Search Icon
Back to Blog

There is a major shift in liability coming soon related to specific types of consumer scam losses. Today, consumers shoulder the financial burden from romance, imposter, and other social engineering scam types. Their originating banks – normally on the hook for fraud liability – are not responsible when account holders send money to a fraudster in a receiving bank.

However, since June 2022 a string of U.S. Senators and some regulators, mainly the CFPB, have been pushing to move the losses linked to P2P fraud away from consumers to banks and fintechs that hold the receiving depository account in a transaction. Zelle and its bank owners are taking a proactive approach and are now creating a playbook for refunding customers and each other for certain scam payments.

The liability shift potential is enormous, especially if other payment networks ultimately follow Zelle’s leadership. The FTC’s most current 2022 Consumer Sentinel Network report highlights that $2.732 billion was lost last year by consumers impacted by imposter scams across card, debit, check, ACH, and P2P payments. The FTC report states that 1 in 5 U.S. consumers were impacted by this type of scam, which averaged $1,000 per incident.

Financial Institutions are Concerned

With the liability shift coming, our customers are sharing what they’re seeing in P2P fraud.

The fraud leader of a major deposit institution that recently started offering P2P transfers to select customers told us they were surprised that the biggest losses are coming from their “receiving” accounts. In other words, they are realizing higher rates of P2P fraud when their own customers receive dollars through a P2P payments system. Initially, the fraud rate for these types of P2P payments at the institution exceeded 200 bps; however, they have been able to reduce the P2P fraud rate substantially by incorporating a transaction risk model to P2P transactions. Unfortunately this comes at the cost of high P2P decline rates for some of their high-value customers.

It’s worth noting that many of the customers with higher fraud rates had a long tenure and made direct deposits with the institution. The institution mentioned above believes that the highest rate of P2P receiver fraud is coming from real consumers (first-party fraud) who may be working directly with organized fraud actors (second-party fraud) to enhance their earning potential. Often, the account holder acts as if they have been groomed by a handler who has taught them how to deflect fault.

Synthetic Identity Fraud Continues to Grow and Fuel the Money Mule Problem

Another concern of Socure customers is the growing rate of synthetic identity fraud attacks at deposit institutions spurred on by COVID in 2020. Socure analysis of DDA, investment, and other deposit accounts shows that 1-3% or more of open, active deposit accounts are held by synthetic identities. These synthetic identities are acting as money mules fueling consumer scams, money laundering, human and drug trafficking, and other nefarious activities.

These synthetic identity fraud attacks are making an approaching liability shift and a solution for counter-party risk even more pressing – and daunting.

Since February 2023 when Socure announced its commitment to help identify and remove 100,000 synthetic identities from the U.S. financial system, we saw the liability shift as an eventuality that would impact the industry substantially. Subsequently, we have been working with our largest customers and the industry to identify potential money mules hiding within customer portfolios and help identify suspicious P2P credentials.

Portfolio Scrubs Identify and Eliminate Potential Money Mules

Many of Socure’s largest customers are performing Portfolio Scrubs against their entire customer base to identify and root out synthetic identities, and other potential money mules hiding within their portfolios. Money mules, identified in deposit accounts by Socure’s Portfolio Scrub, are made up of third-party fraudsters who may have slipped through initial defenses via synthetic identities or accounts that have been taken over. We are also performing compliance analysis against customer accounts to not only point out risky commercial addresses or consumers reported as deceased, but also to provide updated contact elements, including the correct phone, email, and physical address for their consumer on record.

So far, our Portfolio Scrub analysis shows that between 1% and in some cases more than 4% of the deposit accounts at large traditional banks and fintechs are held by synthetic identities.

However, that’s not where the Portfolio Scrub analysis ends. Beyond identifying synthetic identities, third-party fraud that may have slipped through at origination, and those accounts that have likely been taken over by a bad actor, Socure can also perform KYC checks against important identity elements, including consumer name and DOB, physical and email addresses, SSNs, and phone numbers. KYC identifies invalid emails, physical addresses that are commercial, mail drops or correctional facilities, and incorrectly formatted or invalid SSNs.

On average, we also see:

  • Roughly .05% deceased customers
  • 7-15% with a commercial or invalid address in place of residential
  • A small but risky number of correctional facilities as home addresses for consumer accounts hovering around .1% or less
  • And 3-8% of the time we’re seeing addresses, emails, and phones that are invalid or do not belong to the consumer who supposedly owns the account

To help customers update their customer account data, we deploy Socure Verify+ and provide back the best-matched-entity, enriching everything from SSN and DOB, to email, physical addresses, and phone numbers. An additional view of updated PII data can assist an organization in identifying outdated data which can translate to risk.

In addition, creating an updated history of profile changes can assist in creating better customer risk scores. Understanding the historical perspective of account change can help determine the risk of account takeover. When combined with detection of high risk transactions, this view can assist in detecting and managing riskier accounts and determine potential step-up strategies.

Assessing Fraud Risk of P2P Credentials

Donna Turner, previously with Zelle and now at her own consulting firm, Risk Insight Solutions as well as serving as an “Advisor in Residence” with EY, told Socure that “banks and fintechs can’t ignore the receiver side of P2P transfers. With shifting liabilities, this is where P2P fraud losses will negatively impact an organization unless they are taking steps now to effectively manage that risk.”

She also stated that companies need to “implement preventive controls, integrate detection capabilities and analyze both receiver and sender P2P tokens, including email and phone number, to understand what risks might lie within the token itself.”

Several of our customers are doing just that by taking a deeper look at the P2P credentials they have stored on their system to assess risk, and also performing a real-time risk assessment of new credentials. Socure’s Email, Address, and Phone RiskScores and Correlation Values identify suspicious credentials at a very low false positive rate, and also help users understand if the consumer owns the phone and email they are using.

Our Analytics team has recently enhanced our Email RiskScore to take into account email domains and user names that are often used by bad actors in P2P fraud scams with a variety of innovative comparative techniques – the Socure Email Risk solution is the only one in the market that captures the signals specific to these types of attacks. Current consortium performance for Socure’s Email RiskScore is measured at a fraud capture rate of roughly 41% at a review rate of 2% with a false positive rate of 3:1 or better.

Synthetic Scoring at Point of Origination

Of course, the most obvious way to keep potential synthetic money mules out of your deposit account base is to deploy a robust, up-to-date analytical model that identifies synthetic fraud at origination. Too often, we find that banks and fintechs with deposit accounts and Consumer Identification Program (CIP) requirements use CIP KYC solutions to identify synthetic identity fraud. While these solutions can identify the easiest fake identities, they do not do well capturing more sophisticated synthetic attempts, and lead to an increased amount of synthetics hiding within your portfolio.

Socure’s Sigma Synthetic Fraud score identifies an industry leading 60% of synthetic identity attempts at a low review rate of 1% with a 1:1 false positive rate or better.

Planning for Future Changes

If you have not started preparing for the coming liability shift from consumers to banks and fintechs for consumer scam losses, it’s not too late.

Socure’s Sigma Synthetic Fraud solution will close the front door to new synthetic fraud attacks. Portfolio Scrubs will identify non-FPF related money mules, and RiskScores and Correlation Values can assess the risk of P2P credentials in real time. To learn more about these solutions, you can schedule time with our team here.

We also recently launched an eBook about the hidden risk of money mules – get your copy here!

Mike Cook

Mike Cook is VP of Fraud Solutions Commercialization at Socure and works alongside Data Science, Product, Sales and the Fraud Investigation team to help ensure solution optimization across all the markets Socure serves. Mike has been an innovator in fraud, identity, and credit risk for almost 35 years and has created several patents for identity risk technologies.