Why P2P payments remain susceptible to social engineering fraud | Payment source

Zelle’s fast transaction settlement speed that has boosted its adoption also helps scammers create a false sense of urgency to trick consumers into authorizing instant payments.

“Through social engineering, consumers are being tricked into sending money and authorizing those transactions and now want to be made whole for their mistake,” said Sarah Grotta, director of debit and alternative products advisory at Mercator Advisory Group.

Amid mounting consumer complaints about these types of scams, several class actions recently filed against banks and Zelle’s owner, Early Warning Services, are making their way through the courts against a backdrop of rising identity theft.

Total losses from Zelle scams are difficult to estimate because banks do not share that data. But according to a recent Aite Novarica report, about one in four consumers who have experienced account takeover fraud have experienced a fake P2P transfer.

Banks say they are under no obligation to refund consumers caught in scams knowingly authorizing payments through Zelle or any other channel. consumer advocates urge for regulatory E-protections to cover P2P fraud.

“Financial institutions are not responsible if a consumer uses ACH or sends a check or gives cash to a criminal, and P2P apps should be no different,” Grotta said.

But as complaints — and lawsuits — mount, U.S. regulators could step in.

Two members of the United States Senate Banking Committee sent a letter in April to Early Warning and the banks that own it, seeking information about their plans to protect consumers from scams.

Zelle fraud was flagged as a top problem in the Consumer Financial Protection Bureau’s technology industry research late last year.

It can be difficult to stop Zelle scams at thousands of participating banks where consumers unknowingly authorize payments to criminals who often pose as bank employees or romantic prospects.

The UK has struggled with P2P scams for years and last month the UK government said: law is coming that requires banks to reimburse consumers for P2P scams, with losses totaling hundreds of millions of pounds per year.

To be clear, U.S. banks are required to refund customers for fraud involving unauthorized Zelle transactions, such as account takeover fraud where criminals send money without the customer’s knowledge, Grotta said.

“Financial institutions meet their obligations under Regulation E for unauthorized transactions and provide funds to customers, but authorized transactions are a different matter,” Grotta said.

When consumers knowingly send money to a person who commits fraud, financial institutions are not liable, and one of the reasons is the difficulty of determining whether the Zelle user is a conspirator, as is often the case with so-called “friendly fraud”. “. Grotto said.

Requiring banks, credit unions and fintechs to refund funds in cases of authorized push payment fraud (APP) would likely be a significant setback to the convenience of P2P apps, with the key benefits being simplicity and speed, Grotta said.

Banks may choose to limit the value of funds that consumers could send through Zelle to protect them from losing money through scams. Victims of Zelle scams have documented in class actions that they lost thousands because Zelle is linked to a bank account versus Venmo and other P2P apps that pull transactions from a stored balance. But users of those apps also routinely fall victim to scammers, according to fraud experts.

Early Warning has reported that Zelle’s fastest growing use cases are for: pay rent and other billsso limiting the transaction size or blocking larger transactions can disrupt that activity.

Forcing consumers to reconsider payments to unrecognized recipients by adding steps to the Zelle authorization process could be another layer of protection. “But these are all common tactics that some consumers just ignore and click through,” Grotta said.

Cryptocurrency transactions, the benefit of which to recipients is their irreversibility, are also vulnerable to similar artificial scams, said Julie Conroy, head of risk insights and advisory at consulting firm Aite-Novarica.

“There are a number of ways scammers are taking their money from consumers and crypto companies report that this is a major problem for them too. Essentially any payment mechanism that doesn’t have the zero-liability protection of card rails has the same problem,” Conroy said.

A company claims its “behavioral biometrics” technology helps block fraud through Zelle by detecting unusual activity when scammers are tricking consumers.

Founded in Israel in 2011, BioCatch offers software that measures consumer online behavior and alerts financial institutions to red flags that indicate ongoing fraud, according to Raj Dasgupta, the company’s head of fraud strategy for North America.

“We can see that the person logging into their Zelle account is the real account user, but they are behaving very differently from normal, hesitating and showing telltale signs of being scammed,” he said.

Examples include sending money to a new recipient with unusual pauses in activity during the transaction, entering and deleting the recipient’s amount or account information, Dasgupta said. BioCatch can also determine if an Android phone user is on a call [possibly to a fraudster] while using a P2P app, which is an indication of a scam.

“All these things together increase our risk rating [of a P2P transaction] and we notify the bank of the risk in real time,” Dasgupta said, adding that several secretive US banks are using BioCatch to filter out P2P scams and other types of fraud.

But Aite-Novarica’s Conroy is skeptical of the potential for third parties to anticipate a consumer’s vulnerability to a P2P scam.

“I don’t see physical biometrics as a solution to this, because the consumer initiates the transaction voluntarily. This is what makes scams so difficult to stop, as traditional fraud checks are designed to detect unauthorized transactions, not those initiated voluntarily by the consumer,” Conroy said.

Leave a Comment

Your email address will not be published.