Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

The widespread adoption of peer-to-peer (P2P) payment platforms has made it significantly more convenient for individuals to share money digitally. In 2022, 84% of consumers said they used a P2P service, and the popularity shows no signs of waning.

As with most new tech services, P2P payments are not without risk. They have provided new channels for cybercriminals to scam victims out of funds without the same security controls as financial institutions. The P2P payment arena has increased consumers’ financial exposure in ways no one anticipated.

Until now, the victims have largely shouldered liability for P2P scams. In 2023, this appears to be changing. Zelle, one of the nation’s most popular P2P platforms, may change its policy to shift losses to the receiving bank providing its P2P service in some circumstances. What is driving the evolution in P2P fraud liability, and what does it signal to financial institutions?

Losses Mount as Manipulation is Easier than Most Believe
P2P frauds are successful because they provide the ideal digital avenue for cybercriminals to capitalize on their strengths.

Speed, one of the chief benefits that has made consumers flock to P2P payments, is also a benefit for scammers. Fast action by victims is their goal as they build a false sense of urgency with targeted victims. Funds leave the victim’s account almost instantly, and the perpetrators pull those funds just as quickly from accounts at the receiving bank. Neither the victim nor the financial institution has much time to take action, such as freezing funds.

Too many people take comfort in believing they would never make this mistake themselves, yet these scams can be more convincing than most realize. When you know a lot about someone, tricking someone becomes a simple matter of knowing what levers to pull.

How do scammers know so much about American consumers? They have a wealth of data at their disposal supplied by data breaches. The dark web and other illicit forums are full of personal information that is used to build a compelling narrative with enough details to override the hesitations of busy people.

In the wake of a P2P scam, the victim actually authorizes the payment, not realizing it is going directly into the hands of a scammer. This authorization has been a sticking point. For financial institutions, it evades even the most advanced authentication and fraud-prevention protocols because it is the real customer permitting the transaction. For the consumer, the authorization often means that neither the P2P platform nor the financial institution is on the hook for repayment.

Of the four big banks that provided data to the Senate, out of the $213.8 million in fraud losses in 2021 and the first half of 2022, only $2.9 million was reimbursed. This left many calling for change.

A Call to Action for the Financial Industry
Plans to change Zelle’s policy are still being worked out, but it is a clear signal that liability in the P2P fraud arena is shifting. Financial institutions will need a layered approach to deal with the problem effectively and stem the tide of P2P fraud losses.

First, the industry as a whole will need to come together to identify ways to collectively manage risk. As one example, industry trade organizations are asking the FCC to consider action to implement caller ID authentication solutions. This step would make it more difficult for bad actors to spoof the phone numbers of banks, often the first step in convincing a target that an interaction is legitimate when the true intent is to defraud.

Second, there are very interesting biometric solutions available that individual financial institutions can use on the back end to flag when customers may be at risk. There are often subtle, telltale signs of stress during interactions with scammers that are measured. Analytical models in can measure various behavioral inputs real-time when a consumer is using the banking platform to identify the precise moments when extra protections are warranted.

Finally, there are smarter ways to educate and engage consumers in their own protection. The current model of offering the same advice to everyone does not work, as it is glossed over almost as quickly as today’s ubiquitous digital terms and conditions agreements.

To capture attention, the message must be both personalized and timely. By analyzing the patterns seen in the masses of data about data breaches, fraud and identity crimes — as well as precisely what personal information is available to criminals — it’s possible to identify the specific, unique risks a consumer faces. Giving an individual personalized, just-in-time guidance about the exact threats they face is a more powerful message that motivates vigilance and action.

With so many dollars at stake, consumers and financial institutions can be effective partners in addressing the problem of P2P fraud. Cybercriminals have already succeeded in defrauding victims out of billions, but now, institutions and consumers can be allies in fighting back.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3