6 Reasons Why P2P Fraud is A Big Big Deal

Person to Person Payments (P2P) is blazing hot!   It is without a doubt the hottest trend in banking as apps like Venmo and Zelle boast millions of new users monthly.

But it also happens to be the hottest fraud trend as well, as cybercriminals and scammers rush in to take advantage of instant payoff as they steal from banks and consumers.

As these P2P payment volumes soar, so does the fraud.   This year, P2P fraud losses will be at their highest level ever as these apps become more ubiquitous.

It’s a problem that  Maryann Miller, Fraud Executive at Actimize, has warned banks about for years.

As payment speeds increase, fraud increases.  It’s just that simple.”, Maryann indicated, “You can’t underestimate how quickly and completely fraudsters will attack real-time payments.  They are not just going to attack the payment product itself, but everything else in the environment including registration, authentication, loading bank information or any loophole they can find. When they find it, they’ll hit it continuously until discovered.  Product managers need to be vigilant when they launch these products

I tend to agree with Maryann. You have to consider the consequences of fraud any time you launch a new product – particularly when that product is instant payments!

Here are 6 reasons why I think P2P fraud is a big deal and how banks can get serious about stopping the risk.

#1 Reason –  Because Fraud Rates Are High

Losses from P2P payments like Venmo and Zelle have higher rates of third-party fraud than most other fraud types.  Fraud rates can range from as low as 10 basis points to 100 basis points or more.

When compared to credit card average fraud rates, that is between 5-8 times higher.  

#2 Reason- Because The Volume of P2P is Growing Rapidly

P2P payments are outpacing just about every other payment method available.  They are growing so fast in fact that many people project they will eliminate cash!  Hopefully they will at least eliminate the check.  Then we could all cheer loudly.

Take a look at the supercharged growth of Venmo which has increased 900% over the last 2 years.  It’s a massive success no matter how you look at it.

#3 Reason- Because High Volume and High Fraud Rates = Big Losses

When you couple the high volumes of P2P with the high fraud rates of fraud on those payments, banks can expect to lose a billion of dollars in losses each year.   Yes, you read that correctly – billions with a “B”

If we assume a conservative 35 basis points of loss on P2P payments, annual losses from P2P payments will close in on 1 Billion Dollars.  Keep in mind that this does not include money consumers lose from scams which is a whole other category of losses.

#4 Reason –  Because Fraudsters Like it More than ACH or Wire.

P2P fraud will only grow because it is ideal for a fraudster.  They can get their cash instantly to anyone, anywhere.   Unlike ACH which might take a day and unlike Wire Transfers which are often manually reviewed or require multiple verifications to complete.

P2P fraud is the ideal way for fraudsters to get paid so they are going to stick with it for a long time.

#5 Reason – Because Fraudsters Can Monetize Breached Information

It always comes back to cash money.  Follow the cash money and you find the fraud. P2P payment options are breathing new life into monetizing breached data.  When card issuers implemented Chip Card, it reduced one source of revenue for fraudsters – trafficking skimmed card details.

Now those fraudsters are trafficking stolen credentials, passwords and all the other identifying keys that can be used to penetrate consumers banking account information.  And that information is fueling a huge increase in account takeover in 2017.   Javelin reported that Account Takeover losses have reached historic highs after the implementation of Chip in the US.

 Account takeover tripled over the past year, reaching a four-year high. Total ATO losses reached $5.1 billion, a 120 percent increase from 2016.  Javelin Research

#6 Reason -Because Consumers and Banks Are Still Trying to Figure it All Out

Zelle has been a fantastic success story for banks. Banks were able to provide instant P2P services to all of their customers and thanks to Zelle they could be assured that most people they were sending money too were also on the Zelle network.

This provided a nearly instant rollout to tens and millions of banking customers overnight.  That also created its own headaches as you can imagine.

As an example, many consumers may not even be aware that Zelle is enabled on their bank accounts or how they should use it.  Those unsavvy customers are prime victims for scammers who may convince them to send Zelle transfers after passing a bad check to the customer that will bounce.  Or still, others may convince customers to accept a Zelle payment made from a fraudulent account as payment.  Once they receive the merchandise, the Zelle payment is reversed and the customer is left holding the bag.

Banks, on the other hand, are trying to figure it out as well.  And its a race against time.  Banks have to figure out very quickly how to identify and stop a tsunami of fraud attacks in seconds.  And that is not an easy thing to do.

How Banks  Can Bolster Their Defenses Against P2P Fraud

I asked Maryann to give me a few recommendations for banks that want to bolster their defenses.

She recommended some simple things banks can do to limit their exposure:

  1.  Use Daily Limits and Transaction Limits – Don’t go out the gate with high limits.  Start with low limits and increase them gradually as you learn the new payment schemes and customer patterns.
  2. Use Fraud Scores – Never underestimate the value of predictive scores in identifying patterns of fraud that are sometimes invisible to the human eye.  If you try to manage this fraud with rules only your going to have a rough time.
  3. Hold Suspect Payments Until They Can Be Verified – You have to have some interdiction with instant payments, otherwise, you’re going to get smoked by the fraudsters.  Build in a pause button on high-risk payments until a fraud investigator can review those payments.
  4. Educate Customers – Educate customers of how their new P2P apps work. Tell them when to use it and when not to use it.  Tell the customer what to in the event that their payment is delayed or stopped.  It’s going to take awhile for customers to come up to speed.
  5. Evaluate Your Authentication Approach– Look at how you are authenticating customers at each channel such as online and customer service center.  A fraudster is working 24/7 to penetrate the system so you have to have good controls up front.
  6. Leverage Digital Identity – Leverage digital identity (device ID, behavioral biometrics) in your authentication strategy but also use those data elements in your fraud score to better identify the trends and patterns in your high-risk monitoring.
  7. Establish Specialist Teams –  You need fraud specialist to monitor, block and release holds on high-risk transactions.  They should be specialist in identifying account takeover, phishing, and potential customer scams so you can reduce the impact on everyone.

Some great ideas there.  Thanks for Reading!

Frank McKenna is the Chief Fraud Strategist for PointPredictive and a Fraud Consultant based in San Diego California