How banks can respond to pressure as payment fraud spikes

PaymentfraudBL107
Chris Ratcliffe/Bloomberg

Attention banks: liability for certain payments-related fraud could soon be dumped in your lap.

The scenario is dubbed authorized push payment fraud, or APP fraud, and it's a catchall for when cyber-thieves trick consumers into sending money under false pretenses. Often, fraudsters masquerade as a person or entity the person trusts, such as a bank or utility provider. Then they attempt to convince the person to authorize a payment. The ruse preys on the idea that people think their funds are going to the trusted individual or provider.

It's a growing problem, and Zelle's rise in popularity and last year's launch by the Federal Reserve of its FedNow real-time payment service, raises the stakes. According to ACI Worldwide's Scamscope Fraud Report, losses to APP scams are expected to hit $6.8 billion, representing a compound annual growth rate of 11% from 2022 to 2027. The largest portion of that is expected to be in the U.S.

At present, banks in the U.S. aren't required to reimburse consumers for APP fraud under the Electronic Fund Transfer Act, according to the Atlanta Fed in a recent blog post. This means consumers face significant risk, which consumer advocates would like to pass on to banks. In the United Kingdom, for example, 100% of APP fraud liability lies with banks, which is shared equally between the sending bank and the receiving bank. Starting Oct. 7, the maximum reimbursement limit will be  about $113,000. 

In the U.S., banks have generally taken the position that consumers should be responsible for ensuring recipients' legitimacy, with limited exceptions. Early Warning Services, which operates Zelle, now mandates reimbursement for qualifying imposter scams where the consumer was duped into sending money to a criminal posing as a government agency, financial institution or service provider, according to a spokesperson.

There are efforts afoot in the U.S. to develop more consumer-friendly fraud protection laws. Democratic-led bills introduced in August by Rep. Maxine Waters and Sens. Richard Blumenthal and Elizabeth Warren would protect consumers who are defrauded when they make payments to fraudsters on Zelle, Venmo and other platforms. 

Regulators also have expressed concern about the financial protections in place for customers, as it pertains to Zelle. The Wall Street Journal recently reported that the Consumer Financial Protection Bureau is investigating major U.S. banks for their handling of customer funds on Zelle. The CFPB is focused on whether banks are doing enough to verify the identity and background of deposit-account customers and to shutter scammer-controlled accounts, according to the Journal.

In a statement, Early Warning Services, the operator of Zelle, said that as a result of its "multi-layered network protections and consumer education efforts, 99.95% of transactions on the Zelle network were completed without a report of scam or fraud in 2023."

As the debate on how best to combat APP fraud moves forward in the U.S., there are several things banks can do to help protect customers and themselves.

Customer education remains important, especially as generative AI makes these scams more realistic and harder to detect, said Abdulah El Tarazi, partner in the global payments practice at IBM. 

Additionally, banks need to implement or upgrade fraud detection systems, which includes using machine learning to detect suspicious patterns and prevent fraud, he said. The amount of data that banks have access to has grown substantially over the past few years to help them develop better risk models, El Tarazi added.

Banks should also aim to validate the payee to the extent possible, said Pete Redshaw, analyst vice president at Gartner. Is the name exact, or is it off a letter, for example? Another area of focus could be sudden activity in accounts that were previously dormant, Redshaw said. 

It would help if regulators were to develop a framework mandating banks to more broadly collaborate to prevent fraud, El Tarazi said. Technology exists to help banks share the types of data necessary to more effectively combat APP fraud, but without a directive from regulators, it's a slower process, he added. "Unless there are real clear mandates from regulators and policymakers, we see it taking longer for banks to adopt these types of solutions."

Meanwhile, some countries that have adopted real-time payments are seeking to pull in the reins a bit, in an attempt to stop APP fraud. In the U.K., for instance, legislation has been proposed to allow payment service providers to delay transactions to investigate suspicions of fraud. "Because the current checks are insufficient, they might need to add some extra layers of defense," Redshaw said.

Of course, it's a delicate balance, said Zilvinas Bareisis, a director at global research and advisory firm Celent who focuses on financial services. "Customers don't like it when their transactions are held up by their banks. But there's also a level of protection that's necessary," he said.

For reprint and licensing requests for this article, click here.
Payments Payment fraud Cyber security Zelle
MORE FROM AMERICAN BANKER