In multiple geographies around the world, there has been a strong focus on authorized push payment fraud. The focus has finally arrived in the US. Also known as scams or authorized user fraud, this multi-billion-dollar global fraud challenge is a real headache for consumers and banks.
As a fraud professional, I watched the recent Senate Banking Committee hearing with great interest. While a Senate hearing might not be on your list of must-see TV, when the topic is consumer losses from scams, and participants include the CEOs from top banks in America, I definitely tune in (or to be clear, I set the DVR since “live TV” has lost its luster unless it has teams and scores).
I was most sympathetic for my fellow fraud fighters when Jamie Dimon, the CEO of JPMorgan Chase, took the initial position in the hot seat. Senator Elizabeth Warren, (D-MA) pointedly asked him about the number of fraudulent transactions Chase was seeing on the P2P payment platform Zelle. In a boisterous discussion, Mr. Dimon said he didn’t have the numbers in front of him but promised to get them by the end of the day.
That position was repeated by several of bank leaders, but to be honest, at that point I was having a hard time listening. I just kept trying to fathom the internal scrambles happening at the various banks as the testimony was happening!
Scams and P2P Payments Are Front and Center
Regardless of where you land on this topic politically, I do think one critical aspect of the solution to this problem is continued consumer education. So seeing “Fraud” as a headline can only help reinforce all of the industry’s consumer education attempts for this very difficult problem.
But shifting the focus back to the data – as I explained during my session with Julie Conroy at FICO World 2022, I am a firm believer in putting all your data in the right places and being able to access it when you need it. You never know when you’ll get a text from your leadership about testifying in front of the Senate!
It was even more surprising to me that the CEOs didn’t have the data right in front of them, given the signals coming from regulatory bodies like the Consumer Financial Protection Bureau (CFPB) about the need for more oversight for real-time P2P payments networks. The big question is who should be liable for losses when it comes to P2P scams, and we’re seeing two schools of thought.
On one side, there are regulators concerned about the perceived growth of scam losses through popular P2P payments apps like Zelle, Venmo and CashApp. Senator Warren recently issued a report claiming that there is “rampant fraud and theft on Zelle” and cited nearly 200,000 incidences of scam payments totaling almost $214 million through 2021 and into the first half of 2022.
On the other side, banks are actively fighting fraud across all their portfolios and channels. For the P2P app Zelle specifically, banks recently stated that the vast majority of transactions “had no associated reports of fraud or scams” and that other P2P apps have 3-6x more disputed transactions in comparison. But it is important to remember that transaction limits can be quite high for P2P apps, so even a single loss could be a life-changing sum for an individual.
The reality is that the US is reaching a tipping point for P2P scams. What remains to be seen is whether any future legislation shifts scam liability to banks or leaves the onus on consumers to protect P2P transactions more carefully.
All Parties Agree that Scams are Bad, But Not on Who Is Liable
Neither the banks nor the regulators disagree about the scope of the problem. Data from the FTC shows that to date in 2022, consumers report losing $703 million from bank transfers and payments, $90.6 million from debit card payments, and $82.2 million from payments apps and services.
Lawmakers and regulators are concerned about whether FIs should be liable for scam losses, particularly under a piece of legislation known as Regulation E which relates to Electronic Fund Transfers. The law today holds that consumers are not liable for “unauthorized” electronic funds transfers.
That idea of authorization is where deep divisions start to appear.
For most P2P payments apps, it is in fact an authorized user initiating and sending a payment. Scammers have identified that the immediate and irrevocable nature of payments through the P2P apps means that if a consumer can be tricked in payment, they can’t claw it back.
That is the crux of the issue – whether a payment was “authorized” or “unauthorized.” In many ways, a P2P payment is like handing over cash, and banks are working to educate customers about the impacts of sending money to someone they don’t know.
Spotting and Stopping Scams
While not exhaustive, some examples of scams include:
- Spoofing, where a scammer mimics or uses a legitimate brand or institution to solicit funds. This is evolving also into “me-to-me” spoofs where fraudsters trick customers into sending money to what they think are their own accounts.
- Classic appeals, like scammers posing as refugees, crypto investors, romantic interests or someone fleeing conflict or political instability. They convince customers to send payments in exchange for promises of lucrative returns, or simply to help those in need.
- Any pressure tactic that results in customers sending funds for fraudulent reasons, from ransoms to timeshares.
There’s no silver bullet to stop scams, but a layered approach can go a long way.
First, customer education will play a huge role in future scams prevention. Continuous and consistent details about the dangers of scams, how they’re perpetrated and how to prevent them will help consumers become a powerful line of defense against scammers. Some key points for customers include:
- Never respond to unsolicited requests for personal information
- Never fall for an appeal for urgency or scarcity in an email, text or phone call
- Never share personal information via phone, text, instant messenger or any other unsecure way.
- Enable multifactor authentication (MFA), avoiding text or email for one-time passcode sharing whenever possible.
For banks, it’s critical to identify typical behavior versus abnormal behavior for each individual customer. Putting enterprise fraud technology in place that can pick out abnormal consumer behaviors, like making a payment from a new device or to a never-before-seen payee, is one good way to fight the proliferation of scams. Another is layering in machine learning technology that includes dedicated Scams Detection Scores, which you can feed into decisioning rules to help increase friction when you see a high probability of a scam in progress.
Other weapons in the fight against scams are automated alerts and two-way communication. Most mobile and online banking allow customers to set up alerts so they know when purchases, withdrawals, or deposits are made against their accounts. Many banks are sending proactive notifications to customers, encouraging them to set up those alerts today.
Adding two-way communication in the customer’s channel of choice can also help connect customers with skilled agents who can resolve their fraud cases faster and potentially prevent future fraud attempts.
Earlier, I mentioned the importance of knowing your data, and knowing what your fraud systems are doing. An enterprise fraud approach that provides immediate access to performance metrics will help in those uncomfortable situations when a senator is pressing you for numbers – hopefully not a position you ever find yourself in.
How FICO Can Help You Fight Authorized User/Authorized Push Payment Scams
- Learn how our machine learning models can help detect significantly more scam transactions
- Dig deeper into what, exactly, are authorized push payment scams
- Explore Customer Communication Services for Fraud
For more of my latest thoughts on fraud, financial crime and FICO’s entire family of software solutions, follow me on Twitter @FraudBird.