There has been an increasing amount of fraud perpetrated against Zelle, the mobile P2P platform running on faster payments rails and backed by the biggest banks in the US.
The scam itself is straightforward, a Craigslist user reaches out to a seller on the marketplace to buy something like concert tickets. The seller, in turn, asks the buyer to complete the transaction via Zelle, which the victim apparently is unaware exists.
The buyer, which believes Zelle is legit (and it is) to use because it’s backed by their bank, transfers the funds through and never receives the tickets. Meantime, the seller closes the bank account and disappears into the night. The victim then turns to Zelle and the banks to reimburse them for authorising what was technically a legit, but shady purchase to begin with.
The issue with this particular scam is whether the banks behind Zelle should be responsible for the poor choices consumers make with their money. And the answer is no, especially when it involves something as scam-ridden as Craigslist.
As banks begin to implement faster payment networks, they have to be ready to react to new cases of fraud in higher numbers. Fraud in real-time.
“Faster payments has created new payment networks that have increased the competition between services,” explains Genevieve Gimbert, head of fraud management consulting for financial consultancy PwC. “This creates challenges, because with traditional payments, you have time to see if something is suspicious or fraudulent. With faster payments, you have very limited to no time.”
Faster payments, while providing obvious benefits in speed and efficiency for both banks and consumers, comes with a huge increase for fraud: when the faster payments network was implemented in the United Kingdom, financial services institutions saw a 300% increase in fraud.
“We are probably going to see something similar in the US,” continues Gimbert. “Even with the Zelle implementation last year, we saw [problems] – we have clients that reported a 90% fraud rate after Zelle.”
What’s emerging in fraud is this increase in “account takeover through social engineering,” where fraudsters are relying on a combination of free data on social media and data purchased on the Dark Web (where it’s available with increasing ease) to take over accounts.
Fraudsters, who rely on a combination of factors to hack an account, can easily get around verification methods like email, text messages or home address by calling a financial institution’s call centre with just the right amount of that user’s personal data. To counter this, banks need to move to better forms of authentication, like biometrics.