By Patti Murphy
In today's always on economy, instant payment networks have become table stakes for consumers and businesses alike. As with most good things, however, there is a downside: instant payment networks have become magnets for fraudsters.
The Federal Trade Commission reported it heard from 22,593 consumers who lost a combined $44 million to fraudsters through payment apps and services like Zelle and Venmo during the second quarter of 2024. Fraud involving bank transfers and payments registered the most losses during that quarter: $502.4 million.
Here's the worst part: consumers who fall prey to scammers rarely get their money back, according to a report released in July by the Senate Permanent Subcommittee on Investigations (PSI). Unlike other payment types (like card payments) once a payment instruction is sent via Zelle, for example, it can't be canceled or reversed, with few exceptions.
Federal law requires platforms such as Zelle to reimburse consumers who lose money due to unauthorized transactions, what Zelle identifies as "fraud," but not transactions authorized as a result of scams.
In 2020, JPMorgan reimbursed just three transactions out of 41,390 reported scams. On the other hand, JPMorgan, BofA and Wells, combined, reimbursed an average of 47 percent of all credit card disputes and 36 percent of all debit card disputes from 2019 to 2022, according to the subcommittee's report.
Consumers aren't the only ones getting burned, either. The PSI's report, titled A fast and easy way to lose money: insufficient consumer protection on the Zelle network, noted that Early Warning Services actively markets to businesses. For example, the network partnered with a national property management company for rent collections.
Spanning nearly 15 months and thousands of pages of documents and data, the PSI report concluded that EWS and its three largest bank owners (JPMorgan, Wells and BofA) aren't doing enough to protect consumers from the growing risk of scams and fraud on the network. For example, despite Zelle marketing its services to businesses, the three banks studied don't offer purchase protections similar to those that govern credit and debit card payments.
"Zelle and the big banks who own it know that Zelle's speed and convenience make it a target," said Senator Richard Blumenthal, PSI chair. "They are well aware that every single day, some of their customers will be hurt. They know this and are willing to accept the risk as the cost of doing business – the cost for their customers, that is, not for themselves."
For example, in 2020, JPMorgan reimbursed just three transactions out of 41,390 scam disputes that year, according to the report.
Zelle is one of a handful of person-to-person platforms that allow consumers to send money instantly to other individuals or businesses. It is considered the leading provider of P2P payments services, outpacing other well-known competitors like Venmo and Cash App.
The U.K.'s experience with fraud on instant payment platforms "serves as a cautionary tale for the U.S.," Datos Insights stated in a recent report. "Fraudsters have demonstrated their ability to exploit APP [automated push payment] and ATO [account takeover] fraud schemes, honing their techniques over years of practice before turning their attention to the U.S. faster payment rails," the report stated. "Given the larger population and more fragmented banking landscape in the U.S., the potential for fraudulent activities is significantly greater than in the U.K."
A recent Mastercard report pointed to account-to-account fraud as a growing problem, not just for financial institutions (FIs) but for acquirers and other payments companies. "There is a growing possibility that acquirers will be using A2A at some point and therefore see the potential for problems in their own businesses," the report stated.
The Electronic Funds Transfer Act and Regulation E address fraud and other problems arising from P2P transactions, requiring FIs to reimburse consumers for unauthorized transactions. What isn't covered are scams where consumers are tricked into sending money to fraudsters.
EWS has taken the position that it is not technically a FIs under the EFTA and Reg E, and thus is not liable to consumers who are victims of scams or fraud on the Zelle network, according to the subcommittee's report.
This hasn't set well with lawmakers. In August, a group of House and Senate members introduced legislation titled the Protecting Consumers from Payment Scams Act. That legislation would update the EFTA to clarify specifically how consumers should be protected from scams and other fraud on P2P networks.
The legislation also would require banks and/or networks used to scam consumers to share liability. And it would classify EWS and other financial services companies that play central roles in facilitating electronic payments as FIs, and thus subject to the EFTA and Reg E.
"Americans are sick and tired of these scams," said Senator Elizabeth Warren, D-Mass., one of the authors of the bill. "Banks and peer-to-peer payment services like Zelle need to be held accountable for the scammers that are operating on their platform."
It's not that FIs are indifferent to scams and other frauds on these new instant payment networks, but the potential for fraud has given some institutions, particularly smaller FIs, pause. "Fraud is top of mind for financial institutions," Heman Daswani, a principal consultant at Temenos, explained in an interview.
He noted, however, that their training and experience has been with batch processing. (Think ACH and card payments.) "Financial institutions need to up their games with technology," Daswani said, adding that the ongoing sophistication of fraud actors requires FIs, regulators and customers to play catch up.
Rushiru Gunasena, senior vice president for RTP product management at The Clearing House, suggested more and better sharing of information between FIs could help with fraud mitigation. "Sharing and better collaboration would help put a dent in fraud moving from one network to another," he said.
The Clearing House is a payments company owned by 20 of the world's largest banks, including many of the same banks that own Zelle. Most, if not all, Zelle transactions clear through RTP.
Many scams today are so sophisticated that it's difficult for consumers to recognize them for what they are, said Scott Harkey, executive vice president for financial services and payments at the consultancy Endava.
During a presentation at a virtual summit put on by Unit21, Harkey pointed to two trends that are driving up scams: greater availability of data to fraudsters and advances in artificial intelligence. "It's getting harder for people to detect what is a con and what is not," he said.
Unit21 is one in a small army of firms that have emerged to address fraud on payment platforms. The company leverages real-time monitoring and AI-driven investigation tools to block fraudulent transactions in real time, stated Ian Macallister, the company's COO.
Fraudsters use AI in a variety of ways. One common technique is to impersonate family members or friends and then ask those individuals for money or personal information. Typically, these scams use AI to manipulate videos and recordings found on social media sites to produce realistic recordings that sound like panicked relatives asking for money.
"It's become extremely hard to convince people they are being duped," Donna Turner, an adviser with Ernst & Young, said during the Unit21 summit.
AI provides cache for fraudsters and fraud fighters alike. And this has serious consequences for the adoption of instant payment networks, like Zelle, RTP and the Federal Reserve's FedNow.
"As the world becomes increasingly interconnected, the threat of fraud looms large, demanding robust and innovative solutions," Mastercard noted in a 2023 blog post. "This is where [AI] steps into the limelight, promising to revolutionize transaction fraud detection and bolster security measures."
A 2023 survey of FIs conducted by Mastercard found nearly half (49 percent) had already integrated AI into their fraud detection systems, while 93 percent planned to invest in AI within the next five years. "This overwhelming interest in AI signifies a paradigm shift in how the financial industry perceives technology's potential to combat transaction fraud," Mastercard wrote.
A majority of FIs (65 percent) told Mastercard's pollsters that AI is a useful tool in solving social engineering and payment push scams. One advantage of AI is that the technology evolves with changing data, making it easier to spot new and emerging scams. "As the AI model matures, it becomes more effective unlike other technologies that become obsolete or need constant updating," Mastercard stated.
But AI is not a panacea. "AI can't solve all the problems," Gunasena said, adding that AI works by selecting specific elements and formulating answers based on those elements. "It's not like a human making intelligent decisions," he pointed out. He further noted that ethical and legal problems can ensue absent the right controls and inputs.
Mastercard's survey identified numerous barriers to wide adoption of AI to meet the challenges of fraud and money laundering. These include implementation timeframes, data availability and the ability to explain outputs. "Research shows that deployment can take months, even years, to complete," Mastercard noted in its report.
Patti Murphy, self-described payments maven of the fourth estate, is senior editor at the Green Sheet. She also co-hosts the Merchant Sales Podcast, and is president of ProScribes Ink.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next