In July, I read that “cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion,” according to Juniper Research.
Online payment fraud includes losses such as those from digital sales, physical goods, banking transactions, and peer-to-peer payment apps.
I also read a November Consumer Affairs article titled “Scammers are using Facebook Marketplace, Zelle, and PayPal to snare new victims,” where “scammers are impersonating recognized businesses like Amazon, Apple, and other name-brand companies to appear reputable to their target, to then run off with their personal or financial information.”
Consumer Affairs reported, “the top 5 scams were bank/credit card (10.3%), debt/loan (6.6%), and free money (6.4%).”
According to Jim Luff, Corporate Communications Manager at Aurora Payments (a leading payment service and solutions provider), Aurora sent a March 2022 message to its merchants where Aurora Payments explained how the chargeback process is often used to commit fraud by claiming merchandise was not received, misrepresented or the result of “friendly fraud.”
In friendly fraud, online orders are placed by someone known to the cardholder, such as a child using a parent’s credit card without their knowledge. Aurora Payments shares detailed information about chargeback fraud in their merchant message, “The Great Chargeback Surge of 2022.
Consumer Affairs also reported that “many of the scams target consumers who use peer-to-peer payment services and other platforms connecting users directly to one another” and that “scammers were also “lurking” on P2P cash transfer apps Zelle (86%) and PayPal (31.8%).”
Fortunately, according to this November New York Times article titled “Banks Plan to Start Reimbursing Some Victims of Zelle Scams,” the seven banks that own Zelle (Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank, and Wells Fargo) will now compensate customers who fall victim to certain kinds of Zelle related scams, including fake bank fraud texts, emails, and phone calls.
Which leads me to…
All of the above leads me to the Money20/20 USA Fintech Conference that I attended in October. It’s the largest global fintech event connecting the payments industry, including issuers (e.g., banks and credit unions providing debit, credit, or prepaid cards to consumers) and payment processors (e.g., Stripe, PayPal, or Square), along with payment networks such as American Express, Mastercard, and Visa.
During the conference, I picked up a copy of The State of Fraud and Financial Crime in the U.S., a survey of 200 financial institutions with assets of at least $5 billion. The surveyed executives held leadership positions in fraud and risk operations, money laundering, fraud strategy, fraud management, and technology and data science.
According to the survey, sponsored by PYMNTS, 62% of financial institutions reported an increase in financial crime year over year. Additional survey highlights included the following:
- The average cost of scams to each financial institution was $102 million.
- Fraud rates and losses increased for nearly all payment types in 2021.
- Smaller financial institutions are getting attacked the most.
- Authorized and unauthorized fraud types currently appear to be relatively equal, but scams are on the rise within authorized fraud.
- Criminal approaches are becoming more sophisticated, and most financial institutions consider this to be a problem.
What does all this mean? It means that while consumers are big targets for identity theft, fraud, and scams, financial institutions are bigger targets.
So back to the title of this article: are Are financial companies doing enough to protect your personal data from Identity Theft and Fraud? My answer is threefold:
- First, and based on my experience at the Money 20/20 Conference, I believe the payments processing industry is doing a good job managing fraud prevention to help make payment transactions safer for both consumers and businesses.
- Second, Zelle’s proposed rule change for early next year requiring the network’s member banks to compensate customers who fall victim to certain kinds of scams is very positive.
- Finally, based on the reality of bad actors such as nation states, cyber thieves, and identity theft criminals, the financial services industry will continue to be heavily targeted by identity thieves due to a large consumer account base and the significant amount of personal data these institutions collect and store.
by Mark Pribish
Practice Leader, Identity Theft, and Data Breach Services