It has never been easier to transfer money quickly than with the current banking apps and peer-to-peer (P2P) payment platforms. The increased convenience has made it easier to order services, shop online, and support friends and family members from afar with little to no lag time. Still, there is always someone looking to snag your hard-earned money through fraud, a scam or a security attack. COVID-19 has created new opportunities for fraud and scam attempts, including those related to P2P payments. Taking time to understand potential threats and how to navigate them will give you an added layer of protection from fraud.
An increase in peer-to-peer payments
As P2P payments increase in popularity, it’s become essential to know how they work. P2P payments are instant digital transfers that make it simple and secure to send money to friends, family, trusted businesses and professionals without a card, check or traditional multi-step wire transfer process. Similar to a debit card, they eliminate the need to have cash on hand by initiating a payment directly from an associated bank account—just without the card. In real-time, money can be pulled from your bank account and sent to another P2P account. It’s a secure way to send money and digitize day-to-day transactions—unfortunately, if you’re unprepared, this added speed and convenience can open an opportunity for fraudsters. Some of the most used P2P options include:
- Cash app
- Apple Pay
- Google Pay
According to PYMNTS, ”the number of people sending money using Zelle was up 116 percent, and transactions increased by 207 percent in 2019 as compared to the previous year.” AARP reports 70% of Americans are using at least one peer-to-peer payment service. While these platforms are technologically secure, there are still many scams centered on using P2P services. Of particular concern are confidence schemes targeting P2P services. Confidence scams prey on a person’s emotions, wants, and needs to gain sensitive personal information or convince the victim to send money to the scammer willingly. You should always be sure that you know and trust any person you are paying.
What is peer-to-peer fraud?
Maryann Miller, Fraud Executive at Actimize, has been warning for years, “As payment speeds increase, fraud increases. It’s just that simple. You can’t underestimate how quickly and completely fraudsters will attack real-time payments. They are not just going to attack the payment product itself, but everything else in the environment including registration, authentication, loading bank information or any loophole they can find. When they find it, they’ll hit it continuously until discovered.” P2P platforms are very convenient. However, this means that you need to be careful that simplicity doesn’t lead to complacency with your financial security. Here are some of the common threats you might encounter:
Application fraud (stolen identities): Identity theft could lead to strangers signing up for P2P platforms pretending to be you and pulling money directly from your account. To create an account in your name, they would need to get access to bank account numbers, a Social Security number and other forms of sensitive data often obtained through a data breach.
Consumer scams: When someone offers a service or product but never follows through, it may be considered a consumer scam. When the goods never show up, appear not-as-described or the service isn’t completed, are you covered? Buying from a person online through Craigslist, Facebook Marketplace, or other person-to-person purchase forums where buyers and sellers determine sale terms directly can create opportunities for a consumer scam. It’s best to only pay for an item from a trusted seller or once you have the item in-hand, or you run the risk of paying funds for an item you never receive.
Smishing scams: Stealing your password is a common goal of a phishing, vishing or smishing scheme. Watch out for emails, phone calls or text messages (even from people you know) that ask you to click a link or send information. These messages tend to sound like an emergency and the action requires you to open an attachment or click on a link that might seem harmless. The messages and landing pages can often appear legitimate. These scams most often lead to account takeovers using social engineering or malware to gain the info needed to access your financial accounts or peer-to-peer payment apps.
2-Step authentication thief: A fraudster could send out thousands of fake alert text messages, pretending to be the bank. If you respond, the con artist will call, claiming to be a fraud department and asking you to verify your account by sending a code to your phone. That 2-factor authentication code is sent to your verified number to confirm that you’re attempting to access your account. Never give this number to anyone—as soon as you provide the verification code, your account can be compromised. For example, OnPoint and other financial institutions will never ask for sensitive information via phone, email or text. This includes requests for passwords, secure access codes, verification codes, PIN or credit/debit card 3-digit codes.
Account takeovers: Smishing or phishing can lead to hackers accessing your account and transferring funds to another place within seconds. Often, passwords and usernames will be changed so that it is more difficult to regain the account and file a report. Mat Wilcox, senior vice president of payments innovation from Fiserv, said, “A lot of the fraud was related to consumer education and the bad guys using the tool in a way that it wasn’t intended. Therefore, there were a lot of account takeovers, which seemed to corner a lot of the headlines.”
Fraudsters may also work to convince you that they can make transactions easier if you give them your banking credentials. Never share your banking credentials with anyone, including your passwords, secure access codes, verification codes, PIN or credit/debit card 3-digit codes, account number, member number, or other account information.
What you need to know about fraud with P2P payments
Often the most significant contributor to fraud is when people willingly providing their personal information. Scammers and fraudsters know people are prone to offers that are “too good to be true” and do not make sound decisions in high-pressure situations, leading criminals to manipulate the emotions of their targets.
- AARP found more than half of Americans believe they can reclaim money sent in error. However, after sending money via a wire transfer or P2P payment, it can rarely be retrieved.
- Common scams include telling a user there is an emergency such as suspected fraud. Avoid these scams by going directly to the site or opening a trusted app rather than clicking on links or calling phone numbers provided via text, voice calls or email.
- The FTC warns the government will never call to ask for personal information, like a Social Security number, account numbers or credit card information. Government pressure is scary and impersonating the government is a common method for creating a high-pressure need to act urgently.
- Having a “fee” associated with a grant or refund check is a common sign of fraud.
- Platforms (like PayPal) will cover money sent for Goods and Services if they don’t show up as promised. However, if you send money through PayPal as “Friends and Family,” they do not protect you. So, know the terms of the platform you’re using and what may be protected.
- Always call the main number for your credit union, bank, credit card or P2P platform rather than one included in an email or text. Once on that line, they can tell you the number you need to call, transfer you or verify if the message is real. It may cost you time, but it will help save you from monetary loss and identity theft.
- If it sounds too good to be true, it probably is—be very wary of unsolicited opportunities to make some money. Too good to be true offers often come in the form of a request for you to deposit a check into your account and then either wire transfer a portion of the funds back to the scammer or buy gift cards and relay the gift card activation codes over the phone.
- If you believe you are being targeted with a scam, immediately change your passwords and usernames then call your financial institution. Be careful to avoid using links and phone numbers sent to you directly—instead, find the correct website or phone number by performing a search from your secure browser.
2-step verification to prevent P2P scams
There is a lot of effort going into keeping you safe with P2P platforms. Companies are invested in keeping their customers safe and happy. While you should always be wary, there are measures to help protect you.
2-Step Verification is highly-recommended and often required for protecting your account from cyberattacks. Some hackers will run bots that use complex algorithms to try and gain access to your account by “guessing” your password. Using upper and lower case, characters and numbers only make these slightly more challenging to guess, so a secondary form of identification will make this kind of attack harder. The second level of authentication could include a PIN, a confirmation via phone, a passcode sent to the phone, etc.
Fraud and scams cause a real threat to convenient payment platforms and your financial security. You can avoid many of these pitfalls by staying updated on the latest schemes, staying wary and turning to the organizations you trust. You can learn more about protecting your personal information through our security center.