When it comes to real-time payments, fraud moves fast — but liquidity stress can move even faster.
A fraud or cyberattack can quickly become a liquidity event when it disrupts settlement funds, triggers abnormal transaction flows or forces payment services offline. That is why banks, payment processors and instant payment networks need real-time visibility into transaction activity, settlement exposure and emerging operational risk.
Consider BTG Pactual’s temporary suspension of Pix operations after a March 22 cyberattack diverted roughly $18 million USD from reserve funds. This was not only a cybersecurity incident. It was also a payments resilience and liquidity risk event. When money moves instantly, institutions need to see abnormal transaction activity as it unfolds, understand what it means for exposure and settlement and respond before disruption spreads.
For banks and payment processors, intraday liquidity monitoring is no longer just a back-office task. It is a real-time operational requirement.
What is intraday liquidity monitoring?
Intraday liquidity monitoring is the real-time tracking of incoming and outgoing payment flows and available cash positions to ensure banks can meet immediate, 24/7 payment obligations without exceeding daily maximum limits and risking liquidity shortfalls. Its purpose is to help financial institutions meet payment obligations on time, avoid settlement disruption and respond quickly when abnormal transaction patterns emerge. The latter include rapid acceleration of outbound payments, atypical timings, repeated small-value authorizations and unusually large or clustered transaction volumes.
In a real-time payments environment, that means answering critical questions as activity unfolds: Are transaction flows rising abnormally? Are settlement thresholds being approached? Is the activity operational, seasonal or potentially fraudulent?
The larger lesson behind the March 22 cyberattack
This recent operational supply-chain compromise matters not just because funds were diverted, but because it exposed how quickly payment-system risk can escalate. Reports indicated that the incident involved funds held in the bank’s reserve account at the Central Bank of Brazil for settlement activity. Hackers penetrated the bank’s internal systems and diverted approximately $100 million reais ($18 million USD) from its settlement reserves. The funds were dispersed across seven banks and partially converted to cryptocurrency before being flagged. Pix services were temporarily suspended at the institution as a precaution, while customer accounts and personal data were not compromised. Most of the diverted amount (73 million reais) was reportedly recovered and services restored within 24 hours, but the disruption still underscores how a cyber event can put immediate pressure on the operational plumbing behind instant payments.
This marked the third significant supply-chain attack on the Pix ecosystem in under a year, with each following a clear pattern: Instead of going after individual account holders, attackers have shifted their attention to the settlement infrastructure that links financial institutions and payment service providers to the broader payments system. The broader takeaway is clear: In fast payments, a fraud or cyberattack does not need to compromise customer accounts to create serious operational and liquidity pressure. If reserve funds, settlement capacity or transaction flows are affected, institutions may be forced to act immediately to contain risk, protect reputation and trust and limit fraud loss.
That is the challenge in any fast-moving payment environment globally: operators need to see, in real time, when transaction flows begin to threaten intraday liquidity thresholds, settlement capacity or service continuity. The recent wave of attacks indicates that real-time protection mechanisms have not kept pace with evolving threat tactics.
How does a fraud or cyberattack become a liquidity event?
A fraud or cyberattack can become a liquidity event when it causes an institution’s payment obligations to exceed daily maximum liquidity usage limits, causing the organization to suspend payment activity, delay settlement processes and face regulatory scrutiny or penalty fines. This could be due to attacks that divert reserve funds or create abnormal transaction volume or velocity spikes, resulting in negative cash outflows or internal fraud such as malware, transaction injection/manipulation or Shadow AI. In real-time payments, even a short disruption can create immediate, unrecoverable exposure because transactions settle so quickly and continuously.
How can financial institutions and payment service providers block threats targeting liquidity reserves in real time?
There are a number of emerging fraud requirements that will help banks and payment service providers detect and block threats targeting instant payment operational supply chains and liquidity reserves. These include real-time end-to-end transaction monitoring for millisecond fraud detection. A solution such as INETCO BullzAI is specifically designed to perform real-time decoding and correlation of every transaction end-to-end, revealing granular network-level protocol intelligence, response and request timings of every message link, application messages, metadata and device intelligence. This enables continuous know your transaction (KYT) analysis and improves the accuracy and speed of alerts, risk scores and AI behavioural models. The result is the ability to block supply chain attacks in-flight using the INETCO BullzAI transaction firewall, precisely reducing the risk of fraud loss, settlement disruption and liquidity thresholds being surpassed.
INETCO’s approach stands out because it’s based on a simple premise: financial institutions and payment service providers need to continuously monitor every incoming and outgoing payment transaction themselves. They need to see every cash balance, settlement obligation and in-flight payment in one view and take immediate, AI-driven action to block or suspend suspicious activity. Machine learning models built to analyze the individual behaviours of every account, card and device can self-learn and update after every transaction to pre-emptively spot attacks before fraud loss occurs.
Rather than relying on batch reports or notifications from central banks, teams can monitor transaction values, payment flows, issuer activity and broader network behaviours as events unfold. This is especially important as hidden payment fraud — such as transaction amounts that fall below fraud thresholds — quietly strains liquidity long before it’s identified.
Why fraud and liquidity can no longer be separated
With INETCO BullzAI, liquidity monitoring is not treated as an isolated function. It sits alongside real-time transaction monitoring and fraud detection and prevention as part of one platform supporting multiple use cases across every payment type and channel.
That reflects what payment operators are increasingly seeing in the real world. A liquidity spike may be operational. It may be seasonal. But it may also be linked to fraud, abnormal behaviour, system misuse or a compromise elsewhere in the payment chain.
In other words, fraud monitoring and intraday liquidity monitoring should no longer be viewed as separate disciplines. In a real-time payments environment, suspicious transaction behaviour can quickly create liquidity pressure, and liquidity stress can be an early signal that something else is wrong.
To learn more about how INETCO BullzAI helps payment networks and financial institutions monitor liquidity in real time, detect abnormal transaction activity earlier and protect payment operations under pressure, schedule a demo today.
