Beware of Zelle Scams
By now, most users are aware of the security weaknesses of payment systems like Venmo and PayPal: you should only send money to people you know, you shouldn’t use it to buy products or services, and you should definitely not use it to receive payment. from people you don’t know who can simply reverse the transaction before it completes. It turns out that the Zelle payment system, recently adopted by banks to compete with Venmo, also has serious vulnerabilities.
Some of the key factors that make Zelle more attractive than its competitors are its use by some of the largest banks including Bank of America, Citi, and JPMorgan, as well as the speed at which it sends money, according to a New York Times report. – make it very vulnerable to fraud.
“On-net money transfers often happen within seconds — much faster than most competing payment services,” the Times reports. “This made it harder for banks to stop or cancel illegal transactions.” And it doesn’t always inform customers about transactions, which means you might not know that something fraudulent is happening until it’s too late.
In addition, the system requires an email address or phone number to send money. According to anecdotes in Times history, this allows scammers to register with your phone number and receive money transfers for you. Security measures vary from bank to bank, and some of them do not notify customers “when new recipients connect to their Zelle accounts.” While Zelle states that customers are not responsible for fraudulent activities, it does not believe that customers who “knowingly” send money are fraudulent, even if the intended recipient does not receive the money. Its website states that neither Zelle nor the banks that use it offer security programs .
Some of the scammers are much more sophisticated. Here’s what happened to Jane Butler, a Wells Fargo client in Downingtown, PA, as reported by the Times :
The deception was carefully thought out. First, a phishing email that was apparently sent to Wells Fargo caused her to enter her bank ID and password into a fraudulent website. The next day, Miss Butler received a call from Wells Fargo’s Fraud Department. The number she saw on her phone screen matched the phone number on the back of her bank card, but it was not her bank on the other end of the line. The call was forged .
The caller tricked her into handing over one-time passcodes that provided access to Zelle, which was then used to make six transfers from her account, ranging from one penny to $ 999.98. Wells Fargo reimbursed Miss Butler for her loss.
Others are pretty standard for P2P payment services: One woman thought she was buying concert tickets, but after she transferred the money, she was noticed by the “seller” (never send money until you have the item in your hands). In another case, scammers accessed someone’s online bank account and used Zelle to transfer money from the account.
Whether or not a customer gets a refund for the stolen funds depends on the bank and the situation.
The Times reports that the size of the problem is unknown, “because Zelle is fairly new and banks do not report much data on it.”
Other peer-to-peer payment processors such as Venmo and PayPal have faced similar issues, and in fact PayPal (which owns Venmo) recently settled a lawsuit with the FTC over its security measures.
One security measure that can be helpful in case someone gains access to your account: connect the apps to your credit card, not your bank account. You are better protected and you can reverse transactions if needed.