Retail Payments Fraud: How Consumers and Banks Can Fight Back

There’s a lot going on in the retail payments space – defined as transactions between two consumers, between consumers and businesses, or between two businesses. With any change, fraud comes hand-in-hand.

Some of the changes are related to new digital payments methods like P2P apps, tap-to-pay, and cryptocurrency, which are all growing options in retail environments. Other changes are centered on the challenges of bank and ATM closures limiting consumer access to cash.

All these evolutions mean a changing landscape for retail fraud and scam trends. Let’s take a look at the current state of affairs, and how consumers and banks can fight back.

Will Zelle Join Apple Pay, GooglePay and Credit Cards at Point of Sale?

For the options available at point of sale (POS), along with credit cards and a host of “-Pay” apps, consumers may soon have another choice on the check-out screen at US retailers: Zelle.

Zelle is one of the country’s most widely used money transfer services. Last year, people sent $490 billion through Zelle, compared with $230 billion through Venmo, its closest competitor. That $490 billion in 2021 comprised 1.8 billion transactions, with both numbers more than double their pre-pandemic levels.

The Wall Street Journal reports that some of the banks that own the Zelle consortium want to expand its use from person-to-person (P2P) payments to retail payments, capitalizing on the massive growth Zelle experience during the pandemic.

Scammers Exploit Zelle and Cryptocurrencies

Fraudsters have already figured out how to exploit unsuspecting victims using Zelle. The New York Times recently ran a home page story on how criminals have concocted elaborate scams – complete with authentic ‘hold’ music – to impersonate bank customer service reps, tricking consumers into sending them money via Zelle.

The article also talks about how, unlike credit card and debit card fraud losses, fraudulent activity and losses through Zelle leave customers and often the banks themselves unable to recoup funds. It’s likely that fraudulent POS Zelle transactions wouldn’t be eligible for chargebacks, either.

Nearly 18 million Americans were defrauded through scams involving digital wallets and person-to-person apps in 2020, according to Javelin Strategy & Research, an industry consultant. Increasingly, the scams involve cryptocurrencies; The New York Times also recently investigating crypto romance scams in which victims are lured into paying criminals with fraudulent, and irrevocable, transfers into digital wallets.

About 56,000 romance scams, totaling $139 million in losses, were reported to the Federal Trade Commission last year, according to agency data. That is nearly twice as many reports as the agency received the previous year. In a bulletin last fall, the Federal Bureau of Investigation’s Oregon office warned that crypto dating scams were emerging as a major category of cybercrime, with more than 1,800 reported cases in the first seven months of the year.

Multiple Channels Increase Fraud Exposure

Consumers’ seemingly endless adoption of mobile payments continues to fuel a proliferation of new methods in different channels – such as Zelle potentially expanding from P2P to POS. Crypto is the latest addition to the mix, with several crypto-friendly banks putting cryptocurrency within close proximity of DDA accounts. For example, Chase Bank allows users to connect to the Coinbase exchange to buy and sell cryptocurrencies. And of course the latest news where Fidelity announced it will allow investors to buy crypto in their retirement accounts! 

Transactions through the automated clearinghouse (ACH) channel are on the rise, too. ACH volumes in the United States increased 8.7% in 2021, with P2P transactions up nearly 25%, to 271.2 million. While fraud rates over ACH remain small, just four basis points (.04%), NACHA officials say business email compromise attempts are on the upswing – just as they are across every channel.

The result is that the payments universe has turned into a giant roulette wheel for fraudsters; new channels and higher transaction volumes give fraudsters that many more chances to score. For banks, and consumers too, that translates into more risk exposure and a much larger payment fraud challenge. Here are some steps consumers and fraud professionals can take to bolster their fraud prevention efforts.

Consumers: Slow Down, You’re Moving Too Fast

It’s no secret that today’s pandemic-worn consumers are stressed. We’re worn down mentally and so driven by convenience that we often forget that we need to be careful. Try to remember to take it easy. That inevitably means slowing down the pace at which we zip money out of our accounts on our mobile phones, and how easily we give out personal information.

With the war in Ukraine we are reminded that fraudsters will pounce to exploit natural and man-made disasters, setting up fraudulent charity websites to collect personal information and steal well-intended donations. I blogged about this tragic phenomenon in 2018 and my advice rings as true as ever. The short version:

1. Be diligent and vigilant about who you’re giving your personal information and credentials to.  Make sure you’re not revealing personal information that can be used to take over your account.
2. Check yourself before you wreck yourself. Keep track of your transactions, which is easier than ever with mobile banking apps that send you notifications and alerts.
3. Donate where you work. 
4. Make the donation through a trusted third party. 

I would also apply “take it easy” to putting new apps on phones and scanning QR codes, which scammers are increasingly using to perpetrate fraud. Numerous scams involving QR code have been reported to the Better Business Bureau, especially in the past year.

Banks: Step Up Transaction Monitoring

Because consumers are at risk to expose personal information unwittingly, financial institutions need to closely monitor transactions in all retail payments channels to ensure nothing has gone awry.

Having the right data at the right moment is critical in this stepped-up monitoring. This can be accomplished by enhancing your institution’s data orchestration capabilities. In my recent data orchestration post I wrote:

With proper orchestration, we can use sophisticated technology capabilities, informed by data from a myriad of sources, to answer key questions in real time and evaluate a transaction in milliseconds for potential fraud. Questions you might answer include:

• Is this expected behavior?
• How does it compare to prior transactions?
• Is this transaction normal for the customer’s behavioral cohort?

How to orchestrate that data? Application programming interfaces (APIs) play a central role, bridging banks to information sources. A survey by PYMNTS found that “[m]ore than four out of five (83%) of businesses consider APIs critical to their strategies next year and beyond.” PYMNTS also notes that APIs are also a key driver of automated services, such as compliance, particularly when it comes to eCommerce.

How FICO's Fraud Detection Capabilities Can Help Your Organization Fight Retail Payments Fraud

From transaction monitoring to data orchestration to authentication and more, FICO can help. Check out these resources for more details:

• Learn more about our FICO® Falcon® Fraud Manager solution
• Read the two-part FICO blog on contextual intelligence: Part 1 “Contextual Intelligence - A New Tool in the War Against Fraud” and Part 2 “How FICO Orchestrates Contextual Intelligence to Fight Fraud”
• Take our Retail Banking Payments Fraud Strategy Self-Assessment to evaluate your current initiatives.

Follow me on Twitter @FraudBird to keep up with my adventures in fraud prevention and latest fraud-fighting insights.