The Growing Peer-to-Peer Threat for Financial Institutions

A P2P (Peer-to-Peer) transfer is the process in which an individual can transfer funds from their credit union account to another individual’s account using a digital medium, such as a mobile phone or the internet.

P2P payments can be as straightforward as transfers between accounts at two different financial institutions or more complex, with funds moving between individuals using Zelle, PayPal, Venmo, CashApp, etc., or digital currencies. Anyone with a phone number or email address can use some of these digital platforms to send or request funds.

The contactless, faceless nature of these digital interactions makes it very difficult for anti-money laundering (AML) professionals and law enforcement to trace the source of funds when P2P payment channels are used for illicit purposes. The challenge is determining what is suspicious and what is not.

According to GoWest Solutions partner Abrigo, the following AML program mitigating measures can help track down P2P fraud:

• Your credit union’s customer due diligence (CDD) process should outline a reasonable expectation of what activity your member should be conducting. If the actual activity falls outside of this, it may be time to take a risk-based approach. What is the volume of transactions? What are the amounts of the transactions? Are the descriptions easy to identify or disguised to conceal the true nature of the activity?
• If you can identify the sender, such as for an ACH or wire transfer, you can contact the originating FI to ask for information on the source of funds. This can be a 314(b) request or a general inquiry. Answering a 314(b) request is strictly voluntary and some FIs are very cooperative in providing information when requested. Be sure to keep a log of these contacts, the member information, and the purpose of the request to show your auditors and regulators.
• If you cannot identify the sender, or the activity appears excessive and unusual, conducting additional due diligence is optional but always recommended. You can ask your member about the relationship with any third parties and the purpose and source of any transfers. Suppose their response doesn’t make sense or reflect the conducted activity. In that case, it is time to submit a suspicious activity report to the Financial Crime Enforcement Network for law enforcement access. If available, get as much information as possible about the third-party transactions, including the IP address.

Helping members avoid P2P fraud
Be sure your members know the difference between fraud and scams. Fraud is when funds are not authorized to be sent, such as a hacked device, stolen identity, or stolen credit or debit card. A scam is when the member is tricked or coerced into sending funds. With P2P transfers, that difference could determine whether the member can get the funds returned, as some P2P platforms do not return funds if they are considered authorized as part of a scam. The most common scams involving P2P transfers are phony text messages or “smishing,” impersonation of financial institutions or legitimate businesses, and overpayment for goods and services.

Below are some helpful tips you can share with your members:

• A P2P transfer cannot be canceled once sent and claimed.
• Before sending a P2P transfer via various platforms, verify the email, phone number, and recipient’s user ID.
• Contact the recipient directly to confirm the information you have. If you receive a P2P transfer from an unknown source, notify your credit union so they can take a closer look.
• Do not return the funds to the sender. The funds could be stolen using someone else’s or fake information.
• When available, use a payment protection feature. Instead of using your credit union account, consider connecting a credit card to your app.
• Use multi-factor authentication.
• Unless you are confident, avoid sending P2P to businesses that only accept this form of payment. This can be an indication of fraud.
• Make sure to enable alerts via email or text messages.

Make a plan for your credit union
While P2P transfers provide an easy, convenient, and quick option to transfer funds among family members, friends, or retail services, remember that money launderers, fraudsters, and scammers use these transfers for illicit activities.

Use the tips mentioned above to ensure that the use of these P2P applications is secure and make sure your credit union has a plan to mitigate P2P fraud: implement preventative measures, apply them, and be consistent. Contact your GoWest Solutions Team to find out how Abrigo can help your credit union mitigate the risks of P2P transfers.