Zelle Fraud: Fighting Advanced Cyber Crime in a Real Time P2P Scheme

The US banking industry has made a significant leap forward by launching Zelle, a real-time p2p platform for moving money from the user’s bank account to an email/mobile contact. In Q3 2019, Zelle traffic was reported to be 196 million transactions with a volume of $49 billion, and many banks in US are now offering Zelle functionality via their online and mobile banking applications.

But with new consumer possibilities comes also a far greater risk of online fraud

The importance of learning from history is proving itself again. In the UK, the move to Faster Payments in 2008 caused online banking fraud losses to triple within three years, despite the fact every bank adopted strong authentication in the form of hardware based or SMS based 2FA. Cyber criminals identified a chink in the armor and attacked on a massive scale, using a combination of advanced malware and social engineering to siphon off hundreds of millions of dollars. Fraud teams had to adapt to the fact that in faster payments, real-time decisions are needed.

Zelle poses a similar threat in the US. Many National Banks, Regional Banks and Credit Unions who offer the service report highly targeted fraud campaigns and an adaptive race with clever cybercrime rings who are quick to respond to new controls. Other banks rely on third parties to fulfill Zelle enrollment and payments, but seek strong Pre-Zelle controls in order to have better risk management as well as being able to increase daily / trx limits for the Zelle transfers without being over-exposed to risk.