As the fraud and cyber threat landscape continues to evolve, the Federal Reserve Banks remain committed to providing application enhancements to bolster the security of transactions submitted to the Fedwire® Funds Service. To that end, in October 2017, the Federal Reserve Banks implemented important enhancements to the FedPayments® Manager—Funds application to complement Fedwire participants’ own risk management and fraud prevention measures. These changes were designed to give Fedwire participants a broader, more flexible suite of processing options to help them better control the messages they create in FedPayments Manager—Funds for submission to the Fedwire Funds Service. Since then, the Federal Reserve Banks implemented additional enhancements as detailed in the November 2018 and March 2019 Fed360SM articles.
Key security controls available to you
Among the enhancements made, the controls noted below are just some that will complement your own risk management and fraud prevention measures. They provide the following benefits:
- You can set up a Manager access credential that allows that person to designate individuals within your institution (e.g., in your risk management or compliance area) to receive email notifications in certain circumstances. For instance, individuals can be notified when changes have been made to your institution’s security settings, which can provide an additional layer of oversight for activities performed in FedPayments Manager—Funds by other staff.
- Note: Email addresses can include different domains (e.g., different from your standard institutional domains) to help protect against the risk of an email server compromise.
- To guard against potentially unauthorized activity, you have the ability to set controls that will restrict the submission of messages to the Fedwire Funds Service. For example:
- You have the ability to set controls that prevent the submission of messages outside specified hours (e.g., your institution’s typical operating hours) or on specified cycle dates.
- You also have the option to prevent outgoing messages that contain a non-U.S. Business Identifier Code (BIC) in certain field tags or that exceed a specified dollar value.
- For a further layer of oversight, you can enable a setting that will hold all outgoing messages for review by someone with a Supervisor access level role, with the flexibility to hold only certain value messages exceeding a specified dollar value.
- With the most recent enhancements implemented, you may now also extend the value of certain control features in FedPayments Manager—Funds to messages you submit to the Fedwire Funds Service through the FedLine Direct® Solution or the offline service.
Explore the security features today
We recommend that you review the existing processing options available to your institution in FedPayments Manager and take advantage of the security features that are most suitable for your institution.
Action Item:
- Review your processing options in the FedPayments Manager—Funds application on a periodic basis and make changes you consider appropriate to best ensure the security of the transactions you submit to the Fedwire Funds Service
- Take advantage of the Manager access level and the associated email notification options
- Scrutinize the transactions in question if your designated staff receive email notifications from FedPayments Manager
Join the upcoming webinar
The Federal Reserve Banks will be hosting a webinar on this topic on June 18 and June 20, 2019, to provide Fedwire Funds Service participants with:
- A live walkthrough of some of the security features in FedPayments Manager
- An opportunity to learn from subject matter experts
- A chance to ask questions
To register for the webinar, please visit the Federal Reserve Bank Webinars page. Be sure to bookmark the page as a favorite for future reference.
If you have additional questions regarding these enhancements, please contact your Wholesale Operations Site or your Wholesale Testing Unit.