Person-to-person (P2P) fraud continues to be a top concern for credit unions and members alike. And it’s no wonder; as the ease in which consumers can make touchless payments continues to boom, opportunistic criminals are finding ways to capitalize on their popularity.
P2P payments increased substantially during the pandemic, with Venmo processing $230 billion in payment volumes in 2021, an increase up of 44% from the previous year. Zelle®, with the added advantage of being embedded into many popular credit unions and banks’ mobile banking apps, processed a record $490 billion, representing 62% growth in year-over-year transactions.
Why is P2P fraud growing?
P2P fraud is taking off because savvy fraudsters tend to go where the action is. Younger generations are embracing this convenient channel over traditional payment methods.
The advent of fast funds, where users have the option to pay a 1% fee to have funds immediately credited to their bank account is further pressuring issuing financial institutions to authenticate transactions quickly. This puts issuers between a rock and hard place, with the expectation for quick funds availability but the possibility of fraud losses for both customers and the issuers.
How do fraudsters commit P2P fraud?
- Impersonating Your Financial Institution
In this scam, criminals blast text messages “from” the financial institution inquiring about suspicious transactions. Anyone who responds to the text message will receive a phone call from the scammer. In some instances, the caller’s number will be spoofed so that it appears to be coming from the victim’s financial institution. To supposedly verify the identity of the member, the fraudster will request information such as online banking credentials and/or one-time passcodes sent via text or email. The criminal then logs into the victim’s online banking platform to reset their credentials and proceeds with P2P transactions to transfer the victim’s funds to their accomplices.
- Friendly Fraud
Some use “friendly fraud” social engineering tactics, like messaging a user requesting that they deposit the fraudster’s check in their account and then send the funds back to the requester via a P2P app. The fraudster then promises to send the victim $500 as “payment” for the transaction. Of course, the fraudster never sends the payment and the original check bounces, leaving the member (or the credit union) on the hook for the funds.
- Structuring Tactics
Credit unions are also seeing a rise in incidents of structuring, this is where deposits are made just below the $10,000 currency transaction threshold to evade IRS reporting requirements.
- Phishing Scams
An attacker sends a fraudulent message to trick your member into revealing sensitive information - often to access your accounts or commit identity theft. Phishing attempts usually occur through email, over the phone, or via text message. They can be very well-designed to look or sound like legitimate messages from those you know and trust, such as your financial institution, and may contain a link that directs you to a fake website that looks legitimate.
Unfortunately, with P2P fraud, fraudsters no longer need to obtain a user’s card number to steal funds. If they can hack into a member’s smartphone or mobile device, they can easily gain access to the user’s digital wallet app and transfer funds in their name.
What can credit unions do to mitigate payment fraud?
P2P fraud is challenging for issuers, given the nature of the channel and consumers’ rising expectations of convenience and the speedy receipt of funds. But credit unions do have tools at their disposal to help protect against all types of payment fraud schemes, and the best way is often through a holistic, multi-pronged approach that leverages a variety of solutions.
Self-service solutions that deputize your cardholders as members of your security team can also be highly effective. Credit unions can empower their members with card controls and alerts, adding them to the first line of defense against fraud. We also recommend regularly evaluating your risk profile strategy. This should include a discussion with your particular processor, digital and core vendors to understand what additional features or thresholds that are available to mitigate risk.
What steps can credit unions take to protect members?
Make your members aware of the option to receive account-based and transactional alerts. Also, always use strong two-factor authentication that does not rely on transmitting passcodes in email and/or SMS text messages. Frequently review monetary and velocity limits, and digital controls available with your digital provider to ensure you are protecting your members to the best of your ability. The Zelle Marketing Portal® has a comprehensive set of pre-approved safety and financial literacy tools you can use to assist your members.
What can members do to protect themselves?
Member education is a critical front in the ongoing fight against fraud. Remind your members often to protect their account information and passwords, never give out authorization codes or information to someone who they think is calling from their credit union, to only use P2P services with people they know and trust, and to promptly report any fraud to your credit union.
Co-op is here to help
For customized approaches to support your credit union in reducing your exposure to the growing threat of P2P fraud, talk to Co-op’s Fraud Prevention and Solutions Consultants, let's discuss your fraud profile and how Co-op can provide additional tools to help.