Are Financial Institutions Doing Enough to Protect Consumers from ID Theft and Fraud?
In July, I read that “cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion,” according to Juniper Research.
Online payment fraud includes losses such as digital sales, physical goods, banking transactions, and Peer-to-Peer payment apps.
I also read a November Consumer Affairs article titled Scammers are using Facebook Marketplace, Zelle and PayPal to snare new victims where “scammers are impersonating recognized businesses like Amazon, Apple, and other name-brand companies to appear reputable to their target to then run off with their personal or financial information.”
Consumer Affairs reported “the Top 5 scams were Bank/Credit Card (10.3%), Debt/Loan (6.6%), and Free Money (6.4%).”
According to Jim Luff, Corporate Communications Manager at Aurora Payments (a leading payment service and solutions provider) – Aurora sent a March 2022 message to its merchants where Aurora explained how the chargeback process is often used to commit fraud by claiming merchandise was not received, misrepresented or the result of “friendly fraud.”
In friendly fraud, online orders are placed by someone known to the cardholder such as a child using a parent’s credit card without their knowledge. Aurora Payments shares detailed information about chargeback fraud in their merchant message, The Great Chargeback Surge of 2022.
Consumer Affairs also reported “many of the scams target consumers who use peer-to-peer payment services and other platforms connecting users directly to one another” and that “scammers were also ‘lurking’ on P-2-P cash transfer apps Zelle (86%) and PayPal (31.8%).”
Fortunately and according to this November New York Times article titled Banks Plan to Start Reimbursing Some Victims of Zelle Scams, the seven banks that own Zelle (Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank and Wells Fargo) will now compensate customers who fall victim to certain kinds of Zelle related scams including fake bank fraud texts, emails and phone calls.
All of the above leads me to the Money20/20 USA Fintech Conference that I attended in October, which is the largest global fintech event connecting the payments industry including issuers (e.g., banks and credit unions providing debit, credit, or prepaid cards to consumers) and payment processors (e.g., Stripe, PayPal or Square) along with payment networks such as American Express, Mastercard and Visa.
During the conference I picked up a copy of The State Of Fraud And Financial Crime In The U.S. survey of 200 financial institutions with assets of at least $5 billion. The surveyed executives held leadership positions in fraud and risk operations, money laundering, fraud strategy, fraud management, and technology and data science.
According to the survey – sponsored by PYMNTS in collaboration with Featurespace – 62 percent of financial institutions reported an increase in financial crime versus a year ago. Additional survey highlights included the following:
The average cost of scams to each financial institution was $102 million
Fraud rates and losses increased for nearly all payment types in 2021
Smaller financial institutions are getting attacked most
Authorized and unauthorized fraud types currently appear to be relatively equal, but scams are on the rise within authorized fraud
Criminal approaches are becoming more sophisticated, and most financial institutions consider this to be a problem
What does all this mean? It means that while consumers are big targets for identity theft, fraud, and scams – financial institutions and the payment processing industry are bigger targets for identity theft, fraud, and scams.
So back to the title of this article, are financial institutions doing enough to protect consumers from ID theft and fraud? My answer is three-fold:
First and based on my Money 20/20 Conference experience, I believe the payments processing industry is doing a good job managing fraud prevention to help make payment transactions safer for both consumers and businesses.
Second, Zelle’s proposed rule change for early next year requiring the network’s member banks to compensate customers who fall victim to certain kinds of scams is a very positive change.
Lastly, and unfortunately – based on the reality of bad actors including nation states, cyber thieves, and ID theft criminals – the financial services industry will continue to be hit hard by identity thieves because of a large consumer account base and the significant amount of personal data these institutions collect and store.