Banks constantly warn users of Early Warning Services' Zelle peer-to-peer app not to send funds to unfamiliar recipients. But scammers are finding new ways to defraud unsuspecting consumers, most recently leveraging fake text messages.
NASA Federal Credit Union in Marlboro, Maryland, lthis month warned its customers about a new trend of
Lawmakers are increasing pressure on financial institutions to add protections and reimburse consumers for losses from P2P scams. Sen. Elizabeth Warren, D-Mass., recently released a
There are no comprehensive technology tools to prevent so-called authorized push-payment (APP) fraud, but firms specializing in biometric technology to detect fraud claim they are making headway in developing models to interrupt certain of these fraud incidents.
Callsign is developing a "dynamic intervention" tool it says some banks are using to battle APP scams where the scammers use social engineering to rip off consumers via P2P apps.
When fraudsters hook victims with bogus texts, emails or calls and begin to "coach" them into cooperating with the scam, Callsign's technology can detect unusual behavioral patterns indicating a problem, said Bill Sytsma, senior vice president and general manager at the London-based company.
"Behavioral clues that are out of the norm — such as fumbling and hesitating while entering unusual amounts to be sent to unfamiliar recipients' phones or accounts — are some of the red flags biometrics spotlight," Sytsma said.
When Callsign's technology spots these suspicious traits, participating banks may intercede with a variety of contextual, customizable responses.
"These aren't just routine warnings that consumers get from their bank when they send a P2P payment to a new contact — we can actually interrupt a transaction if the risk scores for a suspicious transaction are above a certain threshold," Sytsma said.
A handful of undisclosed banks in the U.S., Canada and the U.K. are testing Callsign's technology with software that automatically triggers actions ranging from sending a real-time warning to the customer to completely blocking dubious transactions. A year ago Callsign announced that Visa plans to use its behavioral biometrics and device fingerprinting tech across Europe to help deter fraud.
"We're developing solutions that spot fraudulent signals while minimizing friction for routine payments," Sytsma said.
BioCatch, an Israeli startup with U.S. offices in New York, also offers biometrics-based technology it claims can help identify behavioral aberrations indicating customers are in the midst of an APP scam, according to Seth Ruden, the company's global advisor of fraud strategy.
"Our technology can identify accounts that are being exploited and we can enable banks to set up controls flagging accounts with high risk factors, including cases where telltale signs suggest coercion is happening and people are being commanded or instructed to follow instructions," Ruden said.
BioCatch uses machine learning to detect potential APP scams based on the online banking session length, choppy typing, hesitation and other unusual movements. Banks can use this data to inform their transaction-intervention strategies.
Combined with other device-identification tools BioCatch is developing, the company said it's making substantial progress in working with banks to design systems that cut down on APP fraud, Ruden said.
But in cases where consumers don't betray hesitation and override warnings, it's hard to completely block APP fraud, both Callsign and BioCatch agree.
APP fraud is particularly harmful for consumers who lack legal recourse for recouping lost funds. Under existing U.S. regulations, banks are only required to reimburse consumers for unauthorized fraud. While some banks reimburse customers stung by APP fraud,
Banks around the world are working on improving internal systems to flag APP fraud, but analysts are skeptical about how far biometrics can go to block fraud that consumers authorize.
"I don't see physical biometrics as a solution to this, because the consumer is voluntarily initiating a transaction [like Zelle]," said Julie Conroy, head of risk insights and advisory at the consulting firm Aite-Novarica.
So far every country that has introduced faster-payment rails with non-refutable transactions has seen new scam tactics emerge, Conroy said.
APP fraud has been rampant for years in the U.K., where P2P payments are more mature, having been introduced around 2005, whereas Zelle was introduced in the U.S. only five years ago, Conroy noted.
U.K. regulators have pressured British financial institutions to take a more active role in preventing APP fraud and U.K. lawmakers said legislation is forthcoming that will require banks to protect consumers from scam losses.
So far this year, the U.K. has seen a 17% decline in APP fraud compared to last year, the consumer advocacy group
APP fraud in the U.K. so far this this year has reached about £250 million (US$283 million), accounting for about a third of the £610 million in total fraudulent bank transactions to date.
Biometric technology will likely be one element of an evolving set of cross-industry strategies to deter APP fraud, according to Ruden.
"As real-time payments expand, it's inevitable that we'll continue to see fraud and scams expand, but tools like ours are evolving to help develop models that will allow us to work more effectively with all parties in the financial ecosystem — from banks to telcos to large tech firms — to substantially block APP fraud," Ruden said.
