- This article was written by Olivia Boyer, CAMS & Joann Millard, CAMS, of Abrigo Advisory
P2P fraud and emerging AML trends
P2P fraud can be difficult to detect
Knowing how criminals avoid detection can help minimize losses at your financial institution.
Would you like other articles like this in your inbox?
A P2P (Peer-to-Peer) transfer is the process in which an individual can transfer funds from their bank account to another individual’s account using a digital medium such as a mobile phone or the internet. P2P payments can be as straightforward as transfers between accounts at two different banks or more complex, with funds moving between individuals using Zelle, PayPal, Venmo, CashApp, etc., or digital currencies. In the modern digital world, instant transfers and immediate gratification are the norm, and P2P is becoming more commonplace.
AML for P2P fraud
The growing P2P threat and financial institutions
Anyone with a phone number or email address can use some of these digital platforms to send or request funds. A treasure trove of personal identification information can be gleaned from public sources or the dark web. The contactless, faceless nature of these digital interactions makes it very difficult for AML professionals and law enforcement to trace the source of funds when P2P payment channels are used for illicit purposes. The challenge is determining what is suspicious and what is not. The following AML program mitigating measures can help track down P2P fraud:
- Your financial institution’s customer due diligence (CDD) process should outline a reasonable expectation of what activity your customer should be conducting. If the actual activity falls outside of this, it may be time to take a risk-based approach in the next steps. What is the volume of transactions? What are the amounts of the transactions? Are the descriptions easy to identify or disguised to conceal the true nature of the activity?
- If you can identify the sender, such as for an ACH or wire transfer, you can contact the originating bank to ask for information on the source of funds. This can be a 314(b) request or a general inquiry. Answering a 314(b) request is strictly voluntary. Some banks are very cooperative in providing information when requested. Be sure to keep a log of these contacts, the customer information, and the purpose of the request to show your auditors and regulators.
- If you cannot identify the sender, or the activity appears excessive and unusual, conducting additional due diligence is optional but always recommended. You can ask your customer about the relationship with any third parties and the purpose and source of any transfers. Suppose their response doesn’t make sense or reflect the conducted activity. In that case, it is time to submit a suspicious activity report (SAR) to the Financial Crime Enforcement Network (FinCEN) for law enforcement access. If available, get as much information as possible about the third-party transactions, including the IP address.
Helping customers avoid P2P fraud
Be sure your customers know the difference between fraud and scams. Fraud is when funds are not authorized to be sent, such as a hacked device, stolen identity, or stolen credit or debit card. A scam is when the customer is tricked or coerced into sending funds. With P2P transfers, that difference could determine whether the customer can get the funds returned, as some P2P platforms do not return funds if they are considered authorized as part of a scam. The most common scams involving P2P transfers are phony text messages or “smishing,” impersonation of financial institutions or legitimate businesses, and overpayment for goods and services.
Below are some helpful tips you can share with your customers:
- A P2P transfer cannot be canceled once sent and claimed.
- Before sending a P2P transfer via various platforms, verify the email, phone number, and recipient’s user ID.
- Contact the recipient directly to confirm the information you have.
- If you receive a P2P transfer from an unknown source, notify your bank so they can take a closer look. Do not return the funds to the sender. The funds could be stolen using someone else’s or fake information.
- When available, use a payment protection feature.
- Instead of using your bank account, consider connecting a credit card to your app.
- Use multifactor authentication.
- Unless you are confident, avoid sending P2P to businesses that only accept this form of payment. This can be an indication of fraud.
- Make sure to enable alerts via email or text messages.
Make a plan for your financial institution
While P2P transfers provide an easy, convenient, and quick option to transfer funds amongst family members, friends, or retail services, remember that money launderers, fraudsters, and scammers use these transfers for illicit activities. Stay informed on various trends and practices to prevent clients, peers, and yourself from falling victim while using P2P applications. Use the tips mentioned above to ensure that the use of these P2P applications is secure. Make sure your financial institution has a plan to mitigate P2P fraud: implement preventative measures, apply them, and be consistent.