Attention banks: liability for certain payments-related fraud could soon be dumped in your lap.
The scenario is dubbed authorized push payment fraud, or APP fraud, and it's a catchall for when cyber-thieves trick consumers into sending money under false pretenses. Often, fraudsters masquerade as a person or entity the person trusts, such as a bank or utility provider. Then they attempt to convince the person to authorize a payment. The ruse preys on the idea that people think their funds are going to the trusted individual or provider.
It's a growing problem, and Zelle's rise in popularity and last year's launch by the Federal Reserve of its FedNow real-time payment service, raises the stakes. According to ACI Worldwide's
At present, banks in the U.S. aren't required to reimburse consumers for
In the U.S., banks have generally taken the position that consumers should be responsible for ensuring recipients' legitimacy, with limited exceptions. Early Warning Services, which operates Zelle, now mandates reimbursement for qualifying imposter scams where the consumer was duped into sending money to a criminal posing as a government agency, financial institution or service provider, according to a spokesperson.
There are efforts afoot in the U.S. to develop more
Regulators also have expressed concern about the financial protections in place for customers, as it pertains to Zelle. The Wall Street Journal recently reported that the Consumer Financial Protection Bureau is investigating major U.S. banks for their handling of customer funds on Zelle. The
In a statement, Early Warning Services, the operator of Zelle, said that as a result of its "multi-layered network protections and consumer education efforts, 99.95% of transactions on the Zelle network were completed without a report of scam or fraud in 2023."
As the debate on how best to combat APP fraud moves forward in the U.S., there are several things banks can do to help protect customers and themselves.
Customer education remains important, especially as generative AI makes these scams more realistic and harder to detect, said Abdulah El Tarazi, partner in the global payments practice at IBM.
Additionally, banks need to implement or upgrade fraud detection systems, which includes using machine learning to detect suspicious patterns and prevent fraud, he said. The amount of data that banks have access to has grown substantially over the past few years to help them develop better risk models, El Tarazi added.
Banks should also aim to validate the payee to the extent possible, said Pete Redshaw, analyst vice president at Gartner. Is the name exact, or is it off a letter, for example? Another area of focus could be sudden activity in accounts that were previously dormant, Redshaw said.
It would help if regulators were to develop a framework mandating banks to more broadly collaborate to prevent fraud, El Tarazi said. Technology exists to help banks share the types of data necessary to more effectively combat APP fraud, but without a directive from regulators, it's a slower process, he added. "Unless there are real clear mandates from regulators and policymakers, we see it taking longer for banks to adopt these types of solutions."
Meanwhile, some countries that have adopted real-time payments are seeking to pull in the reins a bit, in an attempt to stop APP fraud. In the U.K., for instance, legislation has been
Of course, it's a delicate balance, said Zilvinas Bareisis, a director at global research and advisory firm Celent who focuses on financial services. "Customers don't like it when their transactions are held up by their banks. But there's also a level of protection that's necessary," he said.
