May 20, 2019
Authentication Myths | Our Voices Never Age
Did you know that like the rest of your body,…
With convenience on the mind of most consumers, peer to peer payment apps are making it easy to transfer money to friends, family, or acquaintances. The money-transfer market is dominated by Venmo and Paypal, however, Zelle is quickly catching up, offering an alternative that is backed by U.S. financial institutions. Zelle is known for its pervasive nature, as a natural extension to a consumer’s existing mobile banking app and the speed it is able to offer funds transfers from account to account directly. This differentiates from Venmo, Square (and even Paypal) that have elements of a “mobile wallet,” which can be seen as more of an ‘escrow account’ before your money clears the transfer. Zelle is quickly disrupting the money-transfer space.
The almost frictionless enrollment and speed that Zelle supports financial transfers has exposed some potential misuse patterns. As the New York Times found, the perks embedded into Zelle are not only attracting customers, but criminals as well. Fraudsters are taking advantage of the system to drain the bank accounts of unsuspecting Zelle users – or nonusers. Some victims of Zelle fraud had never used, or heard of, the money-transfer application prior to the discovery of an empty bank account. So, what makes Zelle so susceptible to fraud?
In efforts to catch up with Venmo and Paypal, many banks moved quickly in implementing Zelle. Normal security processes may have been reduced in an effort to provide a more frictionless experience, with some banks implementing Zelle with reduced protections, like no two-factor authentication or behavior monitoring, to send a payment. Additionally, within the Zelle network, checking accounts are linked directly to other checking accounts – allowing the transfer to be completed in seconds and making it difficult to reverse fraudulent transactions.
Venmo and Square both rely on unique usernames to initiate transfers, whereas Zelle operates under either a user’s phone number or email address. If a single phone number happens to be tied to two (or more) individuals, transfers can easily be sent to the wrong person. If this were to happen, and the transfer was initiated and unknowingly sent to the wrong person, the bank may not have to refund the claim, because the bank may not be obligated to intervene.
Peer to peer payment apps can provide a fast and convenient way to send money, but that convenience may come with a price. The vulnerabilities present in sending money this way is akin to sending cash in the mail. The convenience is alluring but the risk may be higher. App users should use caution when sending money to any unknown parties, and try to set up alerts to be notified of any transfers. Financial institutions should be on high alert for password reset requests coming through the call center, as this could be an early indicators of fraudsters attempting account takeover of your Zelle app to send themselves your money.
It is clear that users see enormous value from the convenience provided by Zelle’s frictionless and near instantaneous support of direct funds transfers. Let’s make sure that the value and convenience that this service offers are not also being offered to those with mal intent to misuse this service.