Posts

Payment apps, like Venmo, Apple Pay, Zelle and even Facebook Messenger, are used by over 90 million Americans, but are they actually secure? This touch-of-a-button technology lets you use actual funds from your bank account or your credit card to send money instantly to friends, family and retailers.

At first glance, some consumers might be a little reluctant to install and use a payment app. After all, anyone who gets a hold of your smartphone could wipe out your bank account, at least in theory. There are safety protocols in place – like two-factor authentication and one-time use PIN numbers – that help make these apps possibly safer than traditional payment methods. A lot of consumers have their smartphone on them at all times and treat it with the utmost safety concerns, so having payment information stored on their device might not seem all that farfetched.

Remember, convenience and security come with a price. Scammers have already victimized payment app users in a variety of ways including in-person scams and account takeover. Before using payment applications, it’s important to understand how to protect yourself.

Lending Your Phone

In this era of always-connected activity, everyone has a phone, but there is still the occasional instance when someone might ask to borrow your device. Many of us might not think anything of it, but when you allow access to your device you are opening up the door to your payment apps. Scammers have been known to ask to use strangers’ phones to make a call, but instead open payment apps and send themselves money.

You can avoid this one—and still be a generous person—by always logging out of your payment app when you are not using it. Also, if someone does need to make a call or send a text, dial the number for them before handing over your phone.

Scams

According to Javelin, more than $500 million was lost overall to fraud in 2017 involving a variety of peer-to-peer payments. Remember, all payment options are storing your information and are vulnerable to attacks. One woman had $9,000 debited from her account in increments after a thief gained access to her login. Plus scammers could ask for payments via app to eliminate traceability.

Never send money to individuals you don’t trust or who claim to be a business or government agency; many peer-to-peer transactions are instantaneous and irreversible.

Be sure to also not receive money from individuals you do not know as scammers will try to take advantage of you. As described in this article, “If it turns out that there’s a problem, the payment will be reversed, and you’re responsible for that money. If you haven’t used the funds, Venmo will take the money back. If you already spent the money, you’ll need to replace it.”

Enhanced Security

No matter which app you choose, make sure you have enabled all the security features you can. If the app offers one-time PIN numbers or multi-factor authentication, for example, use them. This can keep hackers from accessing your login credentials and stealing your money.

Remember, access to all of your accounts usually starts with your email address or social media accounts. You have to make sure that you are using solid password hygiene on all of your accounts in order to minimize risk of hacking.

With every new type of technology, there are undoubtedly criminals out there who have found some way to take advantage of it. Practice good security protocols that protect your tech tools and be ready to adjust your usage to fit the latest scam reports.

Don’t fall for fake phishing emails or websites asking you to “verify your login.”


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Phishing scams are a low effort way for scammers to trick consumers into revealing personal information. Communication from payment platforms can be convincing with a Stripe email now making the rounds.

Phishing scams have been around for years, and with the ability to send out millions of phony emails a day, scammers don’t have much legwork to do. All they have to do is send a plausible email, get you to click the link or follow the instructions, and their work is done. One widespread form of attack involves pretending to be a high-profile company like Amazon, PayPal, or your bank in order to trick you into following their instruction and landing in their trap.

The latest front for this type of phishing attack is mobile payment company Stripe. Many small business owners, charities, and everyday consumers rely on Stripe for processing everything from payments to donations to cash from friends or relatives. The “Stripe” email claims that your account has been compromised and any money you are expecting will not be transferred to you, scammers hope to lure you into clicking and entering your info.

See real example sent to an ITRC employee:

An email typically with a subject line, “Stripe: deposit will not be made to your bank account,” has been circulating and frightening the site’s users, so much so that the company issued a scam watch statement. This post tells users what to do if they receive a strange communication that appears to come from the company. For instance, misspellings in the message or uncapitalized use of the company name are some red flags, as is an unknown email address or one that does not include the “stripe.com” domain name. Other telltale signs are listed in the website’s post.

There are some steps that tech users can follow to protect themselves from this kind of low-tech crime.

  • Never click a link, open an attachment, or download a file in an email or message unless you were specifically expecting it; even if you think you recognize the sender, it is a good idea to verify it with the sender first.
  • Next, never submit any kind of sensitive information based on a communication about your account. This includes usernames, passwords, account numbers, or any other details. Instead, go directly to the company’s website and log into your account. If there is a problem, it will be visible on the screen.
  • If all else fails, contact the company directly using a verified phone number or email address.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.