CISO Perspective: How to Safely Use Peer-to-Peer Payments

By Robert Eastwood | Published: January 2023

Peer-to-Peer (P2P) payment platforms such as Zelle®, Venmo, PayPal and CashApp have continued to rise in popularity in recent years, and for good reason.

These platforms can make it quick and simple to transfer money to friends and loved ones without the need to visit your bank, an ATM or cut a check. While P2P payments can help streamline your finances, it is important to use them properly to avoid falling victim to fraud.

Here are some tips to avoid P2P payment fraud and safely use these platforms to simplify your finances.

What Do Peer-to-Peer Payment Scams Look Like?
Fraudsters can be quite sophisticated when it comes to attempts to get your money. Just a few common examples of how P2P payments can be used for scams…

• You receive a call, text or email from someone claiming to be from your financial institution or another reputable company about an issue with your account. Fraudsters are often able to spoof real phone numbers or use other tactics to make these messages look legitimate.
• The scammer will tell you there is an issue with your account and they need your login credentials to help resolve it. Stop. Never provide your full login credentials, especially your password, to anyone.
• They may also ask for a code that was sent to your phone. This is often an attempt to reset your account password or gain other account access without needing your actual password.
• Fraudsters may even tell you that you owe money and ask you to transfer it using a P2P payments platform in order for the issue to be resolved.

If you find yourself receiving messages like these, hang up or delete the messages immediately without clicking any links, and call the number listed on your debit/credit card or the company in question’s official website to report the fraudulent attempts.

Know the Terms and Conditions Before Use
As with any product or service used, it is important to carefully read the terms and conditions of usage before registering. While these can be lengthy, having a full understanding of how your data is stored, how it is used, and your personal liability for fraudulent activity is vital before you begin using any platform.

When it comes to P2P payments, you’ll want to ensure you understand if there are any fraud protections offered, what is considered an “authorized payment” should you be the victim of a scam, and remedies available for those instances.

If you find you’re uncomfortable with the terms and conditions of any product or service, you should avoid registering or providing personal financial information.

Only Send Payments to Those You Know
Scammers use many sophisticated tactics to defraud their victims. From romance and employment scams to claiming you’ve “won a prize.” Regardless of what P2P payment platform you use, it is vital to only send money to those you know closely.

Never send money to someone you’ve only met online or to someone claiming you need to send payment in order to receive a prize or unlock your account. Depending on the terms and conditions of the platform you’re using and how the payment was approved, these could qualify as authorized payments and you may find yourself on the hook for the losses.

Before sending a payment to anyone, first ensure you know them closely and consider sending a small test payment of a dollar or so to confirm it reaches the intended recipient before sending more.

P2P payments can make your banking and life simpler in many ways. With the proper knowledge and vigilance, you can use these platforms to streamline sending money to reimburse a friend for a meal, send a gift to a loved one, and more, but knowing the warning signs of scams and your rights when using these platforms is vital to ensure your personal and financial information is protected.

That is a CISO perspective.

---

About the Author – Robert Eastwood
Robert Eastwood is Senior Vice President, Chief Information Security Officer at WSFS Bank. He has more than 24 years of experience in the information security field, including nearly 20 years at WSFS, most recently as Vice President, Information Security Officer, where he developed and executed a multi-year strategic plan for Information Security. He also holds a number of professional certifications and memberships in the Information Services, IT and financial services fields.