Navigating The P2P Minefield

AI-Assisted Fraud, Kannan Srinivasan

Financial institutions are increasingly navigating a sea of scams and fraud. With the evolution of emerging technologies, new avenues for attack have opened, leaving banks, credit unions, and their accountholders more vulnerable.

As peer-to-peer (P2P) payments become an expectation, the risks for banks and credit unions edge higher. The real-time nature of P2P payments and the “relationship” between the scammer and the victim, makes it exceedingly difficult for banks to detect and mitigate P2P scams.

In a recent PaymentsJournal podcast, Kannan Srinivasan, Vice President of Risk Management at Fiserv, and Brian Riley, Director of Credit and Co-Head of Payments at Javelin Strategy & Research, explored the key differences between scams and fraud, the prevalence of P2P scams versus other types of scams, and the best approach for financial institutions to implementing P2P payments.

Differentiating Between Scams and Fraud

Incidences of scams and fraud have gained traction in recent years, and it’s easy to use these terms interchangeably to describe any type of financial wrongdoing by criminals. But there’s a distinction. The proper classification of these types of fraud can aid in developing the countermeasures to address them.

Fraud can be divided into three types: first-party, second-party, and third-party.

“First-party fraud is when the crime is committed by the owner of the account,” Riley said. “It might be a bad return, it might be a claim of non-service on a merchant, something along that line. And then you have second-party fraud, where fraud is committed by another person and there’s a relationship that the owner of the account has with the other person. It might be allowing them to use the card or something along that line.”

“But third-party fraud is really one of the most common when it comes to payments, and that’s when there’s another party that’s unrelated to the account using it in one form or another,” he said.

Within third-party fraud is a deeper classification where the act can be readily identified as a fraud or a scam. An act of fraud normally involves the illicit use of another person’s information, such as in identify theft and credit card fraud.

With scams, the focus is on deceiving victims into giving up their money or their personal information, which can occur in P2P payments like those driven by romance scams and phishing emails.

“If somebody gained access to your bank account and made a payment without your permission, that’s typically considered unauthorized,” Srinivasan said. “It’s an unauthorized activity. Think about it as credentials compromised, username and password are stolen. You clicked on a phishing link and provided your login or bank account information.

“Those are all considered fraud or unauthorized activity, versus if you were knowingly involved in a transaction,” he said. “Somebody may have pretended to be a bank, but you were involved in a transaction, and you authorized a transaction. This is typically defined as scam.”

P2P Scams Versus Overall Scams

Recent news reports about a marked escalation in P2P scams don’t tell the whole story. Although incidences have increased, they are far less than the total amount of fraud losses.

“According to new data from FTC, total fraud losses reported in 2022 was $8.8 billion, compared to P2P and money transfers, (which) were about $1.7 billion,” Srinivasan said. “In general, P2P fraud has much lower exposure for our financial institutions compared to other products, such as check fraud or card fraud losses.”

Srinivasan noted that the sensationalism and attention aimed at P2P payments fraud can be traced to their relative newness in the payments space and the real-time nature of the transactions.

Why Scams Are Particularly Troublesome

Financial institutions and other organizations are not the only ones leveraging the latest technology. Scammers are also using these tools to evolve and stay a step ahead, lurking behind seemingly trustworthy brands.

Some of the most nefarious tactics to deceive unsuspecting customers include deepfakes, where scammers create fake videos and audio of bank employees via artificial intelligence, deceiving customers by leaving a voicemail or recording phone calls in which bank account information is requested.

Generative AI is also being leveraged for highly customized phishing emails, posing yet another potential threat for financial institutions.

With AI technology, bad guys can launch automated bot attacks at scale,” Srinivasan said. “We see a large number of new-account-opening fraud, where fraudsters might be creating mule accounts to collect funds, so they create tons of spoofed emails specifically targeted to a geography.”

Increasingly prevalent are faked emails, texts, and invoices, all with the aim to deceive customers into making payments and giving up other sensitive information.

And with the explosion of e-commerce, this has become yet another expansive playground for scammers to take part in. “We’re in a world now where electronic commerce is growing 20% yearly in the U.S.,” Riley said. “You’re getting further away from that point-of-sale, somebody who has to go to a store and tender it. You have more of the anonymous nature of the internet.”

“So many things can happen in a very short period of time,” he said. “When you stack on top of the fact that things are going faster, it becomes a much tighter playing field. It’s encouraging when you talk about the Zelle numbers on fraud going down, but just recognize that it’s an ongoing base job and people will be fighting fraud for the rest of time.”

How Zelle Payment Dispute Rates Compare to Other P2P Apps

According to the Bank Policy Institute, Zelle continues to be the safest P2P network. Three times as many disputed transactions were made to PayPal as to Zelle, and for CashApp, there were six times as many.

Zelle requires customers to already have a bank account, fulfilling the know-your-customer (KYC) requirements. Any incidences of fraud are reported back to the Zelle Network so other banks can make use of this critical information.

P2P Payments: With Zelle a “Must-Have” Should Financial Institutions Be Wary?

P2P payments, and specifically Zelle, have solidified as a must-have for financial institutions. Customers demand it, and therefore it is table stakes, not just a nice-to-have offering.

“You look at how real-time payments have grown and faster payments and every other channel that’s going against that market, there’s a demand for it,” Riley said.

“Even on the credit side, some of the contraction that was built into the process is starting to wane,” he said. “But when it comes to addressing real live funds and real live accounts, people want that money moved quickly, that’s for sure.”

With the flurry of new stories of disputed transactions, losses reported by customers, and now liability shifting over to financial institutions, banks and credit unions feel apprehensive about including these types of payments. But there is more to be gained than lost. Financial institutions stand to attract more customers, boost brand loyalty, and create new revenue streams. And they don’t have to navigate this area alone. It’s about forming a strategic partnership with experts in this space.

“One of the things which we recommend is leveraging the expertise of a reliable partner,” Srinivasan said. “Fiserv reduces the work burden for the financial institution significantly in terms of not just operational human expenses but also technology costs.

“Fiserv has the risk management protocols and strategy in place to help mitigate various kinds of scams and fraud,” he said. “Based on fraud and scams, we also design the user interface to interact and alert consumers on the transaction. Our consumers are the last line of defense so Safety messages and communication with your consumer on the app or email and text, is an important factor, too.”

The evidence clearly suggests consumers are safer with Zelle vs. alternate payments. With Zelle, financial and other risk management controls come into play, which in most circumstances are more robust compared to controls from alternate payment providers.

Overall Zelle Network fraud has dropped by over 35% year over year and financial institutions are continuing to bring fraud down to protect consumers. Real-time payments including P2P payments will continue to see increased adoption. With adequate preparation and strategy financial institutions are in great shape to delight consumers—safely and securely.

Interest in learning more? Contact zelle@fiserv.com.

Exit mobile version