Identity, Security Program Controls/Technologies, Threat Management

Behavioral biometrics reduce fraud losses for oft-targeted Zelle payments

An attendee inspects the Nexus 5X phone during a Google media event on Sept. 29, 2015, in San Francisco. (Photo by Justin Sullivan/Getty Images)

As peer-to-peer payments services become increasingly popular, fraudsters are following the money here, especially to fast-rising Zelle. Hence, experts claim that stronger authentication, by way of behavioral biometrics, is needed to curb potential losses.

Launched five years ago, Zelle is a P2P payment platform developed and owned Early Warning Services LLC, by a group of seven major U.S. banks, including Bank of America, JPMorgan Chase, Capital One, U.S. Bank and Wells Fargo.

Competing in an increasingly busy market with the likes of CashApp and Venmo, Zelle business and consumer users sent nearly half a trillion dollars ($490 billion) last year, with transaction volumes increasing by roughly half (49%), and payment values shooting up 59% over 2020, according to the company.

However, with legitimate financial success comes the onslaught of financial scams aimed at taking advantage of this growth — and Zelle and its customer base have been no exception.

According to reports, Zelle-focused scams often involved a legitimate user receiving an email asking them to confirm a payment to them through Zelle, which is a fake. If the user responds saying that the transfer is not for them, a fraudster typically calls the user, pretending to be an employee of their bank, often spoofing the financial institution’s phone number, and over the course of a call, collects enough financial information to move money from a user’s real account to the fraudster.

In another scheme, business or retail Zelle users receive an email or text, claiming that their bank account has been compromised and requiring the legitimate user to call their bank immediately while, in fact, routing the unsuspecting user to a fake number, and leading them again to transfer their funds to the cybercriminals.

Fraudsters in these scams often pose as envoys of the bank, playing up the idea that customers’ money and transactions are more secure since Zelle is owned by traditional banks. Like other P2P payment services, Zelle users need only the email address or phone number of the recipient to whom they wish to send money, and once these real-time transactions occur, they are irreversible.

However, Zelle and its customers may be able to reduce fraud losses and better weed out potential attacks by using behavioral biometrics, according to Raj Dasgupta, director of fraud strategy at BioCatch.

According to a recent case study, a “top five U.S. bank" [in terms of asset size] was able to "prevent more than $300,000 in fraud on Zelle over the course of three weeks [despite experiencing] a sustained account takeover attack in which cybercriminals used social engineering tactics to trick customers into sharing their online banking credentials.”

Like many fraud attacks, cybercriminals would gain access to legitimate accounts and then (if they were not on the payment platform already) enroll the customer into Zelle, set up new payees and initiate real-time fraudulent payments. Working with aforementioned unnamed top U.S. bank, tracking user behavior through biometrics was able to alert the banks involved in 312 fraud attempts as they were underway within the course of one month. The bank had already been using behavioral biometrics to detect potential account takeover fraud in other areas of the bank, according to BioCatch.

By analyzing more than 2,000 behavioral risk indicators in real-time, Zelle’s bank purveyors are able to detect anomalies in a legitimate user’s behavior, patterns, navigation, location and myriad other tell-tale signs that can point up potential fraud afoot. Further, behavioral analytics like BioCatch look at other factors that have little or nothing to do with user behavior, such as incorrect time zones or potential access from a virtual machine.

Being able to weed out potential fraud in P2P payments becomes more important as Generation Z and Millennials, who rely on these types of payment, are aging up. More than 4 out of 5, 82%, of people between the ages of 18 and 24 have used P2P payments, according to the Payments Journal.

“Banks who are looking to remain competitive in a digital-first world know that adoption of these platforms is critical to retain existing customers and attract new ones,” according to the BioCatch-Zelle case study. “However, these platforms expose banks to increasing risk which is why it is important to have strong fraud controls at the enrollment process, such as behavioral biometrics, to ensure consumers are able to enjoy the full functionality and convenience of the service.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.