Person-to-person (P2P) fraud continues to be a top concern for credit unions and members alike. And it’s no wonder— as consumers grow increasingly comfortable making touchless payments, opportunistic criminals are devising new ways to capitalize on their popularity.
P2P payments are one of the fastest-growing payment channels, with overall volume expected to grow by 28% in 2023, reaching $1 trillion.
Unfortunately, this rise in transaction volume has been accompanied by an increase in fraud activity, as the channel’s growing popularity and inherent speed make for an enticing mix for fraudsters.
According to Consumer Reports, 18% of consumers use P2P once a week. Of these heavy users, half report having been victims of a scam. And the fraudsters are getting bolder: the average dollar amount of fraud attempted through the P2P channel is 60% higher than the average card not present (CNP) fraud attempt.
Why is P2P fraud growing?
P2P fraud is taking off because savvy fraudsters tend to go where the action is. Younger generations are embracing this convenient channel over traditional payment methods.
The advent of fast funds—which offers consumers the option of paying a 1% fee to have funds immediately credited to their bank account—is pressuring issuers to authenticate transactions more quickly. This emphasis on speed is giving issuers less time to assess transactions and investigate potential fraud before providing approval—raising the likelihood of fraud losses for issuers, as well as their customers or members.
How do fraudsters commit P2P fraud?
- Impersonate Your Financial Institution: In this scam, criminals send out text messages that purport to be from the financial institution inquiring about suspicious transactions. Anyone who responds to the text message will then receive a phone call from the scammer. In the most sophisticated scams, the fraudster spoofs the caller’s number so it looks like the call is coming from the victim’s financial institution. The fraudster will then ask for verification in the form of personal information such as online banking credentials or one-time passcodes sent via text or email. The criminal then uses that information to sign into the victim’s online banking platform, resets their credentials and uses P2P to transfer funds out of the account.
- Friendly Fraud: Some scammers use “friendly fraud” social engineering tactics to achieve their nefarious aims. In one popular scam, the fraudster messages the victim requesting that they deposit the fraudster’s check in their account and then send the funds back to the requester via a P2P app. The fraudster then promises to send the victim a fee for performing the transaction. Of course, the fraudster never sends the payment and the original check bounces, leaving the member (or the credit union) on the hook for the entirety of the funds.
- Structuring: Credit unions are also seeing a rise in incidents of structuring, which is defined as deliberately making account deposits just below the $10,000 currency transaction threshold to evade IRS reporting requirements.
- Phishing: “Phishing” scams, where a criminal sends a fraudulent message to trick an unwitting recipient into revealing sensitive personal or account information, are also on the rise. Phishing attempts may occur through email, over the phone, via text message or even social media, and are designed to allow the perpetrator to gain access to a member’s financial accounts or commit identity theft. Phishing scams have come a long way, and can look or sound like legitimate messages from people or institutions the victim knows and trusts, such as their financial institution. The messages often contain a link that directs the recipient to a fake website that appears legitimate. Unfortunately, with P2P fraud, fraudsters no longer need to obtain a user’s card number to steal funds. If they can hack into a member’s smartphone or mobile device, they can easily gain access to the user’s digital wallet app and transfer funds in their name.
What can credit unions do to mitigate payment fraud?
P2P fraud is challenging for issuers, as consumers’ expectations of convenience and speed continue to rise. But credit unions do have tools at their disposal to help protect against all types of payment fraud schemes. The best approach for mitigating and preventing fraud is through adoption of a holistic, multi-pronged strategy that leverages a variety of solutions.
Credit unions that offer the P2P solution Zelle® through Co-op now have the option to add Zelle’s new Advanced Authentication feature. This extra layer of protection allows credit unions to select a dollar threshold that triggers a one-time authentication code sent via text or email. The member must enter the code into Zelle® to complete the transaction. This feature is helping credit unions mitigate fraud, increase member trust and protect the bottom line.
Self-service solutions that deputize your cardholders as members of your security team can also be very effective. Credit unions can empower their members with card controls and alerts like CardNav® by Co-op, adding them to the first line of defense against fraud. We also recommend regularly evaluating your risk profile strategy, and having regular discussions with your payment processing, digital banking and core system providers to understand what additional features and options are available to help mitigate risk.
What steps can credit unions take to protect members?
Make your members aware of the availability of account-based and transactional alerts. Also, always use strong two-factor authentication that does not rely on transmitting passcodes via email or SMS text messages. Frequently review monetary and velocity limits, and digital controls available with your digital provider to ensure you are protecting your members to the best of your ability. The Zelle Marketing Portal® has a comprehensive set of pre-approved safety and financial literacy tools you can use to assist your members.
What can members do to protect themselves?
Member education is a critical front in the ongoing fight against fraud. Regularly remind your members of these key fraud prevention practices:
- Carefully guard all account information and passwords,
- Never give out authorization codes or other information to anyone over the phone, even if they say they are calling from your credit union,
- Only use P2P services with people you know and trust, and
- Promptly report any suspected fraud to your credit union.
Co-op is here to help
As the threat of P2P fraud continues to grow, credit unions need to implement sophisticated fraud prevention strategies to stay one step ahead of the criminals. Co-op’s Fraud Prevention and Solutions Consultants are here to help! Reach out to us today to get started on applying the latest tools and techniques to protect your credit union and members.