In the mid-2000s, when biometrics in payments was still a mysterious notion, a company called Solidus Networks developed a finger-reader for payments that was trotted out at grocery chains such as Jewel-Osco.  

It allowed shoppers to pay at a Pay By Touch terminal with the touch of a finger. That payment method – which arrived a decade prior to a similar product, TouchID on Apple iPhones – failed to gain traction, and Solidus filed for bankruptcy in 2007. 

“At that point in time, biometrics was just really an alien concept,” said Thad Peterson, a strategic adviser with consulting firm Aite-Novarica.

While biometrics was too early to market then, payments consultants and executives say now is the moment for the technology. The FIDO Alliance, which seeks to eliminate passwords and advance biometrics for authentication, is one of several actors pushing payments in that direction. In the U.S., the retail sector is expected to generate $5.5 trillion by 2027 and Aite-Novarica estimates fraud losses just for card-not-present transactions will reach $9.2 billion next year, so there’s strong appeal in making payments simpler and more secure.

Tech companies Apple and Google – major influencers of consumer behavior – have done the heavy-lifting when it comes to biometrics acceptance. Their tech tools and ubiquitous smartphones have primed consumers to use their fingerprints or faces to access their devices. 

In addition, user IDs, PINs and passwords have become a friction-filled headache for many. Consumers who’ve grown weary of the need for unique passwords may increasingly view biometrics as a welcome change.

Those two factors have set the wheels in motion on biometrics in payments, said Peterson, who focuses on emerging payment technologies and digital wallets.

As the pandemic prompted a shift toward contactless, payments players want to make transactions as frictionless and quick as possible, both to increase volumes and please customers. Tapping biometrics takes that a step further, proponents say, with ease of use and security both necessities in the digital age. By combining biometrics with Near Field Communication (NFC) and EMVCo standards, “you get to a really secure transaction,” Peterson said.

Reducing fraud is crucial to payments companies, and brands want to be seen as modern, seamless organizations, said Andrew Shikiar, FIDO Alliance’s executive director, during a June interview. 

There’s plenty of buzz around biometrics, but a number of questions remain regarding adoption and security. Paying by face has been around for at least five years in China, but privacy concerns are more of an issue in the U.S. than in that country, payments consultants and executives said. Additionally, the U.S. financial system is far more diverse and American consumers tend to be slower to use new technologies.

U.S. adoption will come faster if biometric payment methods take off in Europe, where regulations are more stringent, Alessandro Chiarini, senior vice president of enterprise authentication for biometric software company Aware, said during a May interview.

As more companies turn to biometrics and collect consumer data, however, the odds of a major breach occurring increase. “You see one high-profile breach, and maybe consumer appetite and concerns completely change from what they were,” said Greg Szewczyk, partner and co-chair of the privacy and data security group at law firm Ballard Spahr.

Until the security of such systems has been tested further, biometric payment methods are unlikely to unseat other payment options, some professors and consultants said.

Biometrics in payments is “no silver bullet,” said Dave Lott, a payments risk expert at the Federal Reserve Bank of Atlanta, during an August interview. He noted the Federal Reserve has always maintained “a technology agnostic position.”

In payments, “there are applications that lend themselves to various forms of biometrics, and there’s others that don’t,” Lott said. “If I’m paying cash, there’s no biometrics involved in that.”

New payment methods emerge

Since the days of Pay By Touch, a crop of new biometric technologies have emerged: Methods asking users to hover or wave their palm over a scanner are factoring in unique features like the shape of the hand and the veins running through it. 

Face-pay tools ask users to look into a camera as their image is captured and compared against facial scans; methods involving the eye can scan the retina or iris to authenticate payment.

People tend to be less comfortable with a biometric that involves the eye than a fingerprint, scholars said. In geographic regions of the world that have already turned to biometrics, like China, face-pay is more popular than palm-pay. 

Consultants said biometric payment methods are far more likely to gain traction if they are geared to consumers using their smartphones, as opposed to requiring merchants to acquire and install in-store technology.

“I think absolutely people are ready for it, and they’re already using it,” Peterson said. As long as it’s device-dependent, “the merchant is kind of out of the equation,” he added.

Big names pursue biometrics

Consumers tend to be most familiar with the biometric method that employs a one-to-one comparison. That’s typical with phones using biometric sensors to verify users with a fingerprint or facial identification, said Anil Jain, a professor in the computer science and engineering department at Michigan State University.

“The advantage is that your template, or your reference biometric, is always stored in the phone, which is with you,” which is highly secure, Jain said.

That’s the approach that FIDO Alliance, a consortium of technology companies, has tapped in its effort to eliminate passwords. FIDO stands for fast identity online and the consortium is spearheading that change.

Pairing biometrics with cryptography allows a person to prove his or her identity to a device and then allow that device to provide proof to an approved third party, like a bank app, said Stephanie Schuckers, a professor at Clarkson University and director of the Center for Identification Technology Research. She was involved in the biometric certification process for FIDO.

PayPal, Bank of America, Wells Fargo and large retailers Best Buy, Wayfair and eBay are among those already accepting FIDO for log-in, said Megan Shamas, FIDO’s senior marketing director. It’s gained traction in online payments in Europe, because it’s easier for consumers than a one-time password or multi-factor authentication, Shamas said.

Products like Amazon’s palm-pay, called Amazon One, are different: Consumers enroll at a store and link their payment information. In a system like Amazon One, it’s a one-to-many comparison, with “one” being the customer paying and the “many” being the pool of Amazon customers who’ve opted into recognition by their palm, Jain said. This method can be highly convenient, but involves biometric data being stored in a central database.

“There is always a worry that somebody may either break into the central storage or, during the transmission of the data from the point-of-sale to the cloud, somebody may intercept your data,” Jain said. That’s why Amazon and other large companies ensure biometric data is encrypted, so even if it’s intercepted, it’s secure, he said.

The e-commerce giant opted for the palm biometric because it was important to the company to choose a method that doesn’t reveal a person’s physical identity, said Dilip Kumar, Amazon’s vice president of physical retail and technology. 

“Unlike face or even your voice, which can give you clues about the person’s identity, a picture of your palm doesn’t give you a clue as to who the person is,” he said in an Amazon News video published in July.

Amazon also opted for “a very intentional gesture,” Kumar said in the video. Customers are accustomed to holding their phones over devices, so hovering their hand over a scanner would seem similarly active, said Kumar, who the company said wasn't available for an interview. 

Amazon uses sophisticated cameras and computer vision technology to capture the details of the palm and subsurface images of veins, Kumar said. The company incorporated “liveness detection” to bolster accuracy and ensure hands being held over devices are real. 

Beyond some of the company’s Fresh, Go and Whole Foods stores, the technology also is being used in some U.S. airport stores and stadiums, an Amazon spokesperson said.

Other biometric uses are popping up in payments: Companies like Samsung are embedding fingerprint sensing, which eliminates the need for a PIN, into physical cards. Pasadena, California-based PopID has partnered with Visa and Mastercard to bring its face-pay technology beyond southern California to other regions of the world. 

Mastercard’s biometric checkout program launched earlier this year with a pilot program in Brazil. The company also plans to test biometric payment methods in the Middle East, Asia and the U.S., although Nili Klenoff, senior vice president and head of authentication solutions at Mastercard, wouldn’t say when the program will arrive in the U.S. 

The card network’s program lays out standards for how biometric service providers, digital players and merchants should develop their biometric tools and tests them to ensure the tools meet the company’s privacy and security standards, Klenoff said during a May interview.

“Ultimately, that’s the key to unlocking scale,” Klenoff said. “Our goal is to create an open environment that empowers different channel providers to play.”

Privacy, security concerns

No two people in the world have the exact same biometric traits – and that plays into the hands of those trying to reduce fraud and enhance security in payments.

Consumers are still coming around to the idea, however. About half of U.S. adults favor the use of facial recognition technology for security purposes, such as enhanced security with a credit card payment, Pew Research Center determined in March. 

When it comes to checkout, 74% of U.S. adults expressed privacy concerns about their biometric data, like fingerprints or retina scans, being stored by a marketer, according to data from an upcoming issue of Ipsos' strategic foresight magazine, What the Future. Respondents were polled in late August.

Consumers tend to view biometric checkout technology as reliable and trustworthy, but the next hurdle “is the security piece of it,” said Oscar Yuan, CEO of Ipsos Strategy3. The security factor is “particularly challenging” because it’s not just biometric data security that impacts consumers’ nervousness, “it’s general data security that’s giving people pause,” Yuan said.

Mastercard’s data from June also indicate about two-thirds of global consumers say biometrics is more secure than a PIN or password, but 71% are concerned about which parties have access to their biometric data.

From FIDO Alliance’s perspective, it’s critical that all biometric data remain in the device, not in a central database, Shikiar said. That’s a comfort to consumers who are trusting that their biometric information is being handled responsibly. FIDO’s user testing showed that “once they understood that the data was on their device, they loved it,” Shamas said. 

Still, consumer advocates worry there’s a false hope the new systems being touted are more secure, when that might not be the case. 

“My sense is that consumers are not going to wholeheartedly embrace all of this biometric stuff that’s being sold to them,” said Ed Mierzwinski, senior director of the federal consumer program at advocacy organization Public Interest Research Group. Consumers “are very concerned about databases containing their information that could then be misused.”  

Of FIDO’s locally stored approach, Mierzwinski said: “I’m not endorsing it, but I’m saying it’s better.” 

Others suspect consumers aren’t thinking about the different approaches to data storage. “I don’t think there’s that divide in their mind, that, oh, this one’s saved on my phone, so this one’s safer,” Yuan said. “They think in terms of, ‘OK, they have my data and I want it to be secure, whether that’s the device that stores it, whether that’s Amazon that stores it, whether that’s Apple that stores it, whether that’s AT&T that stores it.’”

With sensitive data in play, it’s incumbent upon companies to be transparent. Those capturing biometric information need to “be really clear about what’s being captured, how it’s being used and how it’s being protected,” said Adam Pressman, a managing director in the retail practice at consulting firm AlixPartners.

Among U.S. states, Illinois, Texas and Washington have biometric identifier laws, requiring specific consent from consumers before companies can collect biometric data. But all 50 states have breach notification laws, and most of those include biometric information, Szewczyk said.

If the biometric method used is something consumers are familiar with, it’s less likely to raise concern on the consumer front, Szewczyk said.

The usability factor

A handful of different biometric methods are being pursued in payments, but certain types have greater usability than others, depending on the setting.

“There are a whole bunch of biometrics,” Jain said. “The question is, what makes most sense in a given scenario?” 

Background noise in a crowded store may interfere with the use of a voice biometric at a kiosk. Paying by face could be particularly useful at drive-thru restaurants. Merchants will assess biometric technologies and pick the right tool for their business, Klenoff said.

For in-store payments, FIDO has been working with EMVCo on allowing the FIDO biometric credential to be used to authenticate at the point of sale, erasing the need for another verification method like PIN or a signature. Mobile payment providers like Apple and Android are beginning to implement that credential, Shamas said.

But if the biometric payment method involves the merchant obtaining and installing new technology – like a kiosk with a camera that scans a customer’s face – envisioning that is harder, consultants said. 

That approach could be costly for merchants, requiring added hardware or software at each store, and customers would have to be taught how to use it, said Jeff Fortney, a senior associate with payments consulting firm The Strawhecker Group, in June.

The path to broad adoption

The pace at which biometrics in payments could take off in the U.S. remains unclear. 

Some payments professionals pointed to the persistence of cash or the arduous adoption of chip cards. The latter were rolled out in 2015, and gas pumps just reached compliance this year. QR codes were used to make payments in India in the mid-2000s, but it took the pandemic to get consumers to use QR codes in the U.S.

“I’ve seen a lot of new technology that I thought would just be a game-changer, but it either didn’t have financial support or merchants weren’t going to do it,” Fortney said. “It’s going to be a 10-year cycle, in my opinion, before [biometrics] really makes an appearance.”

Klenoff pointed to greater adoption of tap-to-pay during the pandemic, predicting biometrics will follow a similar trend. “We’ve taught consumers to swipe, then to dip, then to tap and now, biometrics,” she said. “With any of those experiences, it takes the consumer a couple of times to experience the technology, try it out and become comfortable with it before it becomes a habit.”

The older the technology is, the more consumers trust it. In the earlier days of the internet, people were afraid to use their credit cards online to pay. At that point, “we were looking at the same thing – 75 percent -80 percent of people were nervous,” Ipsos’ Yuan said.

Over time, technology improved and the convenience factor outweighed concerns, causing that percentage to shrink, Yuan said. He suspects consumer comfort with biometric payment methods will follow a similar path.

There’s still work to be done in biometrics on the technology side, in terms of improving accuracy. Shikiar noted false rejections can be an issue in biometrics, particularly for Black users. That’s something the industry continues to address, “to make sure that bias goes away through stronger testing, improvements in algorithms, things like that,” he said.  

As Apple, Android and Windows products roll out new operating systems in the coming months that support FIDO credentials, Shamas expects that will be the spark that fuels further adoption on the part of financial institutions and merchants.

Rather than having shoppers input payment details such as card security code at each site, merchants want to move toward a process that has customers “form fill your credential in the browser, and then you authorize it with your biometric,” Shamas said. “I think we’re going to see these things come together in the next couple years or so.”

Looking ahead, consultants envision the use of biometrics to unlock a mobile device being applied to authorize a payment made shortly thereafter, without having to re-authenticate, Peterson said.

For his part, Lott expects to continue to see a “buffet of payment choices.” 

“Ultimately, it is the consumer that’s going to make the decision as to what method of payment they prefer to use,” Lott said. “If a merchant doesn’t support that particular method of payment, it’s highly likely that consumer [is] going to find a merchant that does.”

A new contactless and mobile payments software standard was approved Wednesday by the international standard-setting body EMVCo in an effort to coalesce the card industry around one approach.

The software, which EMVCo refers to as a “kernel,” allows for payment acceptance at point-of-sale terminals and ATMs for the processing of card transactions, even in instances when the card is embedded in a phone. 

“The EMV Contactless Kernel Specification is the latest example of the payments industry collaborating to deliver a specification that supports marketplace needs, and advances seamless and secure payments globally,” said EMVCo Executive Committee Chair Alisa Ellis said in a release Wednesday regarding the new software standard.

There are currently some 20 different contactless payment “kernels” in use by merchants around the world so the new specification is aimed at reducing complexity and costs.

The effort is driven by the owners of EMVCo, including the namesake companies Europay, Mastercard and Visa, as well as the U.S. card companies American Express and Discover Financial Services, plus JCB of Japan.

Invisible to the consumer

Switching to the new software may or may not require a merchant to swap out a POS device, depending on whether it can be done remotely by a merchant acquirer, said Stewart Watterson, a strategic analyst for Aite-Novarica Group who specializes in retail banking and payments. As for the consumer experience, Watterson said in an interview that he doesn’t see that changing much as a result of the new software, at least not for the moment.

EMVCo, which is controlled by the world’s biggest card companies, said in the release that the benefits of the new software include more security for channel privacy, eavesdropping prevention, and protection of sensitive data; card authentication via elliptic curve cryptography; biometric and mobile card verification support; optimization for use with cloud technology; and on-card data storage for privacy and integrity protection.

While the new software could improve fraud-prevention and efficiencies for card processing, it mainly guards against more sophisticated technical data breaches that aren’t very common, Watterson said. The new generation standard isn’t a big benefit now, or controversial either, for that matter, but it could be in the future as a stepping stone to more significant improvements, he said.

Little financial incentive to change

Merchants may not even have much financial incentive to pay for the switch anytime soon, given merchant acquirers are likely to charge for the upgrade, Watterson said. That’s because four of the five benefits, with the exception of cloud optimization, largely accrue to the card issuer, with less benefit for acquirers, so there’s less reason for the latter to rush adoption.

Still, the nation’s largest bank, JPMorgan Chase, operates on both sides of the equation, as a card issuer and merchant acquirer, but there still might not be much return on investment at this point, Watterson said. Other major acquirers include Fiserv, Global Payments and Adyen.

One of the biggest benefits of the new software might be with respect to rising use of biometrics for consumer authentication and fraud prevention. The new standard will let a POS device access biometric information more directly, providing another tool to check a user’s identity, Watterson said.

The new standard will likely be rolled out faster in Europe, where such technical upgrades tend to catch on faster, than it will be in the U.S., he said.

Approval process

EMVCo, the company behind the contactless symbol at payment terminals, took input from outsiders on the software specification in recent months after it issued a request for feedback in May on a draft of contactless specifications. 

The 312-page draft issued earlier this year was reviewed by EMVCo associates, including major payments processors such as FIS, Adyen and Fiserv as well as big tech companies like Microsoft and Google and newer fintechs such as Stripe and Square. Merchants, such as Target and Amazon, are also associates, according to the EMVCo website.

As part of the software approval process, the specification was subject to meeting discussions among the EMVCo associates, a full associate review as well as the public review, said Alistair Cochrane, a spokesperson for EMVCo. In conclusion, it was approved by a vote of the EMVCo board, which includes merchants, card issuers and acquirers, payment networks, financial institutions, and testing laboratories, among others, he said.

The new specification is “significant because it is the first industry standard kernel that simplifies global acceptance of contactless payments for merchants, payment systems, and solution providers,” American Express Executive Vice President Matthew Robinson said in an emailed statement, adding that the company is beginning to transition to the technology.

Visa, the biggest U.S. credit card network, has witnessed an increase in in-person fraud this year as criminals return to the physical world of transactions alongside consumers emerging from COVID-19 pandemic seclusion, the company said today.

The pandemic, which began in early 2020, super-charged consumer use of digital payment options, including credit cards, for purchases online as people worked and played at home to avoid the deadly virus. That activity led to an increase in online crime, but the return now to in-store shopping and in-person transactions is boosting fraud and scams in those environments, Visa said in a press release Thursday.

Between June and November last year, San Francisco-based Visa said use of physical skimming devices that illegally capture cardholder data, like PIN numbers, more than doubled when compared to the prior 12-month period. The increase in card-present threats, including ATM and point-of-sale terminal skimming, will likely persist, Visa said in its press release.

“We are continuing to see high rates of skimming, growing over the already elevated levels of the winter of 2021, where fraudsters are jumping on the rise of in-person activity,” Visa Chief Risk Officer Paul Fabara said in the release.

That could mean more trouble as the yearend holiday shopping season gets underway. In-store sales started increasing faster than those online earlier this year, as consumers balked at delivery fees amid inflation and sought more social experiences after being cooped up for two years, CNN reported in June, citing data from Visa rival Mastercard.

Nonetheless, Visa maintained that the e-commerce environment, which ballooned during the pandemic, remains the chief target for criminals, with online fraud making up 75% of frauds and data breaches investigated by the company.

Losses from U.S. cybercrime nearly doubled to $6.9 billion from $3.5 billion between 2019 and 2021, Visa noted in a new report on the topic it published today, citing data from the FBI.

Cryptocurrency transactions are another sweet spot for crooks, Visa noted. “Beyond attacks on traditional currency, threat actors are employing new tactics to defraud cryptocurrency users, including new malware focused on browser extension wallets for crypto users as well as innovation in phishing and social engineering schemes,” Visa said in the release.

To thwart the criminal activity, merchants are buying into advanced security capabilities like digital tokens, deploying artificial intelligence tools and using enhanced authorization tools, Visa said. The card company offers some of those types of services.

Dive Brief:

• Banks that own Zelle reimbursed 47% of the amount customers reported in fraud through the peer-to-peer platform in 2021 and the first half of 2022, according to a report Monday from Sen. Elizabeth Warren, D-MA.
• Warren is using the report to urge the Consumer Financial Protection Bureau (CFPB) to bolster and clarify Regulation E, which governs when banks must repay harmed customers.
• Zelle delineates between fraud and scams. Fraud encompasses unauthorized transactions in which bad actors access a customer’s account. Scams, however, are transactions authorized by the account owner that may have been influenced by bad actors. Zelle’s policy mandates that participating institutions reimburse unauthorized transfers but makes no such promise for authorized ones, the report said.

Dive Insight:

Warren’s report comes less than two weeks after seven big-bank CEOs testified in front of the Senate Banking Committee. Six of those banks hold ownership stakes in Zelle.

At the hearing, Warren chastised many of the bank executives for not responding months ago to the panel’s request for data detailing how many customers had submitted Zelle-related claims — all but accusing the banks of purposefully keeping the figures under wraps.

“What I want to know is, is that because you don’t keep track when your customers report fraudulent Zelle transactions? Or is it because you do keep track and you know exactly how many fraudulent transactions have been reported, and you want to keep that report a secret?” Warren asked, according to The New York Times.

Truist was the only bank to comply before the hearing, Warren said. 

The CEOs of JPMorgan Chase, Wells Fargo, U.S. Bank and PNC pledged at the hearing to “immediately” send that information, Warren said. Monday’s report contains statistics from Truist, U.S. Bank, PNC and Bank of America. Wells Fargo provided incomplete and confidential data, Warren noted. JPMorgan sent Warren a letter indicating that the bank handled roughly 335,000 unauthorized fraud claims between 2017 and August 2022 but did not include the specific breakdown of data the senator requested. 

Reimbursement rates vary from bank to bank. Truist customers filed 24,752 unauthorized transaction claims in 2021 and the first half of 2022, amounting to $24.4 million, according to the report. The bank reimbursed 82% of those claims — 20,349, totaling $20.8 million.

At the other end of the scale, PNC customers issued refunds in 14% of customer-reported unauthorized transactions — 1,495 out of 10,683 cases. Refunds totaled $1.46 million out of more than $10.6 million, according to the report.

U.S. Bank customers, meanwhile, refunded customers in roughly 29% of unauthorized transactions during that time — 8,242 out of 28,642 cases, for about $4.7 million of $16.2 million, according to the report.

And Bank of America refunded roughly 45% of the dollar amount of reported unauthorized transfers — $56.1 million out of $125 million.

The figures did not include scams, or authorized transactions — of which PNC counted 6,831 cases; Truist, 7,223; U.S. Bank, 21,794; and Bank of America, 157,030.

“These data are deeply troubling,” Warren wrote in the report. “They not only reveal that banks are breaking their word about repaying victims harmed by Zelle — they also indicate that the banks may be violating the CFPB’s Regulation E rules.”

Indeed, all four banks saw an uptick in the number of Zelle-related claims — encompassing both fraud and scams — between 2020 and 2021, according to the report. 

PNC reported 11,356 cases in 2021, up from 8,848 in 2020. U.S. Bank saw 27,702 cases in 2021 — nearly double its 14,886 claims in 2020. Truist reported 22,045 in 2021, up from 9,455 a year earlier. And Bank of America saw 131,509 in 2021, up from 49,652, according to the report.

Four trade groups — the American Bankers Association, the Bank Policy Institute, the Consumer Bankers Association and The Clearing House — defended Zelle in a statement Monday, saying Warren’s report “fails to acknowledge that 99.9% of the 5 billion transactions processed on the Zelle network in the past 5 years were sent without any report of fraud or scams.”

“That doesn’t mean that Zelle, just like every other instant P2P payment service, is entirely free from those who seek to defraud the American consumer,” the groups wrote. “Banks know this and take steps to mitigate instances of fraud and criminal activity.”

Expanding Regulation E would prompt Zelle providers to scale back the platform’s services because of financial risk, limit its real-time features or start charging fees to recover additional costs, the groups said. 

“Either way, consumers' access to these valued services would be limited, forcing them to meet their needs outside the well-regulated banking system,” they said.

Zelle’s parent company, Early Warning Services, told The New York Times on Monday that “the proportion of fraud and scams has steadily decreased” since the platform’s launch in 2017.

Zelle, the digital payments service run by a group of banks, is seeking to showcase the popularity of its instant payment services even as lawmakers and lawsuits draw attention to fraud on the system.

In a press release last week, Zelle underscored that its business has been growing at a fast clip over the past five years, with $1.5 trillion moving across the network in five billion transactions since its launch in 2017. It also stressed that fraudulent transactions make up less than 1% of transactions and, perhaps not surprisingly given its growth, have been declining as a percentage of overall payments volume.

For the second quarter this year, the volume of payments flowing through the Zelle Network rose 27% to 554 million transactions over the year-ago period, and their value climbed 29% to $155 billion, the release said.

Some 99.9% of Zelle payments “are sent without any report of fraud or scams,” the Sept. 8 release said. Still, a spokesperson for Zelle’s parent company, Early Warning Services, declined to comment on what the total number of tainted transactions is and how the tally has changed in recent years.

The group of big banks that own and operate Zelle through EWS include Wells Fargo, Bank of America, JPMorgan Chase, Capital One, U.S. Bank, Truist Financial and PNC Bank.

The company’s effort to emphasize the popularity of its payments tool by showcasing its growth volume comes as some Democratic U.S. senators have slammed Zelle in recent months over its inability to deter and resolve scams in which consumers send money to fraudsters. Some of the bilked Zelle users have created more bad headlines for the company by suing the money transfer service this year over the fraud.

Despite the concerns, Zelle executives showcased the growth in demand for the payment services this month. While they also acknowledged the fraud and said the company continues to seek to reduce it, their message sounded a more positive note about how the company’s instant payments service is gaining traction.

“The P2P segment continues to grow at a strong double-digit pace, even though we've been around for five years,” Sean Loosli, the company’s head of consumer and small business payments, said in an interview this month. “But we're also really excited about the other segments that we're serving, including small business and disbursements. So those growth rates are even more impressive.”

Aside from the increase in peer-to-peer payments via Zelle, Loosli also touted the rising use of the network by small businesses to pay employees, contractors and consumers.

While the company serviced a couple dozen financial institutions at its start, it now counts 1,700 banks and credit unions as clients, including an increasing number of smaller banks and minority depository institutions, Loosli said. Zelle also has contracted with several hundred more to join the network, he said.

Similarly, Early Warning Services CEO Albert Ko in a separate news report emphasized the rising use of Zelle instant payments by lower-income consumers for bill payments.

Since last year, Zelle has increased marketing spending to bolster its commercial advertising, and that has included targeting demographics, such as older generations, that haven’t generally used the service as much.

Despite the Zelle publicity campaign, scrutiny from Congress may not taper off anytime soon. Indeed, one Wells Fargo senior vice president in the payments area, Michelle Ziolkowski, speaking on a panel at the Midwest Acquirers Association conference in July said her bank’s CEO would soon address concerns about Zelle at a congressional hearing.

She may have been referring to an upcoming hearing of the Senate Banking Committee later this month where bank CEOs are expected to testify. A spokesperson for the San Francisco-based bank declined to comment on that possibility.

”We are continuing to prioritize the consumer safety and protecting the participant banks in our network and the credit unions and are really pleased about the results that we're seeing and, at the same time, never content with any amount of people using Zelle for things that they shouldn't be, so actively working to both educate consumers and small businesses, as well as work to protect the product through our own technological and product means,” Loosli said.

A spokesperson for Scottsdale, Arizona-based Early Warning Services declined to comment on that upcoming hearing possibility.

Loosli explained how the company is building “positive friction” into Zelle, with communication safeguards that ask consumers if they’re sure they know the person they’re sending money to and that ask them to confirm the payments before they are sent.

“We feel like we’ve got a great track record,” he said of the company’s efforts to combat the fraud.

Dive Brief:

• Zelle’s early marketing campaigns may have boasted about bank-grade security, but the popular peer-to-peer payment method is now among the top payment fraud threats, per a recent PYMNTS-Featurespace survey of 200 financial industry executives.
• Credit cards topped the list of fraud threats identified in the survey, with 64% of executives polled saying credit card fraud rates have increased in the last 12 months. However, 51% of those surveyed said Zelle fraud rates increased during the same period. By contrast, 44% of those polled said fraud rates for rival peer-to-peer payment app Venmo went down and 39% said they went up.
• Other emerging payments that could be considered fraud risks include buy now-pay later (BNPL), with 44% saying fraud rates for that payment method decreased over the past year and 39% saying they grew, the study said.

Dive Insight:

Card fraud is an ongoing concern for financial institutions, despite the popularity of newer payment methods, the PYMNTS-Featurespace study, released on Sept. 13, highlighted. But emerging payment methods, including P2P vehicles such as Zelle, Venmo, Cash App and others, are catching up, survey findings suggested. 

P2P payment fraud is increasingly a source of tension between consumers and financial institutions. PayPal and Bank of America were recently sued over fraud risks of P2P payments linked to Venmo and Zelle, instances where allegedly fraudulent charges were not refunded.

The Consumer Financial Protection Bureau is expected to issue further guidance on fraud liability for transactions on P2P payment platforms like Zelle and Venmo, potentially setting up a drawn out battle between financial institutions and regulators. 

Smaller financial institutions have been hit particularly hard with all types of fraud, with 71% reporting increased fraud rates and an average loss of 1.75 basis points per transaction, the report said. Overall, 59% of institutions surveyed said they experienced an uptick in fraud, with fraud loss rates averaging 1.29 basis points per transaction.

Artificial intelligence and machine learning technologies can help institutions more easily track and combat fraud, although institutions feel there are hurdles to implementation, the report said.

“Though the majority of financial institutions indicated that they wish to invest in new, AI-powered tools to block fraud and identify suspected money laundering, a key problem stands in their way: complexity. In particular, the complexity of implementation — especially regarding regulatory compliance — can impede adoption,” report authors noted.

Two-thirds of executives surveyed said regulatory standards are too complex and their solutions might not manage all of their compliance needs.

“Executives are simply waiting for the right battle-tested solution, rather than passively standing aside as fraud rates climb,” the report said.

Total losses from fraudulent transactions — including in-person payments — in the U.S. will grow by 8.2%, hitting $12.16 billion, according to a recent forecast from Insider Intelligence. Meanwhile, card-not-present payments fraud losses will total $8.75 billion in the U.S., up 11.3% from last year. That number will surpass $10 billion by 2024, according to the company.

The WorldPay division of payments processor FIS plans to offer additional fraud-fighting services to merchants to help them fight a growing number of credit card disputes

The company said it intends to do that by extending its partnership Chargebacks911, a provider of technology that separates fraudulent from legitimate claims. 

Jacksonville Florida-based FIS and Chargebacks911 will provide merchants with a broader set of technology tools “to help reduce chargebacks, lower costs and combat fraud,” they said in a July 28 press release.

A spokesperson for Chargebacks911 declined to comment on the financial terms of the relationship and FIS didn’t respond to requests for comment for this story.

The partnership between FIS and Chargebacks911 was formed in 2018. Clients who use Worldpay for payment processing “can get access to our complete suite of pre-chargeback solutions,” according to a spokesperson for Chargebacks911, which is based in Clearwater, Florida.

“Changes in consumer preferences and merchant practices have retailers, card issuers and networks moving away from the manual dispute management processes,” FIS Chief Product Officer Vicky Bindra said in a press release. “Open platforms and flexible architecture are now vital, allowing automated products that reduce the time and effort invested in managing and resolving dispute volume.”

Chargebacks911 and other companies that provide chargeback prevention services, such as Bankcard Services, argue that merchants are seeing a rise in such fraud, increasing their need for their tools.

“Payment card disputes were intended as a “last resort” to protect consumers from criminal fraud and merchant abuse,” according to Chargebacks911.“Ecommerce dramatically changed the way we shop, though, and the chargeback process has failed to keep pace. Deceitful or uninformed consumers turned chargebacks into a tool to commit fraud, rather than prevent it.”

Merchants are especially concerned about so-called friendly-fraud disputes brought by consumers looking to make a quick buck by falsely claiming that they were ripped off.

“Chargebacks are one of the greatest threats facing modern business,” according to Bankcard Services, which provides merchants across industries with digital account services. “Merchants take the brunt of the hit, losing revenue from the sale, merchandise, and the cost of shipping. Merchants then get hit with additional charges,” the company said in a March web post.

For instance, consumers who prevail in their chargeback disputes are nine times more likely to file another one,  according to Bingham Farms, Michigan-based Bankcard.

“Most customers can’t see any difference between a chargeback and a standard return,” the Bankcard.com post said. “They either don’t know—or don’t care—about how a chargeback negatively impacts merchants.