Have you ever needed to send money to a family member or friend that lives out of state? What about having to pay the babysitter, but you didn’t have any cash in your wallet? Instead of hauling out the checkbook that looks foreign to the babysitter, or waiting six months until you see your family member next, you login to your institutions mobile app and send the intended recipient their money. Sounds simple, right?
What about the alternative scenarios? You are selling your car online, and an interested individual sends you a payment directly as an ACH, called Peer-to-Peer or Person-to-Person (P2P) transaction. The payment is for $1,000 more than the listed price, so the individual requests that you send them a money order back for the overpayment. You later receive a notice from your institution that the P2P transaction was reversed and you are at a loss for the $1,000 overpayment. Similarly, P2P transactions are used to defraud individuals by using work-from-home scams. In these cases, individuals are looking for a flexible job where they can work from home. The employer instructs the consumer to open a new account and enroll in P2P transactions. Next, the employer makes deposits, and instructs the consumer to send a percentage of the deposited amount to a third party through a money transmitter. Subsequently, the other financial institution reverses the P2P transactions. Again, this leaves the customer a victim of a loss.
Even though P2P transactions are appealing to customers for the convenience of paying others, they can also be a haven for fraudsters to swindle innocent individuals out of money. Although many institutions are offering this type of service, the additional risks are making some institutions apprehensive to expand their services into this area. If your institution offers P2P transactions or is contemplating offering it, here are some considerations to mitigate the risks associated with P2P transactions.
1. Update initial Electronic Fund Transfer (EFT) disclosure
If you are allowing new or existing customer to conduct P2P transactions, you want to be sure the institution’s initial EFT disclosure addresses this type of transaction. Regulation E section 1005.7(c) states that if your institution adds an electronic fund transfer service that is subject to new terms and conditions, then your institution must provide an updated initial disclosure to the consumer. The disclosure should state any limits on P2P transactions that your institution imposes. To mitigate the risk of a potential loss, consider implementing an overall dollar amount limit and the frequency of allowable P2P transactions.
2. Review the institutions terms and conditions
Aside from updating the institution’s initial EFT disclosure, you should consult with your attorney to determine if there are any legal requirements or restrictions that should be in place between your institution and the customer. Prior to offering P2P, consider a thorough review of any terms, conditions and agreements provided to the consumer.
3. Limits on Liability
If your customer is a victim of a scam, who is responsible for the loss? Unfortunately, the financial institution is required to comply with Regulation E’s limits on the consumer’s liability. However, be sure your agreement with the customer addresses any limits on liability.
4. Train Employees and Inform Customers
Another method of reducing the institution’s risk is properly training appropriate employees to report potential fraudulent activity. Conduct training for frontline staff to identify and report suspicious activity. Do they have a newer customer depositing a larger check than the usual amount to open an account, followed by a request for a money order? Did the customer tell the branch staff that they recently sold an item online or just started a new job working from home? Informing customers of potential scams can reduce their risk of becoming victims. Consider sending out information to your customers informing them of the danger associated with conducting P2P transactions with parties they do not know.
5. Additional Due Diligence
Even with the appropriate disclosures, training employees on potential P2P concerns, and informing customers of scams associated with P2P, you will still want to perform additional due diligence to monitor for unusual activity related to these transactions. Conduct monitoring to identify potential fraudulent transactions to reduce the institution’s risk. Include P2P transactions in your BSA monitoring process. If you have an automated system, set up an alert to monitor for fluctuations in activity. Review your ACH activity and determine if there have been any increases in reversals of P2P transactions or claims of unauthorized transactions from other financial institutions.
Overall, P2P transactions offer convenience, which appeals to many consumers. Implementing the appropriate controls can mitigate those risks, allowing the institution to stay competitive in the digital age of the financial institution industry.