Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

The widespread adoption of peer-to-peer (P2P) payment platforms has made it significantly more convenient for individuals to share money digitally. In 2022, 84% of consumers said they used a P2P service, and the popularity shows no signs of waning.

As with most new tech services, P2P payments are not without risk. They have provided new channels for cybercriminals to scam victims out of funds without the same security controls as financial institutions. The P2P payment arena has increased consumers’ financial exposure in ways no one anticipated.

Until now, the victims have largely shouldered liability for P2P scams. In 2023, this appears to be changing. Zelle, one of the nation’s most popular P2P platforms, may change its policy to shift losses to the receiving bank providing its P2P service in some circumstances. What is driving the evolution in P2P fraud liability, and what does it signal to financial institutions?

Losses Mount as Manipulation is Easier than Most Believe
P2P frauds are successful because they provide the ideal digital avenue for cybercriminals to capitalize on their strengths.

Speed, one of the chief benefits that has made consumers flock to P2P payments, is also a benefit for scammers. Fast action by victims is their goal as they build a false sense of urgency with targeted victims. Funds leave the victim’s account almost instantly, and the perpetrators pull those funds just as quickly from accounts at the receiving bank. Neither the victim nor the financial institution has much time to take action, such as freezing funds.

Too many people take comfort in believing they would never make this mistake themselves, yet these scams can be more convincing than most realize. When you know a lot about someone, tricking someone becomes a simple matter of knowing what levers to pull.

How do scammers know so much about American consumers? They have a wealth of data at their disposal supplied by data breaches. The dark web and other illicit forums are full of personal information that is used to build a compelling narrative with enough details to override the hesitations of busy people.

In the wake of a P2P scam, the victim actually authorizes the payment, not realizing it is going directly into the hands of a scammer. This authorization has been a sticking point. For financial institutions, it evades even the most advanced authentication and fraud-prevention protocols because it is the real customer permitting the transaction. For the consumer, the authorization often means that neither the P2P platform nor the financial institution is on the hook for repayment.

Of the four big banks that provided data to the Senate, out of the $213.8 million in fraud losses in 2021 and the first half of 2022, only $2.9 million was reimbursed. This left many calling for change.

A Call to Action for the Financial Industry
Plans to change Zelle’s policy are still being worked out, but it is a clear signal that liability in the P2P fraud arena is shifting. Financial institutions will need a layered approach to deal with the problem effectively and stem the tide of P2P fraud losses.

First, the industry as a whole will need to come together to identify ways to collectively manage risk. As one example, industry trade organizations are asking the FCC to consider action to implement caller ID authentication solutions. This step would make it more difficult for bad actors to spoof the phone numbers of banks, often the first step in convincing a target that an interaction is legitimate when the true intent is to defraud.

Second, there are very interesting biometric solutions available that individual financial institutions can use on the back end to flag when customers may be at risk. There are often subtle, telltale signs of stress during interactions with scammers that are measured. Analytical models in can measure various behavioral inputs real-time when a consumer is using the banking platform to identify the precise moments when extra protections are warranted.

Finally, there are smarter ways to educate and engage consumers in their own protection. The current model of offering the same advice to everyone does not work, as it is glossed over almost as quickly as today’s ubiquitous digital terms and conditions agreements.

To capture attention, the message must be both personalized and timely. By analyzing the patterns seen in the masses of data about data breaches, fraud and identity crimes — as well as precisely what personal information is available to criminals — it’s possible to identify the specific, unique risks a consumer faces. Giving an individual personalized, just-in-time guidance about the exact threats they face is a more powerful message that motivates vigilance and action.

With so many dollars at stake, consumers and financial institutions can be effective partners in addressing the problem of P2P fraud. Cybercriminals have already succeeded in defrauding victims out of billions, but now, institutions and consumers can be allies in fighting back.

Featured

Featured Cybersecurity

Webinars

New Products

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3