The modeling piece involves analyzing fraudulent and legitimate transactions to identify variables that best predict fraud. Behavior rules are much like those long used in credit card circles-unusual purchases that don't fit the member's past or demographic profile. Negative lists are a kind of institutional memory of data, using data constantly provided by investigators to put known fraud attributes back into the decision engine.

While the tools have been around for a while, the fraud attempts that PSCU and Fiserv are seeing are definitely changing, both said, in both size and method.

"What we're seeing is not so much an increase in number but an increase in the dollar amount that's being targeted," said John Pask, electronic bill pay and presentment manager at PSCU in St. Petersburg, Fla.

"When we started with FraudNet in 2006, the typical fraud attempt was for a hundred, maybe $500. Today, we're seeing that jump to $12,000, and that's an alarming thing," Pask said. All business accounts that PSCU services are now required to use the FraudNet protection as a result, he added.

PSCU has 131 client credit unions using FraudNet to monitor about 1.6 million payments a month. Fiserv said the CUSO's detection rate has been 94% and that about $315,000 in potential fraud has been stopped since PSCU went live on FraudNet in 2006.

Fiserv said it monitors more than a billion payments a year for more than 1,000 financial institutions overall and that the typical amount of a thwarted theft is between $4,000 and $6,000. In addition to bigger illicit payoffs, the methods have changed, too, especially among phishing gangs.

"This was supposed to be the year of [credential-stealing] malware but the reality is that financial institutions are still experiencing the number of e-mail phishing attacks as they always have, too. It's not so much that the threats are new, but since early 2009 we've seen a change in the content of e-mails from years past," said Christopher Beier, security product manager at Fiserv, which bases its FraudNet operation at a command center in suburban Columbus, Ohio.

"The new content is not so much about exploiting your trust in your financial institution as it is attacking users specifically," Beier said.

Adding to the mix now is a growing new payment path: financial institution-provided person-to-person. Fiserv already has signed up more than 200 customers for its own P2P offering, ZashPay, and while those payments also will be monitored by FraudNet, Beier said they present their own challenges.

"As we move toward additional opportunities with money movement solutions like P2P and ZashPay, the stakes grow a bit, because of the speed of these types of transactions and because it's not like a traditional bill payment where you're paying the same particular entity over and over again," the Fiserv product manager said.