Ever since the U.S. banking industry took the plunge into the world of “faster payments”, the real-time peer-to-peer payments (P2P) platform Zelle - by which one can move money from their bank account to an email or mobile phone number - has gained both popularity and praise. By the third quarter of 2019, Zelle traffic was reported to have reached 196 million transactions with a volume of $49 billion, vastly higher than other competitive solutions.
Along with these new digital opportunities, many banks are now beginning to realize the far greater risk of online fraud that P2P payments expose.
In the UK, the move to faster payments in 2008 caused online banking fraud losses to triple within three years, even as every bank adopted strong authentication in the form of hardware-based or SMS-based two-factor authentication.
The UK banking community learned long ago that so-called “strong authentication” isn’t actually that strong. Criminals have developed, honed and perfected methods to get around the controls, in some cases even tricking users into making fraudulent transactions from their own online accounts through so-called social engineering.