P2P Fraud

What Is P2P Fraud?

Peer-to-peer fraud – known as P2P fraud for short – is when fraudsters use peer-to-peer payment apps to steal genuine users’ funds. They do this in numerous ways, from stealing log-in credentials (using techniques such as phishing attacks) through to over-payment scams. If your business takes or makes payments through P2P apps, you could be a victim, so it’s important to do all you can to protect yourself.

P2P payment fraud makes use of the fact that payments through P2P apps – that is, apps such as PayPal, Google Pay, Cash App, Venmo, and Zelle – take place in near real-time. This means that money can whizz its way digitally around the globe in seconds. This presents an opportunity for fraudsters because they can very quickly get their hands on their victims’ funds.

Of course, the speed of P2P payments is also the reason that they are so well suited to many small businesses’ and consumers’ needs. Data from Lending Tree shows that 84% of consumers have used peer-to-peer services. This is a huge market for fraudsters to take advantage of, which is why both consumers and businesses that use P2P payment mechanisms need to keep themselves abreast of the latest dangers.

How Does P2P Fraud Work?

P2P fraud takes many forms, which is one reason that businesses and consumers must remain vigilant. That said, the same goal sits at the core of all P2P fraud: getting the money out of the authorized user’s account and into the fraudster’s account. Fraudsters achieve this through tactics ranging from social engineering to physical theft.

One reason that P2P payment fraud works so well, and thus encourages so many fraudsters to attempt to commit it, is the immediate nature of the payments. As soon as the transaction is made, the fraudster wins. Given that many P2P payment apps make a point of how easy it is to transfer money, often just requiring one or two clicks or taps, fraudsters have plenty of scope for taking advantage and rapidly lining their own digital pockets with genuine users’ funds.

This is why it is essential for every business to implement a payment fraud detection solution, all of which are multi-faceted and combat a range of attempts at payment fraud, P2P fraud included. Juniper Research highlights the need for such solutions with its projection that fraudulent transactions will cost ecommerce $50.5 billion by 2024.

Risks of P2P Transactions

It is the speed of P2P transactions that makes them so risky. P2P app users are only ever a couple of taps away from sending funds to fraudsters. All fraudsters need to do is pressure their victims into acting fast.

Unlike credit cards – where well-established systems are in place to protect consumers from liability for fraudulent transactions – in P2P transactions, it is the consumer who foots the bill. This amps up the P2P fraud risk for payment app users significantly, as there is no bank waiting in the wings to step in and refund the lost money.

Hacking is also a risk with P2P transactions. Many cybercriminals apply themselves to finding ways to access victims’ accounts, including P2P accounts. This has been happening for years with credit card accounts.

Fraudsters use brute force BIN attacks, which use well-known Bank Identification Numbers (BINs) as their starting point then apply automated card testing until they find credit card numbers that work. In terms of P2P fraud risk, the methods are slightly different but no less harmful, as we explore below.

Examples of P2P Fraud

There are many forms of P2P payment fraud to look out for. Some of the most common include:

• Overpayment scams: This is where the fraudster buys an item from a business but sends a check for a higher value than is due. They negotiate a refund for the difference into a P2P account. The check then bounces and the fraudster walks away with the funds transferred using the P2P payment app. If the business has already sent the goods, those are lost too.
• Selling scams: Many companies are facing tough market conditions these days, leading some to find ways to cut their costs. Remember, therefore, that the offers from that new marked-down stationery supplier might just be too good to be true! Businesses should always vet new suppliers thoroughly and not make any payments through P2P apps until they are certain they are dealing with a genuine business. Otherwise, they risk transferring funds for goods that will never arrive.
• Money laundering: Anyone who supports criminals to launder their dirty money can face legal penalties. This includes those tricked or coerced into acting as money mules, whose P2P payment accounts are used by fraudsters to obfuscate the trail of their ill-gotten gains.

In addition to these common scams, businesses and consumers must also be on the lookout for cases of identity theft that can enable a fraudster to access and use the account of a genuine P2P app customer. Fraudsters use many approaches to obtain account details, from phishing to man-in-the-middle (MitM) attacks on public Wi-Fi. 

Again, a payment fraud prevention solution can help here, through techniques such as digital fingerprinting, which can raise red flags if there is a change in details such as the user’s IP address and browser fingerprint.

How P2P Fraud Affects Businesses

P2P payment fraud can impact businesses in multiple ways. A business that accepts stolen funds to pay for goods, for example, becomes part of a money laundering network in terms of legal liability.

What’s more, businesses don’t only stand to lose the money they transfer via P2P payment apps. Depending on the type of fraud, businesses can end up compensating the customer while also losing goods. Plus, for those that become embroiled in multiple instances of fraud, there is the added risk of being labeled as a high-risk merchant, which can mean sky-high processing fees and fines.

Negative press can also have an impact. Any business that makes it into the media as being a victim of fraud – whether P2P payment fraud or any other sort – runs the risk of losing both existing and potential customers.

Differences Between P2P Fraud and P2P Scams

We’ve talked about both P2P fraud and P2P scams above. The two terms are often used interchangeably but are actually subtly different. P2P scams usually involve an element of trickery, while P2P fraud involves transactions that take place without the account holder’s knowledge.

Let’s consider a couple of examples. The overpayment and selling ruses we looked at above involve fraudsters tricking individuals into making transactions. This is why they are classed as P2P scams: The individual who ends up making the payment is the genuine account holder.

With P2P fraud, on the other hand, it is the fraudster who is making payments using the victim’s account. The victim is not aware that the payment(s) are being made until after the event.

It might seem like a subtle distinction, but the implications are large. There are plenty of protections in place for victims of fraud but fewer for victims of scams. This means that a P2P scam victim may have a much harder time getting their money back – another reason to always be on the lookout for scammers!

How to Protect Against P2P Fraud

Businesses seeking protection from P2P payment fraud need both human-focused and technical solutions. The former involves training staff on the latest scams and P2P fraud risks. The latter means implementing a solution that can flag potential fraud accurately and rapidly. Tools that provide user analysis based on BIN lookup, IP lookup, device fingerprinting, and data enrichment are well placed to assist with this.

Businesses should, of course, also remember that the P2P fraud risk is just one of the many threats they face. As such, their fraud-fighting focus should be on payment gateway fraud, chargeback fraud, and the many other methods that fraudsters employ.

Related Terms

Related Articles

Sources