Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

Evolving Liability Causing Financial Institutions to Rethink P2P Fraud Approach

The widespread adoption of peer-to-peer (P2P) payment platforms has made it significantly more convenient for individuals to share money digitally. In 2022, 84% of consumers said they used a P2P service, and the popularity shows no signs of waning.

As with most new tech services, P2P payments are not without risk. They have provided new channels for cybercriminals to scam victims out of funds without the same security controls as financial institutions. The P2P payment arena has increased consumers’ financial exposure in ways no one anticipated.

Until now, the victims have largely shouldered liability for P2P scams. In 2023, this appears to be changing. Zelle, one of the nation’s most popular P2P platforms, may change its policy to shift losses to the receiving bank providing its P2P service in some circumstances. What is driving the evolution in P2P fraud liability, and what does it signal to financial institutions?

Losses Mount as Manipulation is Easier than Most Believe
P2P frauds are successful because they provide the ideal digital avenue for cybercriminals to capitalize on their strengths.

Speed, one of the chief benefits that has made consumers flock to P2P payments, is also a benefit for scammers. Fast action by victims is their goal as they build a false sense of urgency with targeted victims. Funds leave the victim’s account almost instantly, and the perpetrators pull those funds just as quickly from accounts at the receiving bank. Neither the victim nor the financial institution has much time to take action, such as freezing funds.

Too many people take comfort in believing they would never make this mistake themselves, yet these scams can be more convincing than most realize. When you know a lot about someone, tricking someone becomes a simple matter of knowing what levers to pull.

How do scammers know so much about American consumers? They have a wealth of data at their disposal supplied by data breaches. The dark web and other illicit forums are full of personal information that is used to build a compelling narrative with enough details to override the hesitations of busy people.

In the wake of a P2P scam, the victim actually authorizes the payment, not realizing it is going directly into the hands of a scammer. This authorization has been a sticking point. For financial institutions, it evades even the most advanced authentication and fraud-prevention protocols because it is the real customer permitting the transaction. For the consumer, the authorization often means that neither the P2P platform nor the financial institution is on the hook for repayment.

Of the four big banks that provided data to the Senate, out of the $213.8 million in fraud losses in 2021 and the first half of 2022, only $2.9 million was reimbursed. This left many calling for change.

A Call to Action for the Financial Industry
Plans to change Zelle’s policy are still being worked out, but it is a clear signal that liability in the P2P fraud arena is shifting. Financial institutions will need a layered approach to deal with the problem effectively and stem the tide of P2P fraud losses.

First, the industry as a whole will need to come together to identify ways to collectively manage risk. As one example, industry trade organizations are asking the FCC to consider action to implement caller ID authentication solutions. This step would make it more difficult for bad actors to spoof the phone numbers of banks, often the first step in convincing a target that an interaction is legitimate when the true intent is to defraud.

Second, there are very interesting biometric solutions available that individual financial institutions can use on the back end to flag when customers may be at risk. There are often subtle, telltale signs of stress during interactions with scammers that are measured. Analytical models in can measure various behavioral inputs real-time when a consumer is using the banking platform to identify the precise moments when extra protections are warranted.

Finally, there are smarter ways to educate and engage consumers in their own protection. The current model of offering the same advice to everyone does not work, as it is glossed over almost as quickly as today’s ubiquitous digital terms and conditions agreements.

To capture attention, the message must be both personalized and timely. By analyzing the patterns seen in the masses of data about data breaches, fraud and identity crimes — as well as precisely what personal information is available to criminals — it’s possible to identify the specific, unique risks a consumer faces. Giving an individual personalized, just-in-time guidance about the exact threats they face is a more powerful message that motivates vigilance and action.

With so many dollars at stake, consumers and financial institutions can be effective partners in addressing the problem of P2P fraud. Cybercriminals have already succeeded in defrauding victims out of billions, but now, institutions and consumers can be allies in fighting back.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3