Getty Images
Real time payments: Are your systems ready?
Real time payments demand more than faster transactions. IT teams must overhaul legacy systems, adopt APIs and strengthen compliance to support instant settlement.
Executive Summary
- IT leaders must support 24/7 availability, low-latency processing, APIs and event-driven architecture to handle instant payment settlement.
- Real time payments demand continuous monitoring, adaptive authentication and automated risk controls to detect unusual patterns and stop fraud.
- CIOs must integrate or replace batch-based systems, align governance across business and risk teams and prepare platforms to support networks such as FedNow Service.
Real time payments (RTP) are electronic payments that move money from one bank account to another almost instantly through electronic transfer processes running 24/7 year-round.
The benefits are obvious. Once processed, these payments are typically final, so both payer and payee know the money has been moved. Funds are then immediately available to the recipient. Payments can also be made any time, including nights, weekends and holidays. Both parties receive instant confirmation that the transfer has been completed and funds have been credited. Modern RTP rails use strong authentication, encryption and fraud controls to protect payments.
Even though it appears that companies such as PayPal, eBay, and Amazon take money immediately, the funds are often settled a few hours later.
There is room for RTP to replace B2B payments such as ACH, checks, wires, and other non-instant rails, including batch or delayed processing. Deloitte predicts real time payments could replace nearly $18.9 trillion in ACH and check-based B2B payments in the U.S. alone by 2028.
FedNow, an instant payment infrastructure built and operated by the Federal Reserve, helps expedite RTP's growth. It allows banks and credit unions of all sizes to offer customers real time payments, with funds available to the recipient immediately.
FedNow adoption remains small relative to the U.S. payments system. It launched in 2023 with approximately 1,000 banks and credit unions participating and has grown to more than 1,600 participants as of February 2026. The number of eligible banks is over 4,000, so it has a way to go. In its launch year, FedNow processed about 47,000 payments. By 2025, FedNow increased payments to 8.4 million.
Other RTP Networks include the RTP Network from The Clearing House, Visa Direct and Mastercard Send, as well as Zelle and various bank- and fintech-based instant payouts.
Another important technology for RTP is ISO 20022, a global standard that defines a common "language" and structure for electronic financial messages such as payments, securities, cards and foreign exchange transactions. It provides rich, structured data usually in XML or JSON formats, so banks and other payment networks have a common method for exchanging information.
For current payment systems to support real time processing, businesses must address the substantial system upgrades required to transition from batch processing. Stakeholders across the payment ecosystem may be eager to adopt real time capabilities, but achieving this requires a comprehensive overhaul of existing infrastructure. The key considerations for this transformation are outlined below.
What real time payments really require
Real-time payments mean full-time availability. Systems need to be available 24/7 year-round with instant authentication and fraud checks, along with the settlement running on a high-throughput and low-latency architecture. Notifications and data flows must be in real time, and there must be interoperability with upstream/downstream systems, such as core banking, fraud detection and compliance.
First and foremost is a 24/7 year-round super resilient infrastructure, said Anoop Gala, global business unit head for strategic growth & new markets at IT consultancy Infinite Computer Solutions.
"These are transactions that have to happen in 10th or 100th of milliseconds, which means you need to have the next generation of payment rails. You need to have a set of API services and microservices architecture that enables it from a data standpoint, and even from a regulatory standpoint," he said.
This involves detecting new behaviors and patterns, implementing automated responses and developing decision-making processes, all within the framework of RTP.
"The question is, if I'm a CIO, is my current IT environment, current IT landscape, strong enough and resilient enough to do all of it? If not, I had to modernize right, and I don't utilize infrastructure, my cloud, my data, my microservices and my integration points," said Gala.
The next step, then, is to address the technical challenges that will slow down a migration or update to a resilient, RTP-capable environment. That means updating legacy systems to real-time activities, both transactions and fraud prevention, and addressing what will likely be siloed data.
If they can't be upgraded, then they should be replaced. There are several cloud-based RTPs systems out there, including:
- ACI Worldwide.
- Adyen.
- Alacriti Orbipay Payments Hub.
- Paystand.
- Pidgin.
- Stripe.
Systems already using high-speed connectivity, fraud detection, and logging are already used to such behaviors, and we'll make the migration to RTP easily versus an older system that doesn't have these compliance features, says Jeanette Mbungo, chief operating officer at payment platform provider CSG Forte.
The transition to a new system can be challenging because you must maintain the current system that's running your business, said Andy Renshaw, senior vice president of product management at Feedzai, a developer of crime protection and detection software.
"It's that you need to maintain what you're doing whilst trying to do something new can kind of slow you down," he said. "And the regulatory landscape might change the risk appetite, might change the customer expectation of what you're doing from a digital standpoint."
Also, modern systems will likely be cloud-based, whereas older batch processing systems will be on-premises. That means different ways of operating. "Let's say cloud is predominantly an API kind of solution. If you have legacy systems that aren't used to interacting with APIs, that's going to be a key challenge," said Renshaw.
Security and fraud controls
Securing an RTP system is much more complex and involved than the security systems in a batch-processing environment. Multiple layers of real time fraud detection are required from end to end, from customer to merchant or payee.
This means real time fraud scoring and anomaly detection operating 24/7, offering adaptive authentication and identity verification with real time monitoring and automated risk controls and instant block capabilities, all of which are relatively new to batch processors.
"A lot of business controls need to be in places that are usually not there in a traditional ACH environment," said Gala. "And then, from a security standpoint, going beyond just the multifactor authentication to things like 3D secure within the zero-trust environment has to be enabled."
Mgumbo said IT shops looking to modernize their systems need not only tools that simplify onboarding, but also tools that help them get to know their customers through Know Your Customer (KYC) and Know Your Business (KYB) technologies.
"Those KYC, KYB type of solutions not only help you underwrite and onboard a customer quickly, but also you need to layer those in with real time fraud monitoring or transaction monitoring tools that can detect anomalies or unusual patterns, and can do the appropriate flagging," she said.
Compliance and regulatory readiness
Finance is already heavily regulated. An RTP platform must meet all the usual banking regulatory and compliance obligations, such as FedNow, licensing, consumer protection, AML/KYC, data privacy, plus specific requirements for 24/7, irrevocable, ISO 20022‑based instant transfers and real time fraud controls.
"With the payments being irreversible and irrevocable, it is important that the team has the system in place to ensure only legitimate transactions are enabled," said Mbungo. "From a compliance perspective, it's ensuring you have the right AML fraud detection as well as the audit capabilities built into the platform."
Renshaw says you can't just go through and make sure you follow all the regulations you are subject to. The trend right now is to show that you are very proactive in threat identification and mitigation, and that you are looking at shifts in your landscape.
"It's pushing the burden back to say, don't just take ABCD, but show me you're taking a proactive stance. Show me that you have the right first line, second line, audit kind of obligations, and show me that you've got the right reporting, and show me that you've got the right governance and oversight," he said.
Modernizing legacy systems: What CIOs must do
CIOs should implement a phased modernization that integrates real time API features with legacy systems and gradually fixes bottlenecks to ensure secure support for FedNow/RTP and ISO 20022 messaging.
The first step is to set a strategy and target architecture. With a clearly defined payment strategy, including which real time schemes they will support, use cases, and service levels. They must design a target architecture that includes a real time payments hub, ISO 20022‑native messaging, a streaming/event backbone, and APIs within channels, core banking, fraud and compliance systems.
They must deploy an ISO 20022‑capable payments hub or translation layer so you can ingest, store, and propagate rich, structured payment data end‑to‑end. They also need to integrate with FedNow/RTP gateways using the scheme's interface specs, SLAs, and message flows, including request‑for‑payment, status inquiries, and returns where supported.
Finally, they must prepare for operation 24/7 and support, building redundancy failover systems and replacing manual processes with automation.
"I think first and foremost, the CIOs also start thinking that their role is not just to build out their systems," says Gala. "This is not just a project; this is a transformation. It requires the CIOs to also start thinking outside in, as opposed to only inside and out."
There must be a very tight alignment across business and an IT governance board in many cases, because it involves audit and risk as well, he added. "And I think the role of the CIO is to be able to work within this multi-stakeholder environment and bring the level of clarity that this new operating model is going to need, both in terms of institutional IT, as well as a new set of systems, procedures and controls."
RTP readiness assessment: Checklist for CIOs
Here is a list of items every CIO should check along their journey to a full RTP environment.
- Infrastructure resiliency.
- Real time fraud detection.
- API maturity.
- Core modernization progress.
- Data security and observability capabilities.
- Compliance and audit readiness.
- Operational support model.
- Upstream and downstream support.
- Regulatory needs.
- Log monitoring.
It's also imperative to have backup plans when systems are down. CIOs also need a plan of action if the RTP does not meet the metrics.
Andy Patrizio is a technology journalist with almost 30 years' experience covering Silicon Valley who has worked for a variety of publications on staff or as a freelancer, including Network World, InfoWorld, Business Insider, Ars Technica and InformationWeek.
