermediary to transmit credit or debit entries using an ODFI’s routing number and settlement
account. However, a participant depository FI must either on their own or through a correspondent bank
maintain a settlement account at a Federal Reserve Bank. The ACH Network further requires ODFIs to
register certain direct access relationships with Nacha. For example, specific relationships with third parties
and originators must be defined and registered accordingly.

The sender FI must either be a licensed Visa acquirer or a third-party originator that is sponsored by a
licensed Visa acquirer for a Visa Direct program to use the Visa Direct APIs. They must also be able to
validate their ability to meet the requirements of a full push payments processing service.

Sender FIs can integrate with Mastercard Send directly via a single connection or work with Mastercard-
approved partners (known as Transaction Initiators), such as digital players. While a single connection is
provided by Mastercard’s network, connectivity to multiple networks is available in certain markets.

Payment directories are informational databases that support the exchange of payment-related information.
Directories facilitate payment initiation by linking a payment alias(es) (email, cell phone number, etc.) to payment
account information, such as the bank, account number, routing number, PAN, etc. This means that the payee
can share their alias with the payer rather than sensitive information that can lead to misrouting a payment.
Aliases also tend to be easy to remember in contrast with the information required to route a payment over a
Faster Payment rail, thus facilitating payment initiation.

THE 2025 AFPP HANDBOOK 111
Directories are often overlay services and are not necessarily directly related to the underlying payment system
infrastructure. Zelle, for example, is an overlay service operated by Early Warning and is not formally tied to
TCH’s RTP or Same Day ACH. On the other hand, Visa Direct and Mastercard Send do have their own
directories for use in their respective systems. As of now no directory uses the FedNow system, though this will
likely change.

Directories, whether they are centralized or federated, have a number of responsibilities. This includes
securing information and ensuring that only authorized parties access the directory and only to parts they
have authorization to access. Directories have to strike a balance between openness and security: directories
want to ensure widespread adoption and therefore may be open to third party access but must also ensure
that they are safe and secure against abuse. The convenience directories provide enhance data security and
accuracy, allowing individuals and/or businesses to make and receive payments without sharing sensitive
information, simplifying the payment process.

Faster payment directories can be broadly categorized into two types according to the way they look up
payee information:

Centralized Directory: This type of directory maps an alias to its PSP and the corresponding
account number (or other type of account-related number such as a PAN). The mapping of alias is a
one-step exercise in case of centralized directories.
Federated Directory: This type of directory maps an alias to its corresponding PSP. The PSP is
responsible for mapping the account information locally to the alias provided, using its own directory,
making this a two-step process.
Zelle operates the largest Faster Payments alias directory for bank-initiated transactions in the United States,
while Venmo and PayPal are two non-bank payment service providers (PSPs) that provide alias-driven payment
services. All three services allow users to link their account information to an email address or phone number,
while Venmo and PayPal also allow users to initiate payments using a user-generated identifier. The three
directory services are not interoperable, though Venmo and Paypal are owned by the same company.

Directories link aliases, typically a short identifier that is easy to remember and share, to a user’s transaction
account information. This allows simplified payment initiation without the need to know and input the
payee’s payment details. For the payee, using an alias removes the need to memorize and share payment
information, which can be sensitive. In the context of bulk payments such as government benefits or other
types of disbursements (salary payments, dividends, etc.), the use of aliases simplifies the maintenance of
beneficiary information. Aliases mask a transaction account number preventing the theft of transaction-
account information, reverse lookup attacks, and the automated skimming of customer information.,
The U.S. Faster Payments Council’s Directory Models Working Group has outlined the essential functional
characteristics of directories, classifying them into core and value-added features. The core characteristics
encompass several key aspects: Directories must possess the capability to validate the accuracy of routing
information. Additionally, directories need to ensure that payment aliases remain unique within the directory,
allowing for efficient and unambiguous identification. The support for multiple routes linked to a payment
alias would enhance flexibility in payment processing, though is not considered essential. Furthermore, directories
should minimize the storage of sensitive information, emphasizing the importance of safeguarding user data.
Directories must prevent the exploitation of the directory for mining payment details, reinforcing the need for
secure and ethical use. Moreover, they should allow the establishment of end-user-controlled profiles, offering
users a degree of autonomy in managing their directory-related preferences.

112
In addition to the core characteristics, the Faster Payments Council identifies value-added features that
directories should incorporate: A directory should support some variant of confirmation-of-payee, which
would enhance the security and reliability of payment transactions. This feature helps verify the accuracy
of payee information, reducing the risk of errors or fraudulent activities. Additionally, directories should be
equipped to support request-for-payment transactions, facilitating a broader range of payment interactions
and ensuring a comprehensive and versatile payment ecosystem.

For senders and recipients of faster payments, the use of aliases improves the user experience making it
more seamless by:

Making it easier to share payment details: It is usually easier for the payee to share a phone
number or email address than a bank identifier and account identifier
Reducing the sharing of sensitive account-related data: A payment can be addressed to the payee
without the need for the payee to share sensitive account details (or even information about where
they hold their accounts)
Providing confirmation-of-payee: Directories provide some forms of confirming the identity
of the payee, for example, by providing the real verified name of the account holder (as provided by
their PSP) or a nickname defined by the user to the payer. This gives the payer confidence that funds
are being sent to the correct account as well acting as a tool against fraud.
Faster payment directories can support multiple use cases. The use cases almost always begin from P2P
payments and then expand to include C2B, B2C, B2B and others. Zelle, is a directory-based payment
service available that leverages the Same Day ACH infrastructure, RTP network, Visa Direct, Mastercard
Send and RTP to process payments using phone numbers and email address as aliases., The initial release
of FedNow did not include a directory service, limiting financial institutions’ ability to offer convenient P2P
payment services. FIs can use a private-sector directory to access routing information to allow alias-based
payments on FedNow. Visa Direct offers their Visa Alias directory service that links different aliases to a
payment credential.

Faster Payments use directories to enable alias-based payments and to store and manage critical information like
account numbers, routing details, and payee data. The use of directories has streamlined payment initiation and
helped prevent errors and ensure swift transfer of funds. Apart from the Faster Payment directories that link to
the payee’s account information, there are also closed loop directories such as the ones used in Venmo and PayPal
that help process payments within their systems. Payment directories in the United States are highly fragmented
and not interoperable, operating in closed loop ecosystems as payment service providers treat their network and
associated information as a valuable asset and are not willing to share this information with other networks.

The Business Payments Coalition, a volunteer group of organizations and individuals working together to
promote greater adoption of electronic business-to-business (B2B) payments, remittance data, and invoices,
describes B2B directories as a utility that enables the storage, management, and look-up of electronic
information (i.e., the identity) of a payee, including account and payment information to help
U.S. corporations increase their use of domestic electronic payments and related business information
to their business payees. Other communication technologies such as telecommunication companies and
email have relied on using directories to look up the recipient using various protocols and standardized
approaches to reach the recipient.

Apart from payments, directories are an important tool to compile and look up information by using proxies
in trade and industry. The U.S. Department of Commerce provides a searchable directory of e-
commerce business service providers containing basic information on e-commerce service providers

THE 2025 AFPP HANDBOOK 113
that U.S. exporters can contact for optimizing their digital operations. An effective supply chain directory is a
crucial requirement in many industries as it enables efficient supplier identification, streamlined communication,
improved supplier performance management, enhanced visibility, risk mitigation, collaboration, and continuous
improvement. Businesses can optimize their supply chain operations, enhance efficiency, and reduce costs by
leveraging directories.

The payments ecosystem operates within a framework of business expectations, customer contracts, regulations,
and scheme rules. Within this context, directories supporting Faster Payments play an important role and require a
well-defined governance structure to establish the criteria for participation, outline participant obligations, and
allocate rights and responsibilities to the entities utilizing the directory. All participants in the Faster Payments
ecosystem should adhere to a common set of rules and guidelines. This ensures a standardized and consistent
approach across the board, contributing to the reliability and efficiency of the payment processes facilitated
by directories.

There are two primary governance structures for directory models, distinguished by platform/framework
ownership and eligibility rules for participation. The first model is consortium-led / bank-led, where
participating banks collaborate to define the governance framework. Challenges may arise in implementing
governance changes swiftly due to diverse stakeholder opinions and this model can be difficult in highly
decentralized markets such as the U.S.

The second model is mobile operator-led, where mobile operators take the lead in platform development, and
banks join as participants. This model has the potential to include non-bank players, fostering competition
and innovation. However, it may also lead to market fragmentation as more diverse players, such as financial
institutions, mobile wallets, and apps, enter the market. Implementing this model would require changes to
scheme rules, which may be challenging in the short-to-medium term.

The use of directories entails several security standards to ensure the trust and safety of end users. If a
directory is perceived as unsafe, users are likely to avoid its use altogether. Directories such as Venmo and
Zelle have their own governance systems and safety procedures. These mechanisms secure access to the
directory, facilitating secure payment initiation. The issue of fraud in the United States necessitates that any
directory, from its inception, must prioritize safety. Several key factors contribute to the safety of a directory:
the extent of payment data visible to the sending party, sender authentication methods, and the type of
directory employed.

A major security consideration for Faster Payment directories is to prevent their misuse for data mining. To
prevent data mining, various directories adopt different approaches. Some directories restrict the sender’s
view to part or all of the recipient’s name (i.e.,, confirming what the sending party inputs) while others provide
the sender with the recipient’s full name, confirming the recipient. Notably, none of the directories reveal the
receiving party’s account information to the sender.

Sender authentication methods present another security challenge as there is no consensus on the best
approach. Zelle utilizes the authentication from the respective banking app or by using a password or
biometric data through the standalone Zelle app, others utilize thumbprint or facial recognition or rely
on each bank’s app authentication measures. Recommending multi-factor authentication, which includes
passwords, biometrics, or linked cell phones, emerges as a potential solution to enhance security against
unauthorized payment initiation.

114
Launching and operating a proxy service demands robust data security and privacy measures. Consent from
customers for the use of a specific proxy identifier is essential. Payment system operators must establish
rules governing fraud risk management and liability. Moreover, stringent verification processes should be in
place during customer registration of an alias. Notably, the chosen proxy identifier should not function as an
authentication mechanism, such as a username for internet or mobile banking, nor should it compel users
to disclose sensitive information, like using a primary account number as an alias.

Messaging standards in Faster Payments serve a dual purpose: enhancing interoperability and ensuring
seamless communication among financial institutions. This facilitates swift and secure transmission of
payment information, reducing errors and accelerating transaction processing. In essence, messaging
standards are crucial for creating a robust and efficient Faster Payments infrastructure, enabling a uniform
and reliable exchange of information.

ISO 20022 is an international data standard that establishes a framework for payments, delineating message
specifications for, and facilitating the transmission of consistent, comprehensive, and structured data elements.

The messaging standard has multiple applications for Faster Payments. Firstly, it enables richer data elements
enabling more accurate payment processing. Second, its structured data supports straight-through processing,
which reduces the need for manual interventions, streamlining the payment flow and facilitating quicker
transaction times. Third, its increased data granularity and standardized format contribute to fewer errors
and misdirected transactions. Fourth, the additional information it can carry enables real-time tracking and
confirmation of payment, which is helpful with reconciliation and compliance with regulatory requirements
related to the speed of transactions. Lastly, while most Faster Payments systems in the U.S. are not interoperable
with either each other or systems in other markets, the use of ISO 20022 can facilitate future interoperability.

ISO 8583 is an international messaging standard developed for card-initiated transactions and is currently
used by both Faster Payment card networks in the U.S., Mastercard Send and Visa Direct. It establishes a
structured framework including key data elements for transactions creating a standardized language for card
payment messages.

ISO 8583 ensures standardized communication, minimizes errors in processing push-to-card transactions,
and facilitates speedy processing. ISO 8583 can enable interoperability when different card networks use
it, such as Mastercard Send and Visa Direct. Furthermore, ISO 8583 has been used by the card networks
for decades, so using it for push-to-card transactions means FIs have to do less work to implement it, thus
lowering costs.

Different Faster Payments rails utilize different messaging standards. In the U.S., instant payment rails use
ISO 20022 whereas Same Day ACH uses the Nacha standard, and the card networks use ISO 8583.

THE 2025 AFPP HANDBOOK 115
 TABLE 57 MESSAGING STANDARDS BY FASTER PAYMENT RAILS

FedNow ISO 20022
RTP ISO 20022
Same Day ACH Nacha
Mastercard Send ISO 8583
Visa Direct ISO 8583

The ISO 20022 standard has two main components, its message structure and data dictionary. The message
structure defines the format and organization of messages exchanged between financial institutions. It includes
fields and segments with a specific purpose and defines the data type to ensure consistency. ISO 20022 uses
a flexible XML-based syntax, allowing for the inclusion of a wide range of financial information in single
messages, leading to clarity in communication, reduced ambiguity, and facilitating automation and straight-
through processing.

The data dictionary serves as a comprehensive catalog of data elements and their definitions, providing the
financial industry with a standardized set of terms. Both financial institutions and payment system developers can
refer to this catalog to interpret and use data elements consistently across markets. It includes both business and
message concepts, as well as various data types. The dictionary is dynamic and new items are added regularly to
avoid misinterpretation continuously.

Overlay services are specialized offerings that enhance payment services by utilizing existing infrastructure
to provide value-added services (VAS) to users. Financial institutions seek to connect to multiple networks
and switch between them based on various factors such as transaction volume, pricing, and reach. This is
becoming more important as the number of faster payment services grows. Overlay services include liquidity
management, tokenization, biller directory(ies), fraud prevention, and customer directory(ies). These services
benefit all participants in the payment ecosystem and facilitate the expansion and interoperability of instant
payment services.

Collaboration between networks is essential to identify common overlay services, leading to faster adoption,
increased efficiency, and innovation. For financial institutions, utilizing common overlay services reduces
duplication of effort, enhances flexibility, lowers overhead costs, and promotes innovation. Common messaging
standards and guidelines facilitate interoperability between networks. Some overlay services include liquidity
management, tokenization for fraud prevention, directories, fraud prevention measures, customer directories,
and a regulatory framework for transaction monitoring and fraud prevention. By leveraging these overlay services
and establishing collaborative frameworks, the payment ecosystem can achieve seamless interoperability, driving
adoption and improving the overall user experience.

116
Alias directories are a particularly useful VAS enabling widespread adoption of Faster Payments by easing
payment initiation. These directories enable users to link identifying aliases such as email addresses or
phone numbers to their Faster Payments-enabled payment method (typically a bank account or card) rather
than lengthy account and routing numbers or PANs. This simplifies the initiation process and can help
ensure that payments are sent to the intended payee. The convenience aspect, when combined with security
and speed, makes alias directories powerful tools to promote Faster Payment adoption.

Request-to-Pay is a set of non-payment messages enabling payment receivers to generate a payment request
that goes over the Faster Payment network. Unlike direct debits, where the transaction itself is initiated by the
beneficiary, the paying party controls when and if an R2P is responded to, so the underlying payment is still
a credit transfer even if the R2P itself is generated by the recipient. R2P messages may include reconciliation
data for bill and invoice presentation, allowing for easier presentation and information collection. The ease
with which billers and consumers can send R2P messages could become a driver of use case expansion by
providing more utility to end users.

Confirmation-of-Payee (COP) is a service designed to cut down on misidentified or misdirected payments
by providing the sending party with the name associated with the beneficiary account prior to a payment
being initiated. Confirmation-of-Payee services can be provided by third parties or by the central payment
infrastructure provider itself. COP helps inspire user trust by providing identity verification services,
enhancing overall transparency, and cutting down on error rates, therefore making the system more reliable
for end users. This added layer of identity verification not only promotes transparency in the payment
process but also empowers users to actively confirm their recipient’s payment details, reducing the
likelihood of accidental fund transfers.

Tokenization services is an additional service enhancing the security of financial transactions. Tokenization
involves the substitution of payment information with a unique identifier/token and allows sensitive payment
information to be stored securely, reducing the potential fallout from data breaches and unauthorized access.
This protects users from fraud by eliminating the need to transmit sensitive information in each transaction.
Tokenization services increase user trust and offer a secure environment for Faster Payment transactions.

Digital IDs are another trust-enhancing value-added service that allows end users to verify their identity in
a digital environment, preventing unauthorized parties from initiating payments. This service takes different
forms in different markets, with governments issuing IDs usable in digital environments in the form of chips
in some countries whereas others have embedded digital identity services into mobile banking apps. In some
markets, bank-held information is used to verify consumer identities in digital environments such as online
banking or payment initiation. Due to the complexity involved in issuing and verifying digital IDs, government
entities are most often the providers of this sort of service, with Faster Payment system infrastructure operators
making use of this potential functionality. Digital IDs are enormously useful for enhancing security in Faster

THE 2025 AFPP HANDBOOK 117
Payments and help combat unauthorized party access to accounts. The rise of generative AI, however, poses
a risk for digital IDs that rely on facial or voice recognition.

Fraud scoring is yet another trust-enhancing service and is increasingly used by Faster Payment systems
across the globe. Fraud scoring provides insights at the central infrastructure- and FI-level by employing
advanced data analytics to assess a transaction based on various risk indicators. Fraud scoring involves
analyzing transaction frequency, amount, location, end user behavior patterns, and other data points to
determine whether a transaction is likely fraudulent in nature. These measures allow financial institutions to
identify risky transactions, enabling them to intervene and investigate transactions further. Faster Payment
infrastructure operators are best suited to manage fraud scoring systems due to their ability to monitor a
large volume of payments from a centralized view. Operators can then more easily identify patterns and
anomalies, enabling the development of advanced fraud detection algorithms, and allowing for the swift
communication of risk alerts to FIs via the network’s telecommunication rails. Alerts can be sent to FIs, who
can then use this data to supplement their own data before deciding how to proceed.

Liquidity management do exactly what they sound like they do – they help Faster Payment participants manage
their liquidity. These services are offered by the central infrastructure provider and allow participants to make
internal adjustments or source funds from other FIs to support their liquidity needs stemming from payment
activities. These services provide insights into the liquidity positions of participant FIs and allow them to monitor
their cash flows, forecast future liquidity needs, and make proactive transfers to prevent service interruptions
stemming from liquidity constraints.

The central infrastructure operator often provides exceptions handling capabilities for Faster Payments
participants. Exception handling tools allow FIs to identify and manage scenarios such as errors, anomalies,
and potentially fraudulent activities that occur during the payment process. Once exceptions have been
identified and/or reported, Faster Payment systems can trigger predefined workflows to resolve them, including
predetermined responses to mitigate risks, alerts to relevant stakeholders, and in some cases, fund retrieval
and/or return.

Within the U.S., Faster Payment system VAS and overlay services are quite common, barring the exception
of Digital ID services. The table below showcases the various services offered and available in connection
with Faster Payment services. While not all VAS are offered by the operators, some are still available via
third-party service providers (i.e., alias directory services via Zelle).

118
 TABLE 58: FASTER PAYMENT OVERLAY SERVICES IN THE US
Same Day ACH FedNow RTP Visa Direct Mastercard Send
Alias directories Possible through No Possible through Possible via Visa’s Possible via
Zelle Zelle Alias Directory Mastercard
Service Consumer Mapping
Service
R2P No Yes Yes No No
COP Possible through No Possible through Yes Yes
Zelle Zelle
Tokenization No Yes Yes, optional via Yes, via Token ID Yes
Secure Token service
Exchange service
Digital IDs No No No No No
Fraud scoring No No Available via 3rd Yes, via Visa Yes, via Mastercard
party Advanced Early Detection
Authorization System
Liquidity No Yes No No No
management tools
Exceptions Yes Yes Yes Yes Yes
handling*

*Note: This tables describes the VAS that is supported by the infrastructure itself, not whether third parties
or FIs perform the VAS (i.e., fraud scoring). In the case of exceptions handling, “yes” here refers to operator-
provided guidelines for exceptions handling.

THE 2025 AFPP HANDBOOK 119