This article in PayThink identifies how criminals are now using spearfishing tactics with stolen personal information to convince account holders to send money using P2P:
“Given the increasing popularity and volume of transactions, P2P also makes for an ideal breeding ground for fraud. Today, stolen personally identifiable information (PII) is widely available on the dark web following several data breaches over the past few years. Using stolen PII, fraudulent actors are likely to migrate to popular payment channels, like P2P.
Financial institutions and payments processors are doing their best to secure mobile and P2P payments. But fraud is an ever-evolving game. And fraudsters are using different, more complex tactics to circumvent fraud prevention measures. For their part, some financial institutions and payment processors are leveraging newer authentication methods such as using a mobile devices’ unique electric serial numbers or multifactor authentication that can include biometrics for identity purposes. Others are not.”
Nailing down the identity of individual users is the best way to prevent fraud and there are behavioral biometric solutions that every bank should be using today to identify each account holder as they interact with online and mobile banking while also protecting against bots (see “Biometrics A New Wrinkle Changes the Authentication Landscape). In the future I trust behavioral biometrics will be used in conjunction with 3D Secure 2.0 which would better identify cardholders and reduce card not present fraud.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group