Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

The widespread adoption of peer-to-peer (P2P) payment platforms has made it significantly more convenient for individuals to share money digitally. In 2022, 84% of consumers said they used a P2P service, and the popularity shows no signs of waning.

As with most new tech services, P2P payments are not without risk. They have provided new channels for cybercriminals to scam victims out of funds without the same security controls as financial institutions. The P2P payment arena has increased consumers’ financial exposure in ways no one anticipated.

Until now, the victims have largely shouldered liability for P2P scams. In 2023, this appears to be changing. Zelle, one of the nation’s most popular P2P platforms, may change its policy to shift losses to the receiving bank providing its P2P service in some circumstances. What is driving the evolution in P2P fraud liability, and what does it signal to financial institutions?

Losses Mount as Manipulation is Easier than Most Believe
P2P frauds are successful because they provide the ideal digital avenue for cybercriminals to capitalize on their strengths.

Speed, one of the chief benefits that has made consumers flock to P2P payments, is also a benefit for scammers. Fast action by victims is their goal as they build a false sense of urgency with targeted victims. Funds leave the victim’s account almost instantly, and the perpetrators pull those funds just as quickly from accounts at the receiving bank. Neither the victim nor the financial institution has much time to take action, such as freezing funds.

Too many people take comfort in believing they would never make this mistake themselves, yet these scams can be more convincing than most realize. When you know a lot about someone, tricking someone becomes a simple matter of knowing what levers to pull.

How do scammers know so much about American consumers? They have a wealth of data at their disposal supplied by data breaches. The dark web and other illicit forums are full of personal information that is used to build a compelling narrative with enough details to override the hesitations of busy people.

In the wake of a P2P scam, the victim actually authorizes the payment, not realizing it is going directly into the hands of a scammer. This authorization has been a sticking point. For financial institutions, it evades even the most advanced authentication and fraud-prevention protocols because it is the real customer permitting the transaction. For the consumer, the authorization often means that neither the P2P platform nor the financial institution is on the hook for repayment.

Of the four big banks that provided data to the Senate, out of the $213.8 million in fraud losses in 2021 and the first half of 2022, only $2.9 million was reimbursed. This left many calling for change.

A Call to Action for the Financial Industry
Plans to change Zelle’s policy are still being worked out, but it is a clear signal that liability in the P2P fraud arena is shifting. Financial institutions will need a layered approach to deal with the problem effectively and stem the tide of P2P fraud losses.

First, the industry as a whole will need to come together to identify ways to collectively manage risk. As one example, industry trade organizations are asking the FCC to consider action to implement caller ID authentication solutions. This step would make it more difficult for bad actors to spoof the phone numbers of banks, often the first step in convincing a target that an interaction is legitimate when the true intent is to defraud.

Second, there are very interesting biometric solutions available that individual financial institutions can use on the back end to flag when customers may be at risk. There are often subtle, telltale signs of stress during interactions with scammers that are measured. Analytical models in can measure various behavioral inputs real-time when a consumer is using the banking platform to identify the precise moments when extra protections are warranted.

Finally, there are smarter ways to educate and engage consumers in their own protection. The current model of offering the same advice to everyone does not work, as it is glossed over almost as quickly as today’s ubiquitous digital terms and conditions agreements.

To capture attention, the message must be both personalized and timely. By analyzing the patterns seen in the masses of data about data breaches, fraud and identity crimes — as well as precisely what personal information is available to criminals — it’s possible to identify the specific, unique risks a consumer faces. Giving an individual personalized, just-in-time guidance about the exact threats they face is a more powerful message that motivates vigilance and action.

With so many dollars at stake, consumers and financial institutions can be effective partners in addressing the problem of P2P fraud. Cybercriminals have already succeeded in defrauding victims out of billions, but now, institutions and consumers can be allies in fighting back.

Featured

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3