P2P ScamsHow “Peer-to-Peer” Payments May Become a “Victim-to-Criminal” Wealth Transfer

How Bad Actors Leverage Apps to Carry Out P2P Payment Scams

Tell someone under the age of 30 that you don’t use P2P payment apps like Zelle or Venmo. You’re likely to be met with disbelief.

Don’t worry; as they say, cash is still “king” for the time being. But, while peer-to-peer (P2P) payment apps have not completely eliminated the need for cash, things seem to be headed in that direction.

It makes sense on a certain level. After all, why mess with physical bills and coins when the same process can be handled with a click? P2P payments are fast and easy, and are generally considered safe and secure. Unfortunately, the more popular peer-to-peer payments become, the more inevitable it is that fraudsters will develop new ways to cheat the system.

Scams involving peer-to-peer apps are already starting to appear. In this post, we explore how P2P scams work, how fraudsters are abusing the system, and why victims may have no legal recourse when it happens.

What Are Peer-to-Peer Payments?

We should probably start by clarifying what we mean when we talk about P2P payments.

The term refers to payments made using a smartphone app that enables users to digitally transfer money from their personal account to another person’s. This is done directly, without needing to go through the bank.

PayPal popularized this model, launching the first version of its electronic payments system at the turn of the Twenty-First Century. Simple yet secure, the platform facilitated P2P payments by allowing individuals to connect their checking account, debit card, or credit card directly to the service. The buyer could send or receive payments for purchases (or just share money between other contacts) immediately and electronically. In the event a dispute arose, it could be resolved through the PayPal Resolution Center.

P2P payment technology has advanced significantly over the last two decades. Platforms like Venmo (owned by PayPal) have made peer-to-peer exchanges much more accessible for regular users. Other players have entered the field too, including Zelle, Cash App, and Square.

Not all of these apps work quite the same way. Venmo and PayPal, for example, function as a type of “digital wallet,” whereas other platforms like Zelle make direct transfers between bank accounts. For the most part, however, P2P payment services accomplish the same task: letting one person pay another electronically. 

Risks Associated With P2P Payments

P2P transfers are among the most convenient alternative payment methods available; all it takes is a click. Compared to bank transfers, which could take days, digital payments are instantaneous. And, in many cases, there is no charge for recipients.

P2P payments also have a reputation for being secure because minimal personal information is exposed. Hijacking a transfer or stealing information for identity fraud are both extremely difficult as encryption, tokenization, and other safeguards are used to thwart fraudsters. In addition to existing security, many P2P apps implement even more strict measures, such as requiring two-factor authentication.

All that being said, fraudsters are very resourceful people. They’ve found other ways to profit from P2P payments.

Even major payments and finance industry players have the potential to be hit by professionalized data hacks, as Equifax and Capital One were in recent years. That said, emerging risks seem to be aimed more at individual users.

These schemes can take on a variety of forms, including fraud attacks and user scams. The problem is, people often use the terms “fraud” and “scam” interchangeably, but they are two distinct things.

It may seem like splitting hairs, but fraud refers to the act of using a hacked account to make unauthorized purchases. A scam, in contrast, is more suggestive of a user being tricked into doing something they otherwise would not have done, like approving a transaction. And, when it comes to P2P cybercrimes, that difference can be very important.

How Scammers Leverage P2P Platforms

If a fraudster goes on a shopping spree using account information from a stolen phone or data off the dark web, that would be fraud. Money is removed from the user’s account, but the user had no part in facilitating. 

Scams, on the other hand, involve “authorized” transactions made under false pretenses. The authorization may have been a mistake, or the user was tricked into doing it. Regardless, though, the user OK’d the deal, and so they carry a degree of responsibility for the loss.

A few of the most common tactics include:

P2P payment scams are every bit as illegal as personal fraud, of course. But, while many anti-fraud protections exist, they don’t apply if the customer authorized a scam purchase. In other words, there may be nothing the victim can do to get their money back. 

Are There Legal Protections in Place for P2P Scams?

That’s a tricky question. Ultimately, it comes down to that “fraud/scam” distinction we mentioned before. According to the Electronic Fund Transfer Act, financial institutions are required to reimburse victims for illegitimate purchases over a certain liability limit. US legal code defines a financial institution as a:

“State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person who, directly or indirectly, holds an account belonging to a consumer.”

USC Title 15, Chapter 41, Subchapter VI

P2P networks fall into that category, so they could be held liable for incidents of explicit fraud that happen on their platforms. Unfortunately, neither EFTA nor Regulation E (the vehicle through which EFTA is enforced) mention instances in which a user was tricked into handing over funds or information.

By law, credit or debit card issuers must offer financial protection to cardholders against fraud attacks like identity theft, as well as unscrupulous merchants. If an unauthorized user steals a person’s card information and uses it to make a purchase, the cardholder can file a chargeback. Assuming the cardholder’s claim is legitimate, the bank has the ability to take the funds out of the merchant’s account so the cardholder can recover the money.

Most digital payment services, however, regard P2P payments as if they were cash transactions. That doesn’t relieve them of liability in the case of explicit criminal fraud. But, when it comes to P2P scams like those we outlined above, there is a bit more wiggle room. The provider may provide certain protections, but they’re not legally required to do so. And, for those that do, the coverage varies.

First-Party Fraud Could Become a Problem

This issue isn’t going away any time soon. On Zelle alone, consumers lost an estimated $440 million in 2021 from P2P fraud and scams. In the majority of cases, victims did not receive refunds from banks, according to a report initiated by the office of Senator Elizabeth Warren.

As more people turn to peer-to-peer transactions, the cracks in the system are starting to show. The speed and convenience that customers love are the same qualities that are increasingly being manipulated for criminal activity. 

Consumer advocates are calling for increased regulations, specifically ones that would redefine “unauthorized payments” to include scams where fraudsters deliberately con consumers through the use of peer-to-peer services.

That sounds like a good thing at first glance. The problem, however, is that it might lead consumers to perform less due diligence. After all, why bother being careful if you know you won’t be held liable either way?

This kind of regulation also has the potential to open P2P platforms to more first-person fraud. This was the number one fraud threat facing businesses in 2021, and it’s not hard to imagine it becoming as much of a problem on P2P platforms as it is with payment cards.

Looking to the Future of P2P Payment Scams

Clear, concise regulations could go a long way toward protecting consumers from P2P scams. However, hastily created legislation may not be enough to adequately contain the problem. Bad regulations might even do more harm than good. 

New mandates should be carefully considered and debated before being made into laws. They should be written in such a way that liabilities are balanced between reasonable safeguards from providers, and common sense by consumers.

Ultimately, a broader and more holistic solution for P2P fraud and scams will be necessary. Until the right solution can be worked out, though, both consumers and businesses will need to be realistic about the strengths — and weaknesses — of the P2P environment.