Venmo Scams & Other P2P Fraud: 7 Actions for Better Defense

The value of transactions completed over peer-to-peer (P2P) apps like Venmo and Zelle will top $1 trillion in 2023, (Insider Intelligence).  Find out what the two most popular P2P fraud scams are and how to combat them.


Two Common Fraud Scams from Convenient P2P Services

84% of consumers have used peer-to-peer payment services (P2P)—and 15% have been scammed. People use P2P payments for convenience. Then, fraudsters scam them by simply leveraging the ease of moving money without writing checks.   Both consumers and lenders are at risk for fraud due to wildly popular payments systems such as Venmo, Zelle, ApplePay and PayPal. The two most common examples of P2P fraud are evolutions to age-old scams: posing as a legitimate transaction and masquerading as a bank to take over an account.

Posing as a legitimate transaction

Fraudsters will contact a consumer and promise a product or service and ask for payment.  They will even inauthentically ask for help, especially during the holiday season.  But they will not deliver on any commitment. Once the fraudster convinces the consumer to pay, the consumer initiates a transaction through a P2P system to the fraudster and shortly thereafter the money leaves the account.  By the time the consumer realized they have been victimized, there is no way to recover the funds.

Masquerading as a bank representative to take over the account

The fraudster will contact the consumer, often posing as the fraud department of the consumer’s bank both through conversation and caller ID, stating that there is an issue with their account.  The imposter tricks the consumer and then requests items like their SSN, account number confirmation or asks the victim to reply to a One-Time-Password request.  The fraudster will use this information to gain access to online banking and either initiate a P2P transaction immediately or setup P2P and then initiate a transaction.  This is a classic example of Account Take Over (ATO) that uses the bank’s fraud defenses for legitimacy.

“These loss types account for 30-40% of fraud loss, making P2P scams one of the biggest drivers of overall loss.”

These scams have been creeping in like waves during high tide.  As a fraud detection and prevention expert, my banking customers have reported that these loss types account for 30-40% of fraud loss, making P2P scams one of the biggest drivers of overall loss.

Banks Take the Fraud Loss in P2P Scams – Upsetting Consumers and Congress

Banks have historically tried to get money back, which is largely unsuccessful. They end up either taking the loss or holding the consumer responsible for the loss.  This leaves consumers feeling victimized from both the fraudster and the bank.  Consequently, it has driven many CFPB complaints.

On October 26, 2022, Senator Elizabeth Warren alerted the CFPB Director of this fraud mechanism and asked the CFPB to “update and strengthen regulations governing the obligations of banks to repay customers who are defrauded on Zelle and other peer-to-peer payment platforms.”  Senator Warren has specifically addressed Zelle and its parent company Early Warning Services, LLC(EWS).

7 Actions to Take for Better P2P Fraud Defense

The most popular question about emerging or existing fraud trends is “How do I defend against this?” Like most fraud attacks there is not one simple answer because fraudsters are constantly evolving their tactics.  But when the following list of defenses are used collectively, fraud attacks can be mitigated.

I recommend that my clients use each of the following to help defend against P2P, but they work for all types of fraud.

  • Send automated alerts when initiating a transaction. Alerts can be based on triggers such as: behavior; recipient confirmation or listing risky vendors. Also, an alert can encourage the consumer to slow down and ensure the transaction is expected.
  • Provide education throughout the customer lifecycle: at enrollment and initiation of service, and when providing periodic updates. Help customers understand their risks and use the themes from your alerts to reinforce messages.
  • Implement velocity controls based on frequency of use. For instance, new payee or initial setup requires a pause before executing. Then initiate two-way text/messaging to confirm the new payer and to check if they want to complete this payment.  Remember to clearly communicate any delays to meet product required SLAs.
  • Establish transaction limits. Putting limits in place will reduce the maximum risk exposure to you and your customer.
  • Check payment destinations compared to initiation. Similar to account linking analysis, you should evaluate the P2P app token for changes that indicate possible ATO.
  • Build behavioral models that assess activities, evaluate token information, and monitor other fraud tools for indication of ATO and consumer stress.
  • Risk evaluation, which borrows from the investment community. Within behavioral modeling, I also recommend using risk evaluation. This borrows from how the investment community assesses new clients. In my discussions with other industry leaders, we agree that asking questions at account opening will allow you to identify consumer strategies based on risk. This also gauges the risk appetite of your customer.  Questions to ask include:
    • Have you been a victim of a scam?
    • How often do you anticipate using the tool?
    • What is the maximum amount you would like to be able to send over P2P apps?


RELATED CONTENTWho is Bridgeforce? Watch 'Our Story.'


Bridgeforce Strengthens Your Fraud Defenses and Improves Customer Experience

We have delivered customized assessments and prioritized enhancement plans so that our clients begin improving their fraud operations immediately. Our strength lies in our ability to see the bigger picture in macro trends and show our clients their risk. We have subject matter knowledge to identify weakness and advise you on real-world solutions to help you adjust how you conduct your business. We’ve balanced new strategies with customer experience, and then developed—and implemented—roadmaps that protect our clients and their customers now and in the future.

To begin your fraud P2P health check, contact us today.


[Editor’s note: this article was written by Dave Sanders, former Fraud Senior Program Manager at Bridgeforce]

Have a question about this article?