Person-to-person (P2P) payment options have certainly made paying back borrowed money to friends and family very convenient. From going out to eat and splitting the tab, to chipping in for a gift, or paying a trusted contact for a service – P2P payment services have made our lives quick and easy. However, if you are a user of a P2P payment service such as Zelle, Square Cash, PayPal, Venmo, Facebook Payments, Google Wallet, Apple Pay, Payzur, and the like – buyer beware.
Continue reading to ensure you know how to spot a P2P payment scam so that you don’t fall victim to this type of fraud. P2P scams are extremely serious, because the victim unfortunately usually is not protected from money lost and fraudulent access to their account(s).
Why are victims of P2P scams usually not protected?
Due to the fact that P2P transactions are consumer initiated, there is not much protection when a fraudulent transaction occurs – because technically the consumer authorized the transaction. Whether it’s the actual consumer or a fraudster who initiated the payment service transfer, there really is no way to prove it. In addition, user error is often not covered either. Most P2P apps have user agreements prior to first time use, where the user agrees when money is sent through the app – any losses are on the user, since they authorized a transaction.
Recently, Zelle’s P2P service added a measure to help prevent users from sending money to the wrong person. Zelle now includes a pop-up warning if a user is trying to send money to someone who is not in their contacts, which makes them think twice before allowing the funds to leave their account.
How does a P2P scam work?
A P2P scam is basically an account takeover scam. Fraudsters will send text messages to an unsuspecting consumer, appearing as if the message is coming from the individual’s financial institution.
- The text will usually appear to come from the individual’s financial institution (aka: spoofing) and will warn them of suspicious debit card activity.
- For those who respond to this fraudulent text, the fraudster will call that consumer also spoofing the financial institution’s phone number – and claim they are from the bank’s fraud department and would like to verify a suspicious transaction.
- The fraudster will then try to get the unsuspecting consumer to verify their identity, and let them know a passcode will be sent via text message – and that the consumer must provide the passcode over the phone.
- Once the fraudster has that passcode, they’ll attempt a transaction that triggers another two-step authentication passcode (such as forgot password so they can reset the consumer’s password, or they’ll try to initiate a P2P transaction).
- The fraudster now has access to all of the consumer’s accounts within Online Banking, as well as access to their P2P payment service if one is provided through the bank (such as Zelle) – and will begin using P2P payments to transfer money to themselves.
And unfortunately, there is not much that can be done once this happens – because it appears that the consumer approved the P2P transfer. Since the fraudster spoofed the financial institution phone number, they more than likely won’t be caught either – once it’s recognized that a scam occurred.
How can I make sure I don’t become a P2P scam victim?
- Only send money to people you actually know. P2P transactions are instantaneous (meaning they happen within seconds) and are often irreversible.
- Get all of your recipient’s details prior to initiating a P2P payment. Before you press “send” or “pay,” be sure you have the correct user name, phone number, photo, or other identifier. If you incorrectly enter a recipient’s email or phone number, the money could go to the wrong person and you may not get it back. Some P2P services offer the option of receiving a special code to confirm that the person you’re sending money to is your intended recipient. If this feature is available – use it.
- Confirm you know how to get help if something goes wrong. Before using a P2P service, search the app for procedures and customer service contacts. Know who to reach out to if you have a problem.
- Keep your app updated. Hackers usually look to exploit vulnerabilities. If your software is not up to date, you’re missing out on protections. Be sure automatic updates are turned on so you know you’re covered.
While P2P services are a useful and convenient way to pay those you know without having to go to the ATM or get change – it’s important to also be aware of the risks and ways to avoid fraud while using them.
Always remember that your legitimate financial institution will never ask you for your login credentials, passcodes, or user name. If you have additional questions or concerns about P2P payment services or have been a victim of a P2P scam in relation to a First Financial account, please give us a call at 732.312.1500 or email us at firstname.lastname@example.org.
CUNA Mutual Group 2019 Peer-to-Peer Payments Risk Overview
CUNA Mutual Group Risk Alert – Sophisticated Scams Lead to P2P Fraud (May 12, 2020)