Blog Post

SUMMARY

Fraud using payment apps continues in financial institutions across the country. Accountholders are scammed into providing their online banking usernames and passwords resulting in unauthorized EFTs (electronic fund transfers) from their account via P2P (peer-to-peer) or payment apps like Zelle, Apple Cash, Venmo, and others by the bad actor.

Many consumers never used a payment app but are tricked into divulging their credentials to the bad actor who then cleans out their account through a payment app that was never set up by the accountholder. Some financial institutions offering Zelle, or another payment app, were hit with scams shortly after introducing the service to their accountholders.

MembersAlliance Credit Union does not currently offer these P2P services through direct partnership, but members could still be able to access using card information. Most people are unaware there is virtually no recourse for consumers to recoup losses due to fraud.

HOW FRAUD ATTACKS ARE OCCURRING

Most of the scams consist of pure social engineering – sending out false information and scare tactics to accountholders. The scammer uses false information and representations to trick accountholders into divulging their online credentials and/or card information.

• Online Banking Attacks

The bad actor or the accountholder signs into online banking. Once in the account, the bad actor or accountholder will send an ACH credit or a card transaction out of the account. In this case, if the bad actor is performing the fraud by obtaining the username and password, they can move the money out.

To help combat this scam, some financial institutions use out-of-band authentication, using a communication channel separate from the primary communication channel, in which a notification is sent to the accountholder’s mobile device to approve a transaction or account password change.

Scammers have circumvented this security control by contacting the accountholder again pretending to be the financial institution to have the code repeated to them. The money is going out either using ACH credit or a card number.

• Download Payment App Attacks

This fraud attack involves the accountholder downloading the payment app and sending the money out using either their account number or card number. Alternatively, the accountholder was called or phished and believed the call or text message came from their financial institution and in response, sent the funds out. In most cases, the bad actor is downloading the payment app and using a debit card number to obtain the funds. This type of unauthorized fraud is considered a card-not-present authorization and can be charged back to the payment app company. If the bad actor used the account number, it is ACH fraud.

STEPS TO HELP PREVENT FRAUD

Although MembersAlliance does not currently offer a direct partnership to use a payment app, members using debit card information or possibly using them elsewhere should be aware of potential fraud and security risks, and that often times accountholders are not reimbursed for financial losses due to fraud. When the accountholder authorizes a transaction, it is gone for good with no recourse.

1. Payment apps should be used for friends and family only, or someone you know. Once the money is gone, it is gone!
2. Be cautious of being scammed by persons impersonating your financial institution. If we contact you regarding suspected fraud, we will not ask your card number or account number, but reference the specific suspected transaction to verify legitimacy or fraud.
3. Hang up, look up and call back. If you are concerned or suspicious of speaking with someone claiming to be from MembersAlliance, let them know you will be hanging up and calling our main number 815-226-2260 and asking to reconnect with the individual employee to discuss further.
4. NEVER verify or give out online banking username or password to ANYONE.
5. Be aware that bad actors may spoof the financial institution’s phone number. It is still okay to hang up, look up the proper number, and call back.