The role of biometrics in stopping peer-to-peer payment scams | PaymentsSource
Banks are constantly warning users of Early Warning Services’ Zelle peer-to-peer application not to send funds to unknown recipients. But scammers are finding new ways to defraud unsuspecting consumers, most recently using fake text messages.
NASA Federal Credit Union in Marlboro, Maryland, this month warned customers about a new trend of Zelle “smishing” scams, in which victims receive spoofed text messages asking users to provide account access details urgently to prevent fraud. Some consumers mistakenly rushed to comply before realizing they were caught in a scam, the credit union advised users in a blog post.
Lawmakers are increasing pressure on financial institutions to add protections and reimburse consumers for losses from P2P scams. Sen. Elizabeth Warren, D-Mass., recently posted a report detailing the extent of the Zelle fraud.
There are no comprehensive technological tools to prevent so-called authorized push payment (APP) fraud, but companies specializing in biometric technology to detect fraud say they are making progress in developing models to interrupt some of these fraud incidents.
Callsign is developing a “dynamic intervention” tool that it says some banks are using to combat APP scams where scammers use social engineering to scam consumers through P2P apps.
When scammers hook victims with fake text messages, emails or calls and start “coaching” them into cooperating with the scam, Callsign’s technology can detect unusual behavior patterns indicating a problem, Bill Sytsma said. senior vice president and managing director of the London-based company. company.
“Behavioral cues that are out of the norm — such as fumbling and hesitating when entering unusual amounts to send to phones or accounts of unknown recipients — are among the biometric red flag spotlights,” Sytsma said.
When Callsign’s technology detects these suspicious traits, participating banks can respond with a variety of contextual and customizable responses.
“These aren’t just routine warnings consumers get from their bank when they send a P2P payment to a new contact – we can actually halt a transaction if a suspicious transaction’s risk scores exceed a certain threshold. “Sytsma said.
A handful of undisclosed banks in the US, Canada and the UK are testing Callsign’s technology with software that automatically triggers actions ranging from sending a real-time warning to the customer to completely blocking transactions questionable. A year ago, Callsign announced that Visa planned to use its behavioral biometrics and device fingerprinting technology across Europe to help deter fraud.
“We develop solutions that detect fraudulent signals while minimizing friction for routine payments,” Sytsma said.
BioCatch, an Israeli startup with US offices in New York, also offers biometrics-based technology which, according to the company’s global fraud strategy advisor, Seth Rudin, can help identify behavioral aberrations indicating that customers are in the middle of an APP scam.
“Our technology can identify accounts that are being exploited and we can enable banks to put controls in place to flag accounts with high risk factors, including cases where there are telltale signs to suggest coercion is underway and people are ordered or instructed to follow instructions,” Rudin said.
BioCatch uses machine learning to detect potential APP scams based on online banking session length, jerky typing, hesitation, and other unusual movements. Banks can use this data to inform their transaction intervention strategies.
Combined with other device identification tools that BioCatch is developing, the company said it was making substantial progress in working with banks to design systems that reduce APP fraud, Rudin said.
But in cases where consumers don’t betray hesitation and ignore warnings, it’s hard to completely block APP fraud, Callsign and BioCatch agree.
APP fraud is particularly damaging to consumers who have no legal recourse to recover lost funds. Under current US regulations, banks are only required to reimburse consumers for unauthorized fraud. While some banks are refunding customers stung by APP fraud, others not and US consumer groups launched class action lawsuits against banks this year as APP fraud increased.
Banks around the world are working to improve internal systems to report APP fraud, but analysts are skeptical about how far biometrics can go in blocking the fraud that consumers authorize.
“I don’t see physical biometrics as a solution to this, because the consumer voluntarily initiates a transaction [like Zelle]“said Julie Conroy, head of risk analysis and consulting at consultancy Aite-Novarica.
So far, every country that has introduced faster payment rails with non-rebuttable transactions has seen new scam tactics emerge, Conroy said.
APP fraud has been rampant for years in the UK, where P2P payments are more mature, having been introduced around 2005, while Zelle was introduced in the US only five years ago, Conroy noted.
UK regulators have pressured UK financial institutions to play a more active role in preventing APP fraud and UK lawmakers have said legislation will require banks to protect consumers against losses from scams .
So far this year, the UK has seen a 17% drop in APP fraud compared to last year, according to consumer advocacy group UK finance reported this month.
APP fraud in the UK so far this year has reached around £250 million (US$283 million), representing around a third of the £610 million in fraudulent banking transactions to date.
Biometric technology will likely be one element of an evolving set of cross-industry strategies to deter APP fraud, according to Rudin.
“As real-time payments grow, it is inevitable that we will continue to see fraud and scams grow, but tools like ours are evolving to help develop models that will allow us to work more effectively with all parts of the financial ecosystem – from banks to telcos to big tech companies – to significantly block APP fraud,” Rudin said.