That old Watergate adage to follow the money becomes well-nigh impossible in the digital age.
After all, the faster the payment, the faster the fraud. The faster the fraud, the easier it is for the criminals — plying their trade online with synthetic IDs, hiding behind new account openings, and phishing — to make off with ill-gotten gains.
As spotlighted in The New York Times over the weekend, when it comes to just who is on the hook for billions of dollars in fraud tied to peer-to-peer (P2P) transactions, well, for now, by and large, it’s not the banks.
Zelle users sent 1.8 billion payments last year totaling $490 billion.
PYMNTS’ own data show that 54% of peer-to-peer (P2P) lenders have grappled with false identities resulting from their authentication systems. Roughly 11% of credit and debit card users experienced some level of fraud last year.
Drill down a bit, and as the Times noted, Regulation E declares that banks are on the hook for “unauthorized” transactions. But that same designation gives the banks some latitude in disputing that they are indeed on the hook at all. After all, consider the scenario where a consumer sends money across P2P channels, unwittingly, to a fraudster. The funds have gone to precisely the wrong recipient for precisely the wrong reasons. In other words, the payment was indeed authorized, and one might argue that the onus for due diligence falls on the customer’s shoulders to verify that the receiver is indeed who they say they are.
Visibility Is Tougher
That level of verification becomes harder when the mobile device is increasingly the ways and means of sending money and of conducting fraud. Scammers can impersonate bank officials, they are able to intercept multifactor authentication codes, and they are able to prod consumers to authorize the transactions without the fraudsters’ having to siphon off the funds directly from their victims’ accounts. Here then lies the “gray area” where the banks can claim that they need not reimburse consumers for the losses incurred on accounts.
We’re already seeing some movement — depending on where you look, particularly in Europe — to legislate instant payments, and by extension, P2P.
For financial institutions (FIs) in the states, it may be the case that Reg E gets renewed scrutiny, particularly as real-time payments become ever more firmly entrenched across all manner of transactions.
For the banks, themselves, any change in liability tied to P2P will only spotlight the fact that the window of time to examine transactions has shrunk drastically. ACH and batch processing gave at least some delay in funds moving “out the door,” so to speak.
Banks will find it imperative to move toward advanced technologies to ensure that, as consumers demand more money mobility, funds are flowing with as much verification on each side of the transaction as possible. Behavioral analytics should be an integral part of multilayered security systems, operating as a second line of defense after customers have been authenticated via biometrics.