Scams Involving Third-Party Payment Apps on the Rise
/GUEST BLOGGER
Hallie Ayres
Contributing Writer
Throughout the COVID-19 pandemic, fraudsters have developed a broad range of insidious schemes to prey on a variety of industries and subjects. A recent spate of attacks have targeted third-party payment and money transfer phone apps, such as Venmo, Cash App, and Zelle. These apps have soared in popularity as people have been making payments from their phones instead of going to banks or handling cash.
Here’s what the numbers say
A recent Merchant Savvy report projected that 1 billion people would make use of a payment app in 2020. The report also predicted that by 2023 this number will have grown to 1.31 billion. According to the AARP, more than 70% of Americans are current users of these apps.
The New York Times reported that, in comparison to credit and debit cards, payment apps typically have fraud rates that can be three to four times higher. By analyzing data from Apptopia, a company that collects market information on app services, The New York Times found:
The daily number of Venmo users is 26% higher than the data from 2019.
Customer reviews discussing the words “fraud” or “scam” have been appearing at rates four times higher than in 2019.
A 2020 Javelin ID Fraud Study corroborated these findings, noting the number of fraud victims, as well as the total amount of money stolen, has risen. In 2019, the total amount of money stolen through fraud was around $2.2 billion more than in 2018, yet there were 1.4 million fewer fraud victims than in 2019 than in 2018. However, the study found that the number of total fraud victims through payment apps has skyrocketed in general, rising by 733% since 2016.
3 popular third-party payment app scams
While Zelle has fewer fraud cases due to a more stringent authentication process for new users, Cash App requires only an email address, and Venmo requires only a phone number. The ease of creating an account — in addition to the instantaneous transaction, which leaves little time for the apps to be able to detect fraud — have allowed for a proliferation of accounts run by scammers. Thieves are able to send direct requests to other users simply by going through lists of email addresses or phone numbers, a method that the conventional bank transfer makes impossible.
The “accidental” payment
Fraudsters have developed multiple tactics to intercept payments or to pose in ways that convince app users to pay them directly. The Better Business Bureau recently detailed a new scam in which fraudsters send messages asking for the return of accidental payments after having made deposits into their victims’ accounts. Once the victim checks the account and notices these payments — which were actually made using stolen credit cards — the victim returns the money, by which point the scammer has switched out the stolen credit card credentials with their own card details. The fraudster then receives the stolen money, and the victim is liable to pay once the owner of the stolen card files reimbursement claims.
If you receive payment from someone you don’t recognize, do not accept it and do not allow it into your bank account. Sometimes, the scammer will even request a payment from their potential victim. Never send money directly from your bank account to anyone you don’t know.
The phony withdrawal notice
Another tactic involves a fraudster sending an email to a victim declaring that a certain amount would be transferred from a victim’s account, with a phone number to call for the victim to contest the withdrawal. Once the victim calls the number, a scammer posing as a bank phone agent instructs the victim to download an app that grants the fraudster remote access to the phone, at which point the thief transfers thousands of dollars and then hangs up.
If you receive an email like this, you can ignore it. However, if you’d like to double-check, always go “out of channel” to contact the app’s customer support. Do not trust any links, phone numbers or email addresses listed in the original email. Search for the app’s contact information online and only trust what’s provided on their official website.
A friend in need
Scammers have also been posing as friends, as people in need of financial assistance, as government authorities attempting to transfer stimulus checks, and as businesses offering PPE. Already by April, the AARP projected that $13.4 million had been stolen through payment app scams that involved some component of a COVID-19 ploy.
Just like with the previous scam, your safest bet is to go “out of channel” to contact the person or entity who is requesting the money. A few minutes of research and due diligence can save you a lot of heartache.
Looking toward the future of third-party payment apps
App companies themselves can take steps to protect their users from these fraud attempts. These measures include multifactor authentication processes and secondary validation such as emailed security codes. A study from Microsoft indicates that multifactor authentication can defend against 99.9% of fraud attempts that use stolen login information.
Users can also take a range of steps to enhance their security and protect against potential scams. A recent study from data analytics firm FICO discovered that only 37% of Canadian bank customers change their passwords for different accounts, and 22% of survey participants use only two to five unique passwords across their online accounts. With this information in mind, the top suggestion for account security is to manage account hygiene by implementing unique passwords that are hard to guess. You can also use a password manager to ensure that every account has a unique password without having to memorize them.
App users should also be suspicious of any requests for transfers from strangers or suspicious accounts. In the event of suspected fraudulent activity, users should immediately report this to the app’s security teams. While money transfer apps are convenient, they do not offer the protection and FDIC insurance that accompany conventional bank transfers, so, as with any type of online payments, users should remain vigilant and wary.