Faster payments have brought significant benefits for consumers, but they also bring the risk of push payment fraud, something that Lee Kyriacou, vice president of real-time payments at The Clearing House, says requires a mix of technology, consumer education and security best practices.
—
Push payments are typically considered much more secure than their pull payment counterparts, but they are far from invincible. While it is much more difficult for bad actors to pilfer funds with stolen information, they can still perpetrate scams and account takeovers to deceive victims into sending payments.
“The payer says, ‘Wait a minute; the payee duped me,’” Kyriacou said. “The biggest problem in push payments is what I call payee scams or receiver scams, where the receiving side has somehow fooled the sender side into making the payment and authorizing that the payment be made.”
Banks and payment providers looking to combat push payment scams need to deploy data-driven solutions to prevent their customers from being victimized. Scammers typically operate at high volume when targeting individuals, so having some way of determining which accounts are receiving large numbers of peer-to-peer (P2P) payments will be crucial for identifying these bad actors and shutting them down.
“Banks can look at [things such as] how many times has there been a fraud report for this receiver?” he said. “How many transactions has this receiver had in the last 24 hours compared to a month ago? When was the first time this receiver got a payment on the network? Then you’re starting to provide them information [from which] a sending bank can then figure out [whether this is] a typical receiver for this customer or not.”
Regulatory measures also need to be put into place to protect P2P payment providers and their customers from various forms of push payment fraud. While pull payment scam victims are typically required to be made whole in most jurisdictions, this can be much more of a gray area for push transactions. Although some form of consumer protection is necessary, customers also need to take responsibility for their own fraud awareness.
“Regulation can be helpful, but some amount of liability has to lie [with] the sender of the payment,” he said. “Banks need to continually educate account holders about account security best practices, such as using complex passwords, two-factor authentication and providing prompts to payers such as, ‘Are you making this payment to someone you know? This payment is irrevocable.’”