Cyber Security Awareness Month – Payment Apps

Electronic money. Digital cash. Instant money. Peer-to-peer payments. There are a lot of ways to describe the electronic transfer of money from one person to another. And in the digital age there are many apps that allow you to transfer money almost instantly. Did you think the crooks wouldn’t notice?

Because of the COVID-19 pandemic more and more people are using these money transfer apps to do their banking. And the simple fact is that they are not as safe as they should be. And certainly not as safe as apps the banks offer. The use of cash transfer and payment apps has exploded. Unsecure and fast growth is all the crooks need to know.

According to data from the security firms Sift and Chargeback Gurus. Payment apps fraud rates are three to four times higher than traditional payment methods such as credit and debit cards.

The primary reason that this fraud is taking off is how easy it to use these apps. To create a Cash App account all you need is an email address. For Venmo all you need is a phone number. This simplicity has made it easy for thieves to set up accounts and to send requests for money to other users. Something that was not possible with traditional bank payments.

The app’s speed and ease of use, compared to the two or three days needed for a standard bank transfer leaves these payment services with nearly no time to detect whether a transaction is fraudulent or not.

Frank McKenna, chief fraud strategist for the PointPredictive said, “Fast payments equals fast fraud. The apps “are super convenient for customers but that also makes them ripe targets,” he said.

Of course Square, PayPal and Zelle won’t discuss fraud rates. PayPal takes steps to “limit potential fraudulent activity and mitigate any customer impact,” a spokeswoman said without addressing if the company had seen more cases of fraud.

Banks seem to have better grip on fraud prevention. Zelle, which was founded by a group of banks, seems to be dealing with less fraud. According to security experts Zelle seems to have more stringent authentication requirements for new users and more legal protections in case of loss.

“Protecting consumers from abusive scams and fraud is a top priority for Zelle,” said Meghan Fintland, a spokeswoman for Early Warning, the company that runs the app.

But for users of the Cash app there is reason for concern. According to Apptopia people using the app on a daily basis grew by 59 percent over the past year. But a more frightening statistic is that the number of fraud or scam incident has risen by 165 percent.

The Better Business Bureau also reported that it had received more than twice as many complaints about Cash App as Venmo over the past year. But according to Apptopia Venmo has twice as many users as Cash App.

In case you didn’t know Cash App is a Square service and Square is controlled by the CEO of Twitter Jack Dorsey. Cash App has become its largest source of revenue. In the second quarter, the app generated $1.2 billion of Square’s $1.9 billion in revenue.

But security experts are saying that Cash App is more vulnerable to fraud in part because of how it handles customers. Until recently Square only offered email support for the app. There was no customer support phone number to call. As a result some customers fell for fake help line numbers. By comparison Venmo has a chat line on its app that customers can use for a quick response.

Square spokeswoman Lena Anderson said the company was “aware that there has been a recent rise in scammers trying to take advantage of customers using financial products, including Cash App. We’ve taken a number of proactive steps and made it our top priority.” Anderson added that Square began rolling out a phone line for certain customers on Oct. 6. It plans to make the phone line available to all customers over time.

Another problem with Cash App is that it may vulnerable to fraud because of the way it was Square built the business.

Square’s 2017marketing campaign, called “Cash App Fridays,” gave money to Twitter users who post their so-called $Cashtag or username. Security experts said this became a directory of Cash App users to victimize.

“It gives scammers a ripe opportunity,” said Satnam Narang, a researcher at the security firm Tenable who has written about the fraud on Cash App.

Cash App’s popularity for fraudulent schemes is evident by listings on dark net forums and markets where criminals gather to do business.

In August, Cash App was mentioned 10,577 times on dark net forums, up 450 percent from a year earlier, according to an analysis by the security firm Sixgill. Listings for Venmo and Zelle rose around 50 percent on the dark net in the same period.

Bottom line that cash payment fraud is rampant. Yes, some apps are more vulnerable than others. But just because you don’t use that particular app does not make you immune.

Don’t fall for money transfer scams

To avoid falling for transfer app fraud and other types of online money-transfer scams, there are certain things to remember:

• Never disclose your personally identifiable information online, through social media or over the phone. Scammers lurk on social media platforms like Instagram and Twitter.
• Avoid direct messaging with strangers promising to reward you with a cash prize.
• In the event that you get an email or text message announcing you’ve won a prize or reward but need to send money first, don’t click on any links.
• Never agree to send someone money or make a purchase in return for a payment or reward.

Finally, keep your sign-in code private. “No one representing Cash App will ever ask for your sign-in code over the phone, on social media, or through any other medium. If you believe that you have fallen victim to a phishing scam, please change your Cash App PIN immediately and report the incident,” Cash App warns its users.

Now you know