Faster and larger transaction flows have transformed the financial space into a lucrative superhighway, where bad actors can sweep in undetected and make off with substantial and ill-gotten gains.
Among the most exploited gateways for fraudsters are account-to-account (A2A) and peer-to-peer (P2P) payment systems. The increasing popularity of these methods for repaying friends, making purchases, or splitting bills has created an opportune environment for malicious activities. As more consumers opt for the convenience of these payment channels over traditional methods like credit cards or cash, bad actors are ready to seize the moment and strike.
The tolls of these attacks are not just financial; the damage extends to the trust and security of consumers. Recent data from the Federal Trade Commission revealed that consumers lost nearly $8.8 billion to scams in 2022, an increase of 30% from the previous year.
Kerry Thomas, Senior Vice President of Fraud and Decisioning Products at Mastercard, and Kevin Libby, Analyst of Fraud & Security at Javelin Strategy & Research, explored this topic during a recent PaymentsJournal podcast. They discussed the contributing factors that have fueled an increase in fraud attacks, why A2A and P2P fraud is rising, and what consumers and FIs can do to protect themselves.
What’s Contributing to the Rise in Fraud Attacks
Fraudsters are implementing manipulative tactics that aim to attack consumers at their most vulnerable points, particularly around peak shopping days like the holidays. Fraudsters are leveraging various channels, including email, and pretending to be a family member or friend in need of financial help.
Some are even fabricating fake charities, aiming to attract consumers and solicit donations for organizations that don’t exist.
“With the heightened transaction flows of the holiday season, it becomes this breeding ground for fraudsters to really start to take advantage. And what they’re really playing on is the emotion of the consumers,” Thomas said.
“We’ve also moved from a different form of victim fraud, where it used to be, I steal information via online channels or dark web to, ‘No, I’m going to get you to give me the information and I’m going to do that through manipulation, through the emotional pulls.’ When you think about the holiday season, what’s more emotional than, ‘Hey, I’m buying a gift for a loved one’? You’ve got this perfect environment for fraudsters to really play on those emotions.”
Rising transaction volume and heightened emotional sensitivities create an ideal environment for a surge in fraudulent attacks.
“A prominent factor that’s presenting opportunities for criminals these days is that consumers are increasingly turning their attention online for everything—from socializing to shopping to banking,” Libby said.
“That presents criminals with opportunities to take advantage of the anonymity and ambiguity that online interactions provide. Criminals are very adept at social engineering, and I think the fewer cues you have from body language to appearance to environment in which you encounter a criminal, the fewer cues you have from which to discover their ruse, the better their chances are of taking advantage of you.”
Why A2A and P2P Fraud Is Accelerating
The rising use of A2A and P2P payments has expanded the pool of opportunities for fraudsters to leverage their attacks. And that pool is going to continue to grow. According to the Consumer Financial Protection Bureau (CFPB), P2P mobile payment users will number 159.3 million in 2023.
Fraudsters are also exploiting a blatant vulnerability that has, surprisingly, been left unaddressed: Fraud detection systems and security checks are notably lax. This is because these payment systems prioritize speed and convenience. When customers are onboarded, it’s a streamlined process with fewer layers of customer authentication.
“It’s in large part attributable to the fact that P2P and A2A transactions are growing in popularity among consumers and criminals alike,” Libby said. “Consumers are increasingly drawn to P2P transactions because they’re most often free, they’re convenient, and you can move money between individuals as easily and quickly as if it were cash.
“Criminals are drawn to P2P platforms because the funds settle quickly and setting up transfers is as simple as providing the consumer with an email address or phone number to send the payment to.”
Javelin research in 2022 found that of the consumers who experienced unauthorized access to their bank account, 23% said the fraudster broke into their P2P account. Furthermore, 29% of consumers who suffered a financial loss were robbed directly from their P2P account.
“Anything that’s new in payments often doesn’t have the same controls, the same regulations, the same kind of understanding of the risk,” Thomas said. “What we end up seeing is the fraudsters take advantage of it and you don’t have the proper controls and tools in place to mitigate.”
How Consumers Can Protect Themselves
Financial institutions can’t detect fraud in every transaction—whether it’s a genuine one or whether the institution is manipulated to authorize a transaction. The key to mitigating fraud is prevention, and one of the most important tactics to help prevent fraud is to be educated and stay abreast of the latest fraud tactics.
Consumers should also rely on their financial institutions to send regular email newsletters, social media posts—anything that provides useful information to keep customers informed about the latest scams and fraud tactics so they can avoid becoming the next victim. Ultimately, consumers and financial institutions have a responsibility to stay informed.
“You have to trust who’s on the other side of that payment, and it requires a little bit of due diligence,” Thomas said. “You need to investigate. If you get a text or an email and there’s a link, don’t trust it. Look it up. Go directly to the website.
“They’re so sophisticated now that they will attack you where they know you. Because emails and addresses and things are so readily available, these bad guys realize, ‘Oh, you have an Amazon account, you have a PayPal account, you have these different types of services. I’m going to send you an email or a link that looks just like that solution that you leverage.’”
When in doubt, consumers should always reach out to the financial institution directly to verify these messages and requests for information.
“You can’t overestimate the value of providing somebody with even a little bit of knowledge. It goes a long way,” Libby said. “And for consumers, I think if they don’t know that a particular scam or a particular fraud type exists, then they don’t know to look out for it in the first place, let alone what tell-tale signs there might be.”
Best Practices FIs Should Consider
Artificial intelligence is proving to be a game-changing tool in helping FIs combat fraud tactics. Some of the ways they’re using AI is via anomaly detection systems. AI can evaluate an extensive amount of data, including user behavior and transactions. It can also identify any anomalies or other suspicious patterns that could indicate an attack, which enables early detection.
Implementing stronger identity and verification—a process that verifies that the person or the organization involved in a transaction is legitimate—is also crucial. It verifies different forms of documentation, including biometric identification and database checks.
“The sheer number and variety of parameters that financial institutions are able to test these days, not just individual parameters themselves, but also how they kind of interact and how they might influence or inform one another,” Libby said. “That goes a long way to engaging in identity authentication and verification protocols and keeping criminals out while still allowing users the near frictionless experiences that they’re hoping for and growing used to.”
In the End, We’re All Responsible
It’s easy to play the blame game when financial institutions and consumers are under duress from unceasing fraud attacks.
However, the best strategy is for both parties to take more responsibility. Consumers need to be hyper-vigilant and aware of what fraud is out there to avoid being tricked into making fraudulent payments. Meanwhile, financial institutions must continually look for ways to safeguard their customers with the latest fraud protection solutions, including AI-powered tools.
“It starts with awareness,” Thomas said. “It starts with understanding the risks that are out there, how it’s evolving, how the ecosystem is evolving, and then understanding that as the ecosystem evolves.”
