Fed's ISO ‘big bang' hits next week
Financial institutions that seek to send payments via the Federal Reserve's Fedwire Funds Service must migrate to a new international standard come Monday.
That's when banks are required to begin using the ISO 20022 standard for electronic payments they choose to send over that Fed real-time settlement rail. While the central bank delayed an implementation deadline multiple times, after a preliminary 2023 proposal, it says this one is for real.
The Geneva-based International Organization for Standardization gave the world the ISO 20022 standard over two decades ago to encourage financial institutions around the world to embrace a more modern messaging system. Some 70 countries have already adopted the standard that provides operational efficiencies, more data-sharing and less outdated batch-processing.
The shift will allow banks around the world to communicate, share data and operate by the same rules for cross-border payments, said Elias Ghanem, the global head of consulting firm Capgemini's Research Institute for Financial Services. The change has a host of implications for international commerce, he explained during an interview.
Global payments are 'deep and complex,' said Ghanem, who formerly worked for Visa and PayPal Holdings.'It is essential that we all speak the same language. We harmonize the data. We harmonize the rails.'
The Federal Reserve already put its new real-time payments system FedNow on the standard when it was launched in 2023. The bank-owned Clearing House also has its private real-time rail, the RTP network, using the ISO standard.
The new standard will be particularly important for banks and credit unions seeking to send cross-border payments because many foreign financial counterparts already use the standard. The Fedwire channel handles some $4.7 trillion in worldwide commerce every day, with international commerce mainly conducted in U.S. dollars.
'This is a massive upgrade for the entire payment industry,' said Finzly CEO Booshan Rengachari. 'It is an upgrade for the entire world mainly because the dollar is the global currency.'
Charlotte, North Carolina-based Finzly is a software provider to financial institutions that has been working to make sure its clients are prepared for this moment. It's not a gradual transition, but rather a 'big bang conversion' that happens Monday when the Fed shifts the Fedwire service to the new standard, Rengachari explained.
It's the biggest event to happen in payments during his decades-long career in financial services, Rengachari said.
The new standard not only allows banks and their clients more agility and efficiency in pursuing business opportunities, it also helps them work together to thwart threats, Ghanem said. 'We all reduce risk,' Ghanem said. 'We all fight together.'
Most major U.S. banks are prepared for the Fed shift to ISO 20022, though some smaller institutions in the U.S. may not be, Ghanem said. If they haven't been able to implement the technology upgrade themselves, presumably they're working with an outside vendor to do so, he said.
Mihail Duta, a director at financial services software provider Finastra in New York, said he also believes that most U.S. banks are prepared for the new standard. His London-based company, with a U.S. headquarters in Lake Mary, Florida, has been working with both the Federal Reserve and financial institutions to get them ready.
'We've touched every single customer to ensure that the right software is in place, that they've done their testing, that they have everything they need to process,' Duta said.
While there could be some outlier situations with snafus, said Duta, he added that he doesn't expect any major banking disruptions on Monday.
'Given all the prep work and all the diligence that was done, I think it's unlikely that something dramatically wrong will go on July 14,' he said.
To brace for any potential mishaps, Finastra is advising its financial institution clients to start a little earlier than usual on Monday to give themselves more processing time to 'work through any wrinkles,' he said.
'All providers, including the Fed, are thinking the same way: It's all hands on deck,' Duta said. 'I can tell you, from a Finastra perspective, nobody's taking off July 14.'
That's the case for Rengachari's crew too. In fact, the company has reservations at nearby hotels for some of the firm's 200 employees that will be working more hours than usual.
One of the key benefits of the technology associated with the new standard is its ability to carry more data with a given transaction. For instance, international purchase orders can carry documents, like an invoice, and more information about a particular shipment.
The reports that banks can generate regarding those transactions will also benefit from the richer data, as will their fraud-fighting capabilities, Duta said.
'The foundation has been laid for a major transformation, and that's going to be a good thing for the entire industry,' Rengachari said.
Regional U.S. banks that don't adopt the standard immediately may be less troubled because they're mainly focused on local transactions, Ghanem said. Mainly, it could mean delays for some payments, he said.
But being in tune with the global payments ecosystem is ultimately important for all U.S. financial institutions, and may give those banks that are up-to-date on the standard an edge, he said.
The new ISO standard links to payments systems run by different organizations, such as the Belgium-based international cooperative Swift, allowing them to better communicate with each other. Swift, which is a messaging system for global payments, has allowed users a more gradual conversion to the ISO standard, but is also moving toward a November 22 deadline to complete that transition.
As for the Fedwire milestone Monday, Rengachari said he's confident it will go smoothly, after what he expects will be a busy weekend. 'If anything doesn't go the way it is planned, we will be there to make sure things are back on track,' he said.
Rengachari has also prepared to celebrate Monday after the transition is complete, lining up a bottle of champagne to be opened.
Clarification: The story has been updated to clarify that the Fed hadn't previously postponed the ISO standard implementation deadline set in its final notice. It had previously contemplated earlier implementation dates before the final notice.
Recommended Reading
Fed delays start of new Fedwire standard
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
27 minutes ago
- CNET
Nextdoor's Big Redesign Packages AI Advice Alongside Human Conversations
Nextdoor, the social media app for your neighborhood and local events, has launched a new redesign. The company says the changes are to "meet the evolving needs of neighbors everywhere" as the shift toward remote and hybrid work has resulted in people spending more time in their local communities. The redesign focuses on three core features that will help you navigate the going-ons of your neighborhood: Alerts, News and Faves. Here's how each of these features works, and how it's incorporating an artificial intelligence chatbot into the app's overhaul. The Nextdoor Alerts feature combines information from trusted sources, local emergency services and your neighbors to give you the fullest understanding of a situation. Nextdoor/Screenshot by Tyler Lacoma/CNET Alerts As a local social media application, Nextdoor has been able to share information about local emergencies or crises in the past. Identifying this important use case, developers created the Alert tab -- a map expressly designed to help you stay on top of critical happenings nearby. The map tracks power outages, severe weather, wildfires and more. Nextdoor powers this new feature through partnerships with providers like Samdesk and The Weather Company, integrating their latest updates into the map. The Alerts tab will also allow you to converse with your neighbors about what's happening nearby, sharing warnings or the latest information about a crisis. Local public agencies (such as your town's fire department) can also send out news blasts directly to the Nextdoor Alerts tab. The Nextdoor News feature integrates trusted local publications into the app. Nextdoor/Screenshot by Tyler Lacoma/CNET News You've always been able to hear about the latest events from neighbors through conversations on the Nextdoor app, but this feature will directly connect you with local news outlets to keep your neighborhood informed. Nextdoor has already partnered with more than 3,500 local publications across the US, the UK and Canada for this new feature -- the rollout includes a feed of news articles for 77% of US neighborhoods represented on Nextdoor right now. Local stories from vetted publishers will show up in your feed based on location information, making it easier for you and your neighbors to discuss local sports, politics and more. Nextdoor Faves integrates an AI agent into the Nextdoor app, allowing you to ask about hidden gems nearby. Nextdoor/Screenshot by Tyler Lacoma/CNET Faves (the new AI agent) Nextdoor's new AI agent powers the Faves feature, which was launched in limited US markets at the beginning of its rollout. Zooey Liao/CNET This feature incorporates an AI tool into Nextdoor, which was trained on the 14 years of neighborhood conversation history baked into the app. You can ask the chatbot for specific local recommendations and receive a quick and summarized response to your inquiry. Nextdoor says that asking the AI chatbot to provide recommendations will be just as useful as "asking a knowledgeable local." Whether or not users will prefer this chatbot to normal conversations with their neighbors remains to be seen. More than 100 million people use Nextdoor internationally, and the company estimates that one in three US households maintain an active account. It remains to be seen whether Nextdoor's active user base will embrace the redesign, but it will effect how millions of Americans interact with their neighborhoods. A representative for Nextdoor did not immediately respond to a request for further comment.
Forbes
28 minutes ago
- Forbes
McDonald's AI Breach Reveals The Dark Side Of Automated Recruitment
Millions of McDonald's job applicants had their personal data exposed after basic security failures ... More left the company's AI hiring system wide open. If you've ever wondered what could go wrong with an AI-powered hiring system, McDonald's just served up a cautionary tale. This week, security researchers revealed that the company's McHire website—a recruitment platform used by over 90% of McDonald's franchisees—left the personal information of millions of job applicants exposed to anyone with a browser and a little curiosity. The culprit: Olivia, an AI chatbot from designed to handle job applications, collect personal information, and even conduct personality tests. On paper, it's a vision of modern efficiency. In reality, the system was wide open due to security flaws so basic they'd be comical if the consequences weren't so serious. What Went Wrong? It didn't take a sophisticated hacker to find the holes. Researchers Ian Carroll and Sam Curry started investigating after Reddit users complained that Olivia gave nonsensical responses during the application process. After failing to find more complex vulnerabilities, the pair simply tried logging into the site's backend using '123456' for both the username and password. In less than half an hour, they had access to nearly every applicant's personal data—names, email addresses, phone numbers, and complete chat histories—with no multifactor authentication required. Worse still, the researchers discovered that anyone could access records just by tweaking the ID numbers in the URL, exposing over 64 million unique applicant profiles. One compromised account had not even been used since 2019, yet remained active and linked to live data. As Carroll told Wired, 'I just thought it was pretty uniquely dystopian compared to a normal hiring process, right? And that's what made me want to look into it more.' Why Security Fundamentals Still Matter Experts agree that the real shock isn't the technology itself—it's the lack of security basics that made the breach possible. As Aditi Gupta of Black Duck noted, the McDonald's incident was less a case of advanced hacking and more a 'series of critical failures,' ranging from unchanged default credentials and inactive accounts left open for years, to missing access controls and weak monitoring. The result: an old admin account that hadn't been touched since 2019 was all it took to unlock a massive trove of personal data. For many in the industry, this raises bigger questions. Randolph Barr, CISO at Cequence Security, points out that the use of weak, guessable credentials like '123456' in a live production system is not just a technical slip—it signals deeper problems with security culture and governance. When basic measures like credential management, access controls, and even multi-factor authentication are missing, the entire security posture comes into question. If a security professional can spot these flaws in minutes, Barr says, 'bad actors absolutely will—and they'll be encouraged to dig deeper for other easy wins.' And this isn't just about AI or McDonald's. Security missteps of this kind tend to follow each new 'game-changing' technology. As PointGuard AI's William Leichter observes, organizations often rush to deploy the latest tools, driven by hype and immediate gains, while seasoned security professionals get sidelined. It happened with cloud, and now, he says, 'it's AI's turn: tools are being rolled out hastily, with immature controls and sloppy practices.' Automation and the Illusion of Security McDonald's isn't alone in betting big on AI to speed up hiring and make life easier for franchisees and HR teams. Automated chatbots like Olivia are supposed to streamline applications, assess candidates, and remove human bottlenecks. But as this incident shows, convenience can't come at the expense of basic digital hygiene. Simple safeguards—unique credentials, robust authentication, and proper access controls—were missing entirely. The rush to digitize and automate HR brings with it a false sense of security. When sensitive data is managed by machines, it's easy to assume the system is secure. But technology is only as strong as the practices behind it. Lessons for the Future If there's a lesson here, it's that technology should never substitute for common sense. Automated hiring systems, especially those powered by AI, are only as secure as the most basic controls. The ease with which researchers accessed the McHire backend shows that old problems—default passwords, missing MFA—are still some of the biggest threats, even in the age of chatbots. Companies embracing automation need to build security into the foundations, not as an afterthought. And applicants should remember that behind every 'friendly' AI bot is a company making choices about how to protect—or neglect—their privacy. The Price of Convenience The McDonald's McHire data leak is a warning to every company automating hiring, and to every job seeker trusting a bot with their future. Technology can streamline the process, but it should never circumvent or subvert security. The real world isn't as neat as a chatbot's conversation tree. If we aren't careful, the push for convenience will keep putting real people at risk.
Fast Company
32 minutes ago
- Fast Company
Defense Department to spend $1 billion on ‘offensive' hacking: What that means—and the major risk involved
The Department of Defense plans to spend $1 billion on 'offensive cyber operations' over the next four years, Tech Crunch reported. The funding comes from a provision tucked into President Donald Trump's massive 940-page One Big Beautiful Bill, which was recently passed and signed into law on July 4. The mega bill also increases overall defense spending from lasy year's fiscal 2024 levels of $873 billion, or 12.9% of the federal budget, per USAFacts a nonprofit initiative to make government data more understandable. According to the report, the bill does not specify what the 'offensive cyber operations' are, or what software would qualify for funding; however, it does stipulate the funding will go to enhancing and improving the U.S. Indo-Pacific Command (INDOPACOM), based in Hawaii, which is the responsible for defending and promting U.S. interests in the Pacific and Asia, including China. International Institute for Strategic Studies (IISS), senior cyber advisor Marcus Willet has described offensive cyber operations as those which 'most often entail influencing, misleading or otherwise cognitively affecting a competitor or adversary by, for example, planting false information. But they can also be used for disablement.' Adding,'Offensive cyber operations are of increasing significance in international affairs and bring with them a range of strategic risks.' Democrat Sen. Ron Wyden of Oregon, who sits on the Senate Select Committee on Intelligence said that the funding comes as the same time the Trump administration has cut other defensive cybersecurity programs—including slashing the staff and budget for the the U.S. cybersecurity agency CISA—which Wyden said has 'left our country wide open to attack by foreign hackers,' according to the report. 'Vastly expanding U.S. government hacking is going to invite retaliation — not just against federal agencies, but also rural hospitals, local governments and private companies who don't stand a chance against nation-state hackers,' Wyden told TechCrunch.
