Defining P2P Platform Fraud

Most of your customers or members likely use at least one person-to-person (P2P) platforms, like PayPal, Venmo, Cash App, and Zelle, regularly due to the ability to quickly transfer money on their phone.

However, the convenience of these mobile payments can come at the expense of increased fraud risk. This leaves the end user open to various attacks against their accounts with your FI. Even though your FI is not responsible for the platform they used, you could be on the hook for the fraudulent charges that were made.

Types of P2P Platform Fraud

Account Takeover (ATO)

Account Takeover occurs when a fraudster gains control of a victim’s login credentials. Below are the most common types of ATOs and prevention steps to share with your customers and members.

Phishing Attack

• What is it? A fraudster sends the victim an email or SMS pretending to be an FI or the platform itself and asks for sensitive information
• How to stop it: Generally, you should never share sensitive information via email and SMS. As a standard rule, FIs only request information in person or via a secure message in your account profile.

SIM Swapping

• What is it? A fraudster takes your SIM card and swaps it onto their phone to gain access to your cell phone.
• How to stop it: Encourage your card holders to contact their cell phone provider and set up a PIN for a crucial extra layer of protection.

Purchase Stolen Credentials

• What is it? A previous data breach landed your login information on the black market for purchase
• How to stop it: It is recommended to change your passwords at least every three months.

Password Testing

• What is it? If a fraudster purchases your credentials to one account, they will try to use it to log into multiple additional popular accounts to see if it works.
• How to stop it: Using a different password for multiple accounts is advised. Ideally, you would use a different, unique password for each account.

Sending Direct Money

While ATO is most popular because it contains the element of surprise, a shocking amount of fraud occurs from victims sending money directly to fraudsters.

Fraudster “Overpays”

• What is it? Fraudster purchases something via check and purposely overpays to ask for money back. The victim may have already sent the money by the time the check bounces.
• How to stop it: First, avoid cashing checks from people you do not know. Second, ensure the original payment has cleared before returning money.

Unexpected Money Transfer

• What is it? A person you do not know (fraudster) randomly sends you money and then asks for it back, citing a “mistake.”
• How to stop it: Do not send money to someone you do not know. Contact the P2P service to reverse the payment.

Purchasing From A Fake Merchant

• What is it? The victim purchases from a merchant that only exists to take the money and never sends the actual product.
• How to stop it: Fake merchants can be difficult to spot. Before purchasing from a merchant you don’t know, perform a Google search to see if independent websites have verified them.

Loading Compromised Cards

Another tactic we have seen in action is loading stolen credit onto the fraudster’s account. In this instance, the fraudster does not need to overcome traditional e-commerce hurdles when using the compromised card.

Adding a Compromised Card

• What is it? Fraudster has a compromised card and enough information about the card to be able to add it to the fraudster’s P2P account. Once added, they can send money from the card.
• How to stop it: Ensure your FI has a robust compromised card monitoring and detection platform in place. Take it a step further by putting rules in place that block suspicious transactions associated with these platforms.

How Rippleshot Can Help

Having the insights to identify which cards are most likely to experience fraud allows you to detect the attack and mitigate the damage proactively. This is possible when accessing a regularly updated list of known fraudulent merchants. By leveraging our consortium data, Rippleshot can provide Safeguard Rules targeting P2P transactions. Tapping into that large dataset is the key to delivering effective and stable rules.

Conclusion

It is the financial institution's responsibility to properly educate their customers and members when they are connecting their accounts with you to P2P platforms that you do not control. In addition to customer and member education, FIs must be on alert to identify and prevent fraud attacks to avoid long-term customer and member friction and damage.

About Rippleshot and Rules Assist

Since 2013, Rippleshot has been leveraging the power of artificial intelligence, machine learning and automation to protect your customers from card fraud.

Rules Assist is the perfect blend of these tools. Together, they help your institution avoid falling behind the competition by providing the automation, machine learning, and data you need to implement effective rule writing strategies.

To learn more about how we can reduce cost, increase efficiency, and keep your fraud strategies up to date, connect with our team.

‍