Safeguarding Zelle and P2P Transactions with Real-time Fraud Protection

Changes in the financial regulatory environment always bring upheaval, but recent initiatives by United States Senators to reduce P2P transaction fraud could add significant challenges for smaller banks, credit unions, and other financial institutions (FI).

A proposed amendment to the Electronic Fund Transfer Act (EFTA) to cover authorized payments would significantly increase the regulatory burden on financial institutions potentiallyreducing their revenue. Big banks may be able to handle the liability, but smaller and medium-sized institutions will need a cost-effective strategy to identify and combat fraud. 

To better understand the proposed extension, we need to look at the reason—an increase in Zelle payments fraud. 

Zelle payment fraud driving regulatory shifts

According to PYMNT’s State of Fraud and Financial Crime Report, 62% of FIs have experienced a sharp increase in fraudulent transactions. Credit cards and wire transfers remain primary targets for big banks and FIs. But for organizations with $5 billion up to $25 billion in assets, P2P scams are the fasted growing threat. More than half of these institutions reported an increase in Zelle scams. 

Senator Elizabeth Warren’s recent report on Zelle scams found that four banks recorded 192,878 cases of fraud in an 18-month period, but only 9.6% of claims were refunded. In other words, consumers are losing out big. 

And the banks have a lot at risk as well. The $90 million lost in 2021 is expected to more than double in 2022, with an estimated $255 million in losses.

The rise in fraudulent activity on the payment app and similar applications has led to demands for extending protections found in EFTA  and the Consumer Financial Protection Bureau’s (CFPB) Regulation E. Currently, banks are not responsible for refunding the consumer. Reg E only applies to unauthorized payments. The problem is that these scammers rely on P2P transactions because they are authorized. 

Using social engineering scams such as phishing or “me-to-me” fraud, the scammers can get an authorized payment from the Zelle or payment app user.

As a result, Senators Warren and Bob Menendez are pressing for an extension of Regulation E. Under this new legislation, banks, credit unions, and similar financial institutions would be held liable when their customers are scammed. In short, FIs may be required to refund victims of Zelle fraud and similar scams.

Deciphering a potential Regulation E expansion 

In the same PYMNTS study, nearly all executives reported that improving AML/KYC and fraud detection was a top priority. But 52% believe that complex regulatory requirements hinder their ability to adopt innovative solutions. Many are concerned that a potential Reg E expansion could do more harm than good. 

Under EFTA, customers are usually entitled to refunds from their financial institution if an unauthorized payment is made. This law states that a bank or credit union has the responsibility to protect consumers against this form of theft. 

Unauthorized electronic fund transfers are defined as:

• A transaction initiated by someone other than the consumer who accessed the consumer’s account without being authorized by the financial institution or the customer.
• A transaction made with fraudulent intent by the consumer or another person working with the consumer
• A transaction made in error committed by a financial institution.

However, if the customer authorizes the payment, the financial institution is not liable. For example, if the customer receives a text message claiming to be from their friend, and they send $100 via Zelle payment for an emergency, this is an authorized payment. Even if it is discovered later that the text message was fraudulent and they sent $100 to a stranger, the bank or credit union isn’t held accountable by EFTA or its federal implementation, Regulation E.

Extending Reg E would, theoretically, close this loophole. In reality, it ensures customers get their money back. However, critics believe that this extension will only punish financial institutions rather than deter scammers. If Regulation E is extended, more scam claims may be refunded, which can drain critical resources from community banks and credit unions. 

It’s also challenging to understand whether a consumer really made an unauthorized payment or whether they later regretted sending money to a peer. After all, unless there is evidence of account tampering or hacking, a payments app or Zelle user must authorize a transaction for money to be sent. 

Even if a customer is refunded and the scammer’s account is removed, the criminal will likely open up another account with new synthetic IDs. 

Stopping social engineering scams on payment apps requires more than refunds. Efficient and cost-effective fraud protection can help financial institutions stay ahead of scammers and reduce potential claims. 

Staying ahead of the compliance curve

Fraud mitigation and compliance remain an ever-shifting landscape. Prone to frequent regulation changes as new scams become apparent, financial organizations carry the responsibility of protecting their customers’ personal information and funds.

But for most organizations, safeguarding against fraudulent activity can feel like a trade-off between premium security and customer acquisition. High-friction account openings deter users from joining, reducing the capital available to expand and maintain compliance efforts. Combined with the challenging back-end maintenance of AML and KYC in-house programs and the overall lack of visibility, the potential extension of Regulation E is more than just a burden for big banks.

Credit unions, local banking institutions, and fintech startups already innovating in a competitive environment would lose critical cash flow to investigating and refunding authorized P2P transactions.

That said, it’s possible to reduce the burden of identifying payment fraud. Artificial intelligence (AI) and machine learning (ML) technology, when correctly applied, can rapidly and effectively identify fraudulent activity—even for P2P fraud.

Frictionless KYC/AML

In 2020, 63% of customers abandoned digital onboarding with a financial institution. Users cited difficult or lengthy application processes as their reasons for quitting. Management teams shouldn’t have to decide between more customers and improved KYC/AML measures. 

Yet, what ends up happening is that banks either reduce their application process to speed up onboarding. This leaves a knowledge gap and reduced visibility into customer patterns—making it easier for scammers to manipulate the system. Or they keep the process secure and extensive, causing potential customers to drop off. 

Better solutions leverage technology, smart alters, and sophisticated signals to spot fraudulent patterns quickly and efficiently throughout a customer’s lifecycle. From the original application to onboarding, payments, KYC/AML, and continued monitoring, our integration provide extensive fraud protection without friction. 

Real-time fraud detection

The faster your team can identify fraudulent activity, the easier it is to act and the more cost-effective options you have to deal with the problem. That’s why it’s essential to have fraud detection that operates in real time.

Enhanced visibility 

Visibility into the anti-fraud process is impossible with paper-based procedures and only marginally better with digital but manual programs. Automated and customizable workflows make it simple for the entire team to review potential fraud cases and take action with in-depth data. 

Affordable Fraud Detection for Smaller FIs

Real-time detection, frictionless customer experiences, enhanced visibility, and customizable solutions are essential to combat fraud—from P2P scams to onboarding fraud and beyond.

But Smaller FIs don’t have the budget to throw at several potential solutions or enterprise-level programs. The good news is that they don’t have to, either. Community banks, credit unions, and other FIs can level the playing field through an affordable but expensive fraud detection and prevention platform.