Global digital payment transaction value crossed $11 trillion in 2024. By 2028, projections put it above $16 trillion — driven by the shift from card-based transactions to account-to-account payments, the expansion of real-time payment rails, and the embedding of payment functionality directly into non-financial software products.
The engineering implications are not abstract. Real-time payments require different infrastructure than batch-settlement payments. Embedded finance changes who builds payment products and what capabilities they need. And AI-driven fraud detection has become table stakes — not because it is a feature, but because rule-based fraud systems are failing to keep pace with the sophistication of modern payment fraud.
This article covers the three structural shifts shaping payment product architecture in 2026, and what each means for teams building in this space.
Shift 1: Real-Time Payment Rails Are Becoming the Default
For most of payment history, settlement was batch — transactions initiated today cleared overnight or across multiple days. That model is being replaced by instant settlement infrastructure rolled out across major markets.
FedNow (US): Launched July 2023, FedNow enables instant credit transfers between participating financial institutions, 24/7/365. As of 2026, over 1,000 financial institutions are live on FedNow. Account-to-account payments settle in seconds, not days.
SEPA Instant (EU): The EU’s Instant Credit Transfer Regulation (effective October 2025) requires all payment service providers offering standard SEPA transfers to also offer SEPA Instant at the same price. Instant A2A payments are now a regulatory obligation across the eurozone, not a premium feature.
RTP (US, The Clearing House): The existing private real-time payment network operated by The Clearing House, now processing over 1 million transactions per day. Complementary to FedNow; most major US banks participate in both.
What this means for engineering teams:
The shift to real-time settlement changes error recovery. With batch payments, incorrect transactions can be caught and reversed before settlement completes. With instant payments, a transaction that posts is posted — reversal requires a separate recovery transaction, which may not be possible if the recipient account is drained.
This places new demands on:
- Pre-payment validation: Verify account existence, check sanctions lists, and run fraud scoring before initiating the payment — not after. The window to catch an error closes at the moment of initiation.
- Idempotency by design: Instant payment APIs must be idempotent — a duplicate payment request caused by a network retry must not create a duplicate payment. Build idempotency keys into every payment initiation endpoint.
- Synchronous fraud scoring: Fraud detection that runs asynchronously after payment initiation was acceptable in a batch-settlement world. In a real-time world, fraud scoring must complete in under 300ms before the payment is sent to the rail.
- 24/7 operations: Real-time payment infrastructure doesn’t stop at 5pm Friday. Monitoring, on-call rotation, and incident response must cover all hours.
Shift 2: Embedded Finance — Payments Built Into Everything
Embedded finance is the integration of financial services (payments, lending, insurance) directly into non-financial software products. A logistics platform that offers invoice factoring. A construction management tool that enables contractor payments. A healthcare platform that handles patient billing and insurance reconciliation without a separate billing system.
The market infrastructure that makes this possible is payment orchestration via API — Stripe, Adyen, Checkout.com, and newer infrastructure providers like Moov and Modern Treasury expose APIs comprehensive enough that product teams without banking licences can embed sophisticated payment functionality.
The architectural patterns:
Payfac-as-a-service — Platforms that want to monetise payments from their users (taking a transaction fee on every payment processed) can register as payment facilitators through Stripe Connect, Adyen for Platforms, or similar. The platform takes on KYB (Know Your Business) responsibility for its sub-merchants but avoids the full regulatory complexity of becoming a direct acquiring bank.
Virtual accounts and ledgers — Modern Treasury, Unit, and Column Bank offer virtual account infrastructure that enables platforms to hold and move funds on behalf of users without a banking licence. The platform manages a ledger; the underlying bank provides regulatory coverage. The engineering work is ledger design: ensuring double-entry accounting, reconciliation, and event sourcing are correct from day one.
Disbursement automation — Platforms paying out to large numbers of recipients (gig economy payouts, insurance claims, marketplace seller settlements) need automated disbursement pipelines. Triggering payments from business logic, routing to the correct rail (ACH, RTP, wire, FedNow) based on amount and timing requirements, and handling failure and retry.
The compliance surface for embedded payments is wider than it appears. Any platform that stores, transmits, or facilitates payments is touching regulated financial services. KYC/KYB for onboarded users, AML transaction monitoring, and PCI DSS for any card data are all in scope depending on the specific implementation.
Shift 3: AI-Driven Fraud Detection Is Table Stakes
Payment fraud losses exceeded $48 billion globally in 2023 and continue to grow. The fraud patterns driving the increase are not brute-force — they are sophisticated: synthetic identity fraud, authorised push payment (APP) fraud using social engineering, account takeover via credential stuffing, and first-party fraud where real users dispute legitimate transactions.
Rule-based fraud systems — flag transactions above a threshold, flag transactions to new beneficiaries, flag transactions from unusual geolocations — catch the obvious cases and generate massive false-positive rates on everything else. The false-positive rate is not just a user experience problem; declined legitimate transactions represent direct revenue loss and customer churn.
The AI fraud detection architecture that works in production:
Feature engineering is the highest-leverage work. Raw transaction data (amount, merchant, timestamp) is a small fraction of the useful signal. Derived features — velocity of transactions in the last 60 minutes, deviation from the user’s typical transaction size, distance between this transaction’s location and the previous one, recipient account age — dramatically improve model performance. Building a feature store that computes and serves these features in real-time is a larger engineering investment than the model itself, and it is where most of the signal lives.
Ensemble models outperform single models. Production fraud detection typically combines a gradient boosting model (fast, interpretable, handles tabular features well) with a graph neural network (captures relationships between accounts, devices, and beneficiaries that tabular models miss). The ensemble output is calibrated into a probability score; a threshold determines automated decline versus manual review routing.
Explainability is a regulatory requirement, not a nice-to-have. Under PSD2 and national consumer protection rules, customers who have a transaction declined have the right to an explanation. Build the explanation layer at the same time as the model — SHAP values on the gradient boosting model produce human-readable reason codes. A declined transaction should always come with a specific reason the customer can act on.
The feedback loop is critical. A fraud model that doesn’t learn from its decisions degrades over time as fraud patterns evolve. Every declined transaction that the customer disputes, every case that reaches manual review, and every confirmed fraud case that was initially missed must feed back into model retraining. Without this loop, a model trained on 2024 fraud patterns will be significantly less effective on 2026 fraud patterns.
The Open Banking Opportunity
Open banking — the regulatory and technical framework enabling third-party access to bank account data with customer consent — is creating a new payment primitive: pay-by-bank. Rather than entering card details (card number, expiry, CVV), a customer authorises a payment directly from their bank account via their banking app.
Pay-by-bank eliminates card processing fees (typically 1.5–3%), eliminates card-not-present fraud risk (the authentication happens in the bank’s app), and provides real-time settlement via instant payment rails. For merchants with high transaction volumes and thin margins, the economics are compelling.
The technical requirements: PSD2-compliant API integration with participating banks (or via an aggregator like TrueLayer, Plaid, or Token.io), Strong Customer Authentication (SCA) flow design, and real-time payment initiation via SEPA Instant or equivalent rail. The user experience is the critical design challenge — a payment flow that redirects the user to their banking app must be fast and feel native, not like an interruption.
What to Prioritise in 2026
For teams building payment products:
| Priority | What to build | Why now |
|---|---|---|
| Real-time rail integration | FedNow (US) / SEPA Instant (EU) | Regulatory mandate; competitive expectation |
| Pre-payment fraud scoring | Sub-300ms synchronous scoring pipeline | Instant payments require fraud decision before send |
| Idempotency infrastructure | Request deduplication at every payment endpoint | Real-time rails don’t allow easy reversal |
| Embedded payment architecture | Payfac, virtual accounts, or disbursement pipelines | Platform monetisation and user experience differentiation |
| Open banking / pay-by-bank | A2A payment flow with SCA | Cost reduction; fraud elimination on high-volume merchants |
The underlying pattern across all five: payment infrastructure is becoming software infrastructure. The teams that treat it as a commodity utility layer (pick a payment processor, implement the happy path, move on) will find their products constrained as the market shifts. The teams that invest in the architecture will have the flexibility to move to new rails, new fraud patterns, and new embedded finance models as they emerge.
How we approach this at Insoftex
The real-time decision infrastructure and AI scoring pipelines that modern payment products require are ones we have built in production fintech contexts. Our automated SaaS lending risk assessment platform processes application signals, bureau data, and cash flow patterns in parallel with sub-second decision latency — the same architectural requirement as pre-payment fraud scoring, where the decision must complete before the transaction is sent on a real-time rail. The design principle in both cases: the scoring model operates on a dedicated path isolated from the core transaction flow, with a defined fallback policy for the case where the model is unavailable, so model latency never blocks a payment.
The SaaS for business loans platform required a similar approach to idempotency infrastructure as instant payment systems: when a loan disbursement cannot be easily reversed, the request deduplication layer is not a nice-to-have. We build idempotency at the API layer — request IDs stored before any financial operation is initiated, with the outcome attached to the ID whether the operation succeeds or fails — so that retry logic does not produce duplicate financial events. The same pattern applies to any payment product operating on real-time rails where reversal is not a reliable fallback.
For teams building embedded finance on top of existing products, the architecture decision that most affects long-term flexibility is whether the financial infrastructure is treated as a layer (with clean interfaces) or woven into the product logic. We scope the financial infrastructure as a distinct layer in the architecture — with its own API surface, its own event stream, and its own compliance boundary — because the regulatory requirements for the financial component (PCI DSS, PSD2, AML) differ from the requirements for the product layer and must be maintainable independently as regulations evolve.
Building a payment product or embedding financial services into your platform? Our fintech engineering team builds payment processing, fraud detection, and embedded finance systems. Start with a Product Pilot for architecture design and compliance scope in three weeks — before you commit to the full build.
Frequently Asked Questions
What is the difference between FedNow and RTP?
Both FedNow and RTP (The Clearing House Real-Time Payments network) are US instant payment rails — they enable account-to-account transfers that settle in seconds rather than days. The key differences: FedNow is operated by the Federal Reserve and is available to any US depository institution, including smaller community banks and credit unions that may not have access to RTP. RTP is operated by The Clearing House (owned by large commercial banks) and has been live since 2017, making it the more established network with higher current transaction volumes. Most large financial institutions participate in both. For product teams, the practical question is which rails your banking partner or payment processor supports — most payment infrastructure providers that support instant payments connect to both. Choose based on which is supported by your banking stack, not on abstract network differences.
How does embedded finance differ from traditional payment integration?
Traditional payment integration means adding a checkout flow to a product — a user pays for something, the payment is processed, the product delivers. The integration point is a single transaction. Embedded finance goes further: financial services become a core feature of a non-financial product. A logistics platform offering supply chain financing to its carriers, a construction management tool enabling contractor payroll and subcontractor payments, a healthcare platform managing insurance billing and patient payment plans — these products are embedding financial infrastructure into their core workflow. The difference is not just technical depth (though the integration is more complex) — it is business model. Embedded finance products often earn revenue directly from financial transactions (transaction fees, interest on lending products, interchange sharing) rather than from the software subscription alone. This changes what the product builds and how it is regulated.
What is the minimum viable fraud detection stack for a new payment product?
For an early-stage payment product, the minimum viable approach: (1) Rules engine — hard blocks on high-risk patterns (new account + large first transaction, known fraud IP ranges, sanctions list matches). These prevent the obvious cases and are fast to implement. (2) Velocity checks — real-time limits on transaction frequency and volume per account per time window. Prevents rapid draining of accounts. (3) Third-party fraud scoring API — providers like Sift, Kount, or Stripe Radar offer ML-based fraud scores via API without requiring you to build or train a model yourself. Suitable for early-stage volume. (4) Manual review queue — a dashboard for reviewing flagged transactions before they process, with approve/decline/escalate actions that feed back into model improvement. Build your own ML fraud model when you have sufficient transaction volume to train on (typically 50,000+ monthly transactions) and when third-party scoring costs or false-positive rates are creating measurable business impact.
Is pay-by-bank (open banking payments) viable for B2B payment use cases?
Yes, and B2B is arguably the strongest use case. B2B payments are typically high-value, have low tolerance for card processing fees (which compound significantly at invoice values above $10,000), and are less sensitive to the user experience friction of a bank authorisation redirect compared to B2C consumer checkout. The economics: a 2% card processing fee on a $50,000 invoice is $1,000. A pay-by-bank transaction on the same invoice via instant payment rail costs a fraction. For platforms facilitating high-value B2B transactions — construction, professional services, wholesale trade, healthcare billing — the ROI on building pay-by-bank infrastructure is clear. The current limitation is bank coverage: open banking APIs are more comprehensive in the EU (PSD2-mandated) than in the US (where coverage depends on voluntary bank participation via Plaid, MX, or similar aggregators). US coverage is expanding rapidly as more banks open their APIs.