Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

The widespread adoption of peer-to-peer (P2P) payment platforms has made it significantly more convenient for individuals to share money digitally. In 2022, 84% of consumers said they used a P2P service, and the popularity shows no signs of waning.

As with most new tech services, P2P payments are not without risk. They have provided new channels for cybercriminals to scam victims out of funds without the same security controls as financial institutions. The P2P payment arena has increased consumers’ financial exposure in ways no one anticipated.

Until now, the victims have largely shouldered liability for P2P scams. In 2023, this appears to be changing. Zelle, one of the nation’s most popular P2P platforms, may change its policy to shift losses to the receiving bank providing its P2P service in some circumstances. What is driving the evolution in P2P fraud liability, and what does it signal to financial institutions?

Losses Mount as Manipulation is Easier than Most Believe
P2P frauds are successful because they provide the ideal digital avenue for cybercriminals to capitalize on their strengths.

Speed, one of the chief benefits that has made consumers flock to P2P payments, is also a benefit for scammers. Fast action by victims is their goal as they build a false sense of urgency with targeted victims. Funds leave the victim’s account almost instantly, and the perpetrators pull those funds just as quickly from accounts at the receiving bank. Neither the victim nor the financial institution has much time to take action, such as freezing funds.

Too many people take comfort in believing they would never make this mistake themselves, yet these scams can be more convincing than most realize. When you know a lot about someone, tricking someone becomes a simple matter of knowing what levers to pull.

How do scammers know so much about American consumers? They have a wealth of data at their disposal supplied by data breaches. The dark web and other illicit forums are full of personal information that is used to build a compelling narrative with enough details to override the hesitations of busy people.

In the wake of a P2P scam, the victim actually authorizes the payment, not realizing it is going directly into the hands of a scammer. This authorization has been a sticking point. For financial institutions, it evades even the most advanced authentication and fraud-prevention protocols because it is the real customer permitting the transaction. For the consumer, the authorization often means that neither the P2P platform nor the financial institution is on the hook for repayment.

Of the four big banks that provided data to the Senate, out of the $213.8 million in fraud losses in 2021 and the first half of 2022, only $2.9 million was reimbursed. This left many calling for change.

A Call to Action for the Financial Industry
Plans to change Zelle’s policy are still being worked out, but it is a clear signal that liability in the P2P fraud arena is shifting. Financial institutions will need a layered approach to deal with the problem effectively and stem the tide of P2P fraud losses.

First, the industry as a whole will need to come together to identify ways to collectively manage risk. As one example, industry trade organizations are asking the FCC to consider action to implement caller ID authentication solutions. This step would make it more difficult for bad actors to spoof the phone numbers of banks, often the first step in convincing a target that an interaction is legitimate when the true intent is to defraud.

Second, there are very interesting biometric solutions available that individual financial institutions can use on the back end to flag when customers may be at risk. There are often subtle, telltale signs of stress during interactions with scammers that are measured. Analytical models in can measure various behavioral inputs real-time when a consumer is using the banking platform to identify the precise moments when extra protections are warranted.

Finally, there are smarter ways to educate and engage consumers in their own protection. The current model of offering the same advice to everyone does not work, as it is glossed over almost as quickly as today’s ubiquitous digital terms and conditions agreements.

To capture attention, the message must be both personalized and timely. By analyzing the patterns seen in the masses of data about data breaches, fraud and identity crimes — as well as precisely what personal information is available to criminals — it’s possible to identify the specific, unique risks a consumer faces. Giving an individual personalized, just-in-time guidance about the exact threats they face is a more powerful message that motivates vigilance and action.

With so many dollars at stake, consumers and financial institutions can be effective partners in addressing the problem of P2P fraud. Cybercriminals have already succeeded in defrauding victims out of billions, but now, institutions and consumers can be allies in fighting back.

Featured

  • A Break from Routine

    It was three years ago right about now that COVID was bringing the world to its knees. In mid-March of 2020, the president put travel restrictions on all flights in and out of Europe, the NBA suspended its season, and Tom Hanks announced that he’d tested positive for the disease—all in the same night. It was officially a national emergency two days later. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2023 Preview

    ISC West 2023 is right around the corner! This year’s trade show is scheduled from March 28–31 at the Venetian Expo in Las Vegas, Nevada. The Campus Security & Life Safety and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Read Now

    • Industry Events
    • ISC West
  • Until We Meet Again

    A short three years ago we were all pondering whether to attend any tradeshows all thanks to COVID-19. Sorry to bring that nightmare up again, but it seems that little pandemic is in the rear-view mirror, and it’s time to meet again. Read Now

    • ISC West
  • Cyber Hygiene: What it Looks Like for IoT Devices

    Cyber Hygiene: What it Looks Like for IoT Devices

    For our second pillar about the Industrial Internet of Things (IIoT) Pillars of Security, we are going to discuss what cyber hygiene looks like for IoT devices. Read Now

Featured Cybersecurity

New Products

  • ABLOY IP54-rated Integrated Dust Cover

    ABLOY IP54-rated Integrated Dust Cover

    One of the things that keep security managers on high alert is the real possibility the security locks used to safeguard their properties may unexpectedly fail due to environmental conditions. 3

  • ComNet NW1 Gen 4

    ComNet NW1 Gen 4

    ComNet, Communication Networks, is announcing the introduction of its Generation 4 line of NetWave® wireless products that offer greater performance and increased stability in applications where throughput and increased bandwidth is increasingly important. 3

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3