P2P

The Pros and Cons of P2P Payments: Balancing Convenience with Exploding Fraud Rates

Consumers have had the ability to transfer funds electronically for decades – by phone, automated bill pay, PayPal, and more, with the latest trend around Peer-to-Peer (P2P) payments - each offering better, faster, and cheaper options. According to Insider Intelligence, adoption in the U.S. reached more than 57 million users in 2017, and surged to 79 million users completing $375 billion in transactions in 2019.  

As a result of pandemic lockdowns and changing consumer behavior, the adoption of P2P has increased even more in the last few years, with the addition of millions of new users. As of early 2021, Forbes reported membership for Cash App, Google Pay, PayPal, Venmo, and Zelle reached more than 1 billion users who processed up to 10 million transactions per month - a volume that continues to double every 6-10 months.

Some of these apps operate from within the traditional banking ecosystem, while others are outside. Each however, has differentiating features, target various market segments, and even specific generational audiences.

With many Americans relying on P2P so frequently, and using a combination of apps for various transactions, how are community financial institutions impacted?

Community institutions have historically leveraged their more personalized connection to, and services for, local businesses and consumers as a way to differentiate themselves from the larger regional and national banks and credit unions. However, today’s market includes a growing new threat, fintech companies advertising how their services offer an even better understanding of small business and consumer needs than traditional bank and credit unions, including alternative payment mechanisms like P2P. As a result, thousands of institutions have partnered with offerings like Popmoney and Zelle, either directly or through their core banking system, as a means to remain competitive.

The movement is so big that the NY Times estimates consumers sent approximately $490 billion through Zelle in 2021 - more than double the amount sent through Venmo.  The immediacy of Zelle’s transactions over Venmo, which can take 1-2 days to clear without an additional fee, is likely to have influenced this shift.

While attractive to consumers, these same features are also catching the eye of fraudsters across the globe, making each of these ’Pros’ their own ‘Con’.

Due to the tremendous user adoption and money moved, it shouldn’t come as a surprise that P2P fraud is now considered the number one payment fraud trend to watch. Given the immediacy of the transactions and it being nearly impossible for consumers to retrieve the funds, Zelle in particular, has become a favorite with fraudsters. In comparison, other forms of money transfer or card transactions take a day or more to clear.

So what do account holders need to watch out for? The most common P2P scams and fraudulent activities include:

  • Seller Scams – In an online marketplace, the seller dictates payment through use of P2P, but after payment is made, the items aren’t shipped and the seller stops responding to inquiries. 
  • Buyer Scams – Items are purchased online and the buyer intentionally overpays using a check. The buyer then asks for the difference to be refunded via P2P. When the seller deposits the check, it bounces and he finds out it was fraudulent.  
  • Romance Scams – Fraudsters use fake social media profiles to befriend targets, earn their trust, and swindle them for large amounts of cash. 
  • Fraudsters who pretend to be from the IRS and demand payment.
  • Unauthorized P2P payments initiated through a stolen device, hacked account, or compromised card. 

Despite the popularity of the above scenarios, perhaps the most unsettling scam is the recent wave of fraudsters targeting Zelle users through their existing and trusted bank or credit union. In what has been dubbed as the ‘Me-to-Me’ scam, the fraudster spoofs the bank phone number and contacts the account holder, explaining that someone is trying to make a large Zelle withdrawal from their account. The caller counsels the user that the only way to stop the fraudulent activity is to send themselves a transfer through Zelle – after all, payment is going from “my account to my account.”  While this explanation is made by phone, the fraudster connects their own account to the user’s Zelle profile in the background, and once the transfer is initiated, the funds are in the hands of the fraudster.
 
Institutions aren’t required to report the amount of fraud they see through Zelle, but based on numerous reports of scams hitting Bank of America, Chase, and Wells Fargo, the numbers must be staggering.

So how do you find the middle ground between offering services to keep your customers and members transacting through your institution – while mitigating the risk that comes with these services?

Security:

  1. Review the security settings your P2P provider offers at the institution level.
    • Work with your P2P provider to set up advanced logging and analytics around the user activity, not only transfer activity, but changes to email and phone numbers.
    • If possible, work with your P2P vendor to add AI-based tools that detect suspicious patterns of transfer activity. 
  2. Add an extra layer of security through your online and mobile banking apps to identify the end user before Zelle is launched. Although allowing customers and members to skip added login security from trusted devices keeps them happy, it also aides fraudsters with unauthorized access and the ability to initiate transfers without validating their identity. Though this won’t prevent the Me-to-Me scam, it will help mitigate account takeover concerns. 
  3. Set daily and weekly transfer limits based on your risk tolerance to help limit losses to your account holders and your institution. 
  4. Consider partnering with a 3rd party geofencing provider to implement an additional layer of security by verifying if the user is logging in from within their normal locations. 

Reputation Risk:

  1. Discuss your fraud risks fully and most importantly, what stance your institution will take as these scams hit your account holders. Regulation E wasn’t written to cover some of these newer scams, and you’ll find yourself weighing the cost of refunding users for lost funds with cost of your reputation. 
  2. Once determined, ensure you have clearly outlined the rules and responsibilities of both the user and your institution in your Terms and Conditions. 

Education: 

  1. You owe it to both your employees and your account holders to keep them up-to-date on scam and fraud trends and how to defend against them, including username and password health.
  2. Educate them both on when and how your institution will legitimately alert users if an issue arises, and the specifics on what your institution WILL NOT do or ask. 

In summary, consumers and businesses are always looking for easier, faster, and less expensive ways to transact, opening the door for fintech companies to grab market share away from community financial institutions. Though there are 3rd party vendors offering options to help you retain your customer or member base, it’s important to approach each opportunity with a clear look at potential security implications, fraud mitigation and reporting, and the reputation risk that may come with resulting fraud losses. For every precaution you take, there is a fraudster networking to find a way around it!

Learn more about the built-in security features and capabilities to protect your customers and members within NXT, Alogent’s digital banking platform.

Download 'Rock-Solid Security Tips for your Digital Banking Platform'

Be the first to know! Click below to follow us on LinkedIn for news and content updates!