Digital Transactions Authoritative, insightful and timely information for payments professionals
The discussion about fraud in Zelle and other person-to-person payment apps focuses on the wrong question.
Providers, industry observers, and regulators are all discussing what should happen when someone is scammed out of money on these apps. Recent conversations have revolved around whether or not banks, payments providers, or the customer should assume the liability for fraud losses.
Many of the arguments pivot on whether a customer using a person-to-person (P2P) transfer services has made an authorized or unauthorized transaction. Providers argue that if someone is tricked but authorizes a transaction, then any losses should be the customer’s responsibility.
However, attention from Congress and the press has banks in the Zelle network discussing when it might be a good idea to make customers whole. Industry observers worry that this could lead to an expansion of Regulation E liabilities for the banks. They also worry that smaller banks could be forced out of offering P2P payments because they don’t have the money to investigate claims and absorb losses.
These discussions have a big problem: They only consider what happens after criminals have stolen someone’s money.
Providers have put themselves in this awkward position by ignoring the customer expectations they have encouraged with past products and marketing. Consumers are accustomed to being protected when they make electronic transactions because card products have provided zero-liability guarantees for years.
Also, consumers are used to money taking time—sometimes days or weeks—to move. So they believe that there should be time to stop a transaction if they make an error (and in many cases, despite real-time account credits, there is time).
Finally, as noted in one lawsuit, advertising has positioned these products as a “safe” way to pay.
Perhaps there is a better set of questions the industry should ask itself. For instance, does the average banking customer need real-time payments? If so, what are the circumstances? Should these products be redesigned to close up some of these security gaps?
P2P products provide warnings to consumers about sending money only to people whom they know. They remind users to double check the recipient’s information. They offer descriptions and examples of common scams. Despite all of this, there still seems to be a large number of people who lose money.
So, what’s the solution? How about slowing down payments? Indeed, maybe we should save “real-time” payments for special occasions
and emergencies?
Transactions can slow down on either side of the exchange. Providers could require a 24-hour waiting period to either send or receive money. That might give a potential victim enough time to find out that their grandchild is not sitting in a foreign jail or airport waiting for money to get home.
One design innovation might be to let customers specify the time period for delivering money. This might give them time to double check credentials while setting aside money for a transaction.
An analogy for this lies in travel. It is faster to fly across the country than it is to walk. But to access the speed of flying, a passenger needs to complete some steps to get through security. Why should payments be different?
While there may be true emergencies where a real-time account transfer is the only payment option, there’s no reason those transfers need to happen without reasonable security checks. If someone really needs to send money instantaneously, then it might be time to pull that transaction out of line for some enhanced screening.
As far as the other transactions go, people can wait until Monday morning for the money from the split bar tab to arrive.
—Ben Jackson bjackson@ipa.org
