Since the onset of the pandemic in 2020, consumers have increasingly turned to digital technology for safety and convenience, including peer-to-peer (P2P) payment platforms like Zelle or Venmo. Today, consumers of all ages frequently use P2P payment tools to simplify transactions like splitting restaurant bills, reimbursing friends or paying bills. Cyber criminals are capitalizing on this technology’s popularity, seizing the opportunity to execute P2P fraud.
The Rise of P2P Fraud
According to the use of P2P payments among small businesses has grown in recent years, and increased mobile banking adoption will drive P2P growth by nearly 20% between now and 2030. In fact, a 2020 AARP survey of adults 50 and older found almost three-quarters of respondents had used some form of P2P.
Unfortunately, P2P fraud is one of the hottest trends among cyber criminals. Even if you don’t use P2P, you can be a victim. A whopping 74% of Americans say they have received a scam text this year, while 83% have received a scam phone call. In a recent six-month period, the U.S. Federal Trade Commission saw more than that cost victims about $108 million.
Given the widespread use of P2P payments, it’s critical to be mindful of best practices for staying secure to avoid becoming a victim.
How P2P Fraud Works and Examples of Common Scams
P2P fraud often begins through a text message asking whether a transaction looks familiar. When you reply, the fraudster calls and explains that they are there to help. They often share information they know about you—such as phone number, address, birthday and more—which is easy to find on the internet. Finally, they attempt to get your password or have you reset it. They may even ask you to transfer money.
Sometimes scammers will pose as a legitimate business and ask you to send a P2P payment for a good or service, but never send the good or service after they receive payment.
Another common scam involves a fraudster “accidentally” sending you a P2P payment and asking you to send the money back, or they may overpay you for something you’re trying to sell online. This mistake of sending money might seem innocent, but the scammer likely deposited the money into their account from a stolen credit card or bank account. If the P2P platform eventually flags the transaction as fraud, it could hold you responsible for repaying those funds. Instead of sending the money back, always contact the P2P service directly to remedy the error.
How to Prevent P2P Fraud
Don’t let your customers, members, employees or colleagues become a victim of P2P fraud. Here are seven tips to protect yourself and others:
1. Enhance Security for Your Accounts
Check the settings on your digital banking account and enable all security features, especially multi-factor authentication (MFA). MFA makes it more difficult for a hacker to gain account access by requiring a third piece of authenticating information that supplements usernames and passwords. Typically, this third piece of information is a code sent via text, phone call or email.
2. Keep Your Password to Yourself
Never share your password with anyone. No financial institution should ever ask you for your password.
Further, ensure your digital banking password is secure and use unique passwords for all important accounts. Ideally, your password should be at least 15 characters. And while password length is important, complexity amplifies strength. To maximize security, consider using a passphrase or complete punctuated sentence. Your passwords should not contain any identifying information, such as a spouse’s name, important dates, hobbies, etc.
3. Avoid Suspicious Links
Never click on a link sent to you in a text or email you weren’t expecting. Before clicking on any email link, hover over it with your mouse to see what site the link directs to. If the underlying address does not match the address in the email, do not click it. Verifying the link is legitimate by contacting the sender is always a safe measure.
4. Don’t Feel Pressured
Don’t feel pressured during a conversation or when reading an urgent email. Fraudsters often use scare tactics or forced urgency to make you feel like you must act immediately. If someone urges you to act fast or emphasizes scary outcomes, their claims are likely fraudulent. Take a step back and evaluate the situation to avoid making decisions that might put you at risk.
Additionally, exercise caution if someone claiming to be from a financial institution pressures you for payment with an unexpected phone call or text. Typically, institutions send a written statement or correspondence via mail or email to alert you of payments.
5. Confirm the Caller
If someone claiming to be associated with a financial institution calls you to discuss potential fraud on your account, confirm that caller’s identity. Ask their name, then hang up and call the institution directly to ask for them. You can also call the number on the back of your card.
6. Never Send a Payment to Yourself
Never send a payment to yourself, especially at the direction of someone helping you. Fraudsters may call and impersonate your financial institution, claiming to alert you to suspicious activity on your account or to ensure your account isn’t frozen. These scammers often try to make you think you’re sending money to yourself when you’re sending money to them.
7. Stay Vigilant
Fraudsters can spoof phone numbers to make it look like they are calling from your financial institution, so it’s important to stay vigilant. Spoofing is an effective way for cyber criminals to disguise their identity, allowing them to display what looks like a legitimate number on your caller ID. It may not be immediately apparent if a call is spoofed, so exercise caution when answering calls from unknown numbers and responding to requests for personal information.
Spoofing allows criminals to display what looks like a legitimate number when calling, so always be cautious if a caller asks for personal information.
What to Do if You’re Involved in P2P Fraud
Always report fraud attempts to your financial institution. You can also report fraud to the Federal Trade Commission (FTC). If you completed a fraudulent transaction, contact your bank, credit union or the company behind the money transfer app used and ask them to reverse the payment. If your debit card was linked to the account, notify your financial institution.
When you report attempted fraud or a scam, your financial institution or organizations like the FTC can use this information to identify trends, create more effective education and build cases against scammers.
The Fight against P2P Scams
As cyber criminals enhance their tactics, consumers must stay vigilant against the latest scams. While the financial services industry has made great strides in shoring up security measures to combat scammers, protections are made more effective with security-minded consumers that follow best practices to mitigate risk.
Looking for additional cybersecurity best practices? Listen to our Fintech Focus podcast for insight into current cyber threats and how organizations and individuals can maintain security.
LISTEN NOW
Steve Sanders serves as CSI’s chief information security officer. In his role, Steve leads CSI’s information security vision, strategy and program, and chairs the company’s Information Security Committee. He also oversees vulnerability monitoring and awareness programs as well as information security training. With more than 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain a command of cyber-risk oversight.