The five biggest emerging scams P2P payment platforms face today

The five biggest emerging scams P2P payment platforms face today

The P2P payments sector is growing and innovating fast, and this activity is triggering a wider range of attack vectors

Header image
Chris Hooper
Director, Content
APRIL 12, 2023
Blog Post
Identity Verification

Fake apps
Fake billing sites
Botnet attacks
Why Veriff
New phishing variants
Card cracking

The peer-to-peer payments sector is booming, with total transactions worth nearly $1tn in 2022. That’s a full 25% increase on the previous year. Growth is being driven by innovative firms who are developing ingenious new ways to delight customers with faster, slicker and smarter platforms which dovetail with consumers’ fast pace of life and need for near real-time payments.

The sector may not suffer anywhere near the highest rates of fraud within the financial services industry, but its predicted growth has nevertheless attracted a significant uptick in criminal activity. Here are five of the biggest emerging risks confronting P2P payment services today.

The sector may not suffer anywhere near the highest rates of fraud within the financial services industry, but its predicted growth has nevertheless attracted a significant uptick in criminal activity.


Fake apps

Fraudsters can now create fake versions of popular payment apps and upload them to app stores or directly distribute them to potential victims. The goal is to gain access to personal information, payment details, or bank accounts so criminals can transfer funds without being detected. These fake apps often have the same interface as the legitimate version, but with malicious code embedded within them. They may also contain additional features that make it easier for criminals to steal data.

Fake billing sites

Fraudsters also create fake versions of legitimate billing websites and use them to trick their victims into providing their payment details. These sites usually have a professional design and feature the same logos, layouts, and other elements as the real sites. Fraudsters also send phishing emails with malicious links that take users to these fake billing sites. Once on the site, users are prompted to enter personal information, payment details, or both. The fraudsters then use this information to transfer funds to their accounts.

Botnet attacks

The criminal use of malware, such as bots, increased by 86% during 2022, according to analyst research. Criminals use botnets to deploy malicious code and gain control of thousands of devices at once. Botnet attacks allow fraudsters to set up multiple P2P payment accounts on different platforms and then transfer funds between them without being detected. This threat vector is so common that bots now generate most internet traffic.

Fast decisions

A 98% check automation rate gets customers through in about 6 seconds.

Simple experience

Real-time end user feedback and fewer steps gets 95% of users through on the first try.

Document coverage

An unmatched 11K+, and growing, government-issued IDs are covered.

More conversions

Up to 30% more customer conversions with superior accuracy and user experience.

Better fraud detection

Veriff’s data-driven fraud detection is consistent, auditable, and reliably detects fraudulent forms of identification.

Scalability embedded

Veriff’s POA can grow with your company’s needs and keep up with times of increased user demand.

New phishing variants

Phishing is a long-time fraudster favorite, and criminals continue to evolve the way they perpetrate this scam. Pharming, for example, involves criminals using viruses to hijack a victim’s device without their knowledge, so they can be directed to a fake PSP website. Vishing, on the other hand, is a telephone-based phishing scam where criminals use VoIP technology to call victims pretending to be trusted employees from their PSP. Education should always be the first line of defense, but AI-powered identity verification is just important when it comes to spotting fake users and hijacked accounts.

Card cracking

Card cracking is a type of fraud in which criminals use stolen payment card information to transfer funds into a wallet without the cardholder’s knowledge. Card cracking is often part of a larger scam, such as buying a cheap product and “accidentally” sending more money through P2P payments. Criminals then demand a refund for the difference, only for the seller to be liable for the total amount when it’s discovered the card was stolen.

Identity verification should be the cornerstone of every P2P payment provider’s fraud prevention strategy. Historically, rigorous verification risked adding unacceptable friction, undermining customer experience, increasing drop-off rates during onboarding and ultimately costing companies money.

AI-powered identity verification (IDV) platforms such as Veriff’s, however, automate this process, verifying customer identity in an average of just six seconds at an accuracy rate of 99.99%. This enables PSPs to effectively close down many of the emerging attack vectors exploited by cyber criminals.

Our IDV platform makes identity verification simple. Plus, you can also tailor your process to suit your industry and brand.

If you’d like to learn more about how we can create an identity verification process for your business, get in touch with us today and book a personalized demo.

Get more details

Discover more about how IDV is powering growth and customer acquisition for payments companies.


April 2023


The Four CISSP Exam Frameworks A good way to look at the CISSP exam is to view in through the lens of four different frameworks: CIA: Confidentiality, Integrity and Availability. Technology: technical skills. Management: what is the best approach to do something from a security manager’s perspective? Risk: risk management which is very important topic in the exam Every time you see a CISSP question, you should be able to look it from one of those perspectives or frameworks. If you get a question about symmetric vs asymmetric encryption, then that’s the technology perspective and the question is testing your technical knowledge. A question about the company’s best approach for security, is challenging your management perspective, and here you should put your self in the place of a security manager and think how would a security manager act in the situation. Then you have questions about availability vs confidentiality vs integrity and this is the CIA perspective, while a question about the annual loss expectancy (ALE) is related to risk management. What is the difference between differential and incremental backups? The difference in incremental vs. differential backup is that, while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.1

Leave a Reply