When your last $166 vanishes: ‘Fast fraud’ surges on payment apps

Charee Mobley, who teaches middle school in Fort Worth, Texas, had just $166 to get herself and her 17-year-old daughter through the last two weeks of August.

But that money disappeared when Mobley, 37, ran into an issue with Square’s Cash App, an instant payments app that she was using in the coronavirus pandemic to pay her bills and do her banking.

After seeing an errant online shopping charge on her Cash App, Mobley called what she thought was a help line for it. But the line had been set up by someone who asked her to download some software, which then took control of the app and drained her account.

“I didn’t have gas money and I couldn’t pay my daughter’s senior dues,” Mobley said. “We basically just had to stick it out until I got paid the following week.”

In the pandemic, people have flocked to instant payment apps like Cash App, PayPal’s Venmo and Zelle as they have wanted to avoid retail bank branches and online commerce has become more ingrained. To encourage that shift, the payment apps have added services like debit cards and routing numbers so that they work more like traditional banks.

But many people are unaware of how vulnerable they can be to losses when they use these services in place of banks. Payment apps have long had fraud rates that are three to four times higher than traditional payment methods such as credit and debit cards, according to data from the security firms Sift and Chargeback Gurus.

The fraud appears to have surged in recent months as more people use the apps. At Venmo, daily users have grown by 26% since last year, while the number of customer reviews mentioning the words fraud or scam has risen nearly four times as fast, according to a New York Times analysis of data from Apptopia, a firm that tracks mobile services.

Driving the surge is the apps’ ease of use. People need just an email address to create a Cash App account and a phone number to make a Venmo account. That simplicity has made it seamless for thieves to set up accounts and to send requests for money to other users, something that was not possible with traditional bank payments.

The apps’ instantaneous transactions — compared to the two or three days needed for a standard bank transfer — have also meant that Venmo and Cash App have less time to detect whether a transaction is fraudulent.

“Fast payments equals fast fraud,” said Frank McKenna, the chief fraud strategist for the security firm PointPredictive. The apps, which are sometimes known as peer-to-peer payments services, “are super convenient for customers but that also makes them ripe targets,” he said.

Square, PayPal and Zelle do not disclose the rate of fraud on their apps. PayPal takes steps to “limit potential fraudulent activity and mitigate any customer impact,” a spokeswoman said, but she did not address whether it had seen more cases of fraud.

Zelle, which was founded by a coalition of banks, appears to have experienced less fraud because it has more robust authentication for new users and more legal protections in case of loss, security experts said.

“Protecting consumers from abusive scams and fraud is a top priority for Zelle,” said Meghan Fintland, a spokeswoman for Early Warning, the company that runs the app.

Of all the payment apps, fraud issues have been particularly acute for Square’s Cash App. As the number of people using the app daily has grown 59% over the past year, the number of reviews about it that mention the words fraud or scam has risen 165%, according to Apptopia.

The Better Business Bureau also said it had received more than twice as many complaints about Cash App as Venmo over the past year. That is significant given that Venmo has twice as many users as Cash App, according to Apptopia.

Lena Anderson, a spokeswoman for Square, said the company was “aware that there has been a recent rise in scammers trying to take advantage of customers using financial products, including Cash App. We’ve taken a number of proactive steps and made it our top priority.”

Square, which is led by Jack Dorsey, who is also chief executive of Twitter, introduced Cash App in 2013. While the San Francisco company was founded as a payments platform for small businesses, Cash App has become its largest source of revenue. In the second quarter, the app generated $1.2 billion of Square’s $1.9 billion in revenue.

But Cash App has been more vulnerable to fraud partly because of how it handles customers, security experts said. Square has until recently offered only email support for the app, not a phone number for its customers to call. That led some customers to fall for fake help line numbers, like the kind that Mobley confronted. Venmo, in contrast, has a chat line on its app that customers can use for a quick response.

Anderson said Square began rolling out a phone line for certain customers Oct. 6. It plans to make the phone line available to all customers over time.

Cash App also appears to be more prone to fraud because of how Square has built the business, industry analysts said.

In 2017, Square began a marketing campaign called “Cash App Fridays,” which gives money to Twitter users who post their so-called $Cashtag or username. The campaign, security experts said, provided fraudsters with a phone book of potential victims.

It also led to copycat campaigns, where people claim to work for Cash App and say they will give away a large sum of money if users first send in a smaller sum. One Twitter account, @CashappG, has been online since 2019 with the tagline: “Hi welcome to Cash App give away! Send money and we will send you double back!”

“It gives scammers a ripe opportunity,” said Satnam Narang, a researcher at the security firm Tenable who has written about the fraud on Cash App.

Source: Read Full Article