Image: Kaboompics .com from Pexels

By now most users are aware of the security weaknesses of payment systems like Venmo and PayPal: You should only send money to people you know, you should not use it to buy products or services and you definitely shouldn’t use it to get paid by people you don’t know, who can simply cancel the transaction before it’s complete. It turns out that Zelle, a payment system recently adopted by banks to compete with Venmo, has some serious vulnerabilities, too.

According to a report from the New York Times, some of the key factors that make Zelle appealing compared to its competitors—its usage by some of the biggest banks, including Bank of America, Citi and JPMorgan, and the speed with which it sends money—make it highly susceptible to fraud.

“Cash transfers within the network often take place within seconds—much faster than on most of its rival payment services,” reports the Times. “That has made it more difficult for banks to halt or reverse illicit transactions.” And it does not always inform customers when transactions are made, meaning you may be unaware that anything fraudulent is unfolding until it’s too late.


Article preview thumbnail
How to Not Get Scammed When Selling Things Online

If you’ve been bitten by the Spring Cleaning bug and are looking to cull some of your unwanted…

Read more Read

Additionally, the system requires an email or phone number to send money. According to anecdotes in the Times’s story, this allows scammers to register with your phone number and receive cash transfers in your stead. Security measures vary by the bank, and some do not notify customers “when new recipients are linked to their Zelle accounts.” And while Zelle says customers are not liable for fraudulent activities, it does not consider customers “knowingly” sending money to be fraudulent, even if the intended recipient does not get the money. Its website states that neither Zelle nor the banks that use it offer a protection program.

Some of the scams are much more sophisticated. Here’s what happened to Jane Butler, a Wells Fargo customer in Downingtown, Pa., as reported by the Times:

The con was elaborate. First, a phishing email that appeared to be from Wells Fargo tricked her into entering her bank ID and password into a fraudulent website. The next day, Ms. Butler got a call that appeared to be from Wells Fargo’s fraud department. The number she saw displayed on her phone screen matched the phone number on the back of her bank card — but it wasn’t her bank on the other end of the line. The call had been spoofed.

The caller tricked her into handing over one-time passcodes that provided access to Zelle, which was then used to make six transfers from her account, ranging from one penny to $999.98. Wells Fargo refunded Ms. Butler for her loss.

Others are fairly standard for P2P payment services: One woman thought she was buying concert tickets but was ghosted by the “seller” after she transferred the money (never send money before you have the item in your hands). In another incident, scammers accessed someone’s bank account online and used Zelle to transfer money out of the account.

Whether or not the customer is reimbursed for their stolen funds depends on the bank and the situation.

The Times reports that the size of the problem is unknown, “because Zelle is fairly new and banks do not report much data about it.”

Other peer-to-peer payment systems like Venmo and PayPal have faced similar challenges, and in fact, PayPal (which owns Venmo) recently settled a lawsuit with the Federal Trade Commission about its security measures.

One security measure that could be helpful in case someone gets access to your account: Connect the apps to your credit card rather than your bank account. You’re better protected and you can cancel transactions if you need to.



Source link

NO COMMENTS

LEAVE A REPLY