by Dave Moore, CISSP, 03/14/2021
I was disappointed today by an email I received from my bank extolling the sketchy virtues of the money transfer service called Zelle. They were practically giddy in their excitement at how being separated from my money was now “fast and easy,” if I would only use Zelle.
Like other “peer-to-peer” money transfer apps, Zelle is designed to help users avoid the horribly tedious, tiresome and time-consuming bother of carrying and using burdensome credit cards, old-fashioned bank checks, or the ultimate ancient-history way of paying for things: actual cash. No, everything needs to be done using services like Zelle, and they would prefer those things be done using the least secure device we all own: a smart phone.
The problem with my bank’s visionary thinking is that “fast and easy” services like Zelle also make crime fast and easy for scammers, fraudsters and other modern-day crooks. I wrote about this dilemma last year in a column titled “New scams and identity theft, Part One: Zelle,” dated February 23, 2020, which may be found on the Norman Transcript website.
The Better Business Bureau also wrote on the subject last September, in a column titled, “BBB Scam Alert: Avoid peer-to-peer payment scams on PayPal, Zelle, Venmo, and others.”
I suggest you find and read both both columns; I especially hope those in the banking community will also read them, and start offering their customers sound advice on how, if you must use money services like Zelle, to do it safely and securely.
For example, my bank has absolutely no information on their website about Zelle safety, or even how to use the service, at all; none. When I searched the site for Zelle, there was one search result that led to a page that simply said, in large letters, “Zelle.” I suppose people are just supposed to start clicking around willy-nilly in the hopes they will figure things out on their own, that the service will do what they want it do, and do it in a safe manner, when, in reality, they won’t have a clue as to what they’re actually doing.
Both my column and the BBB’s column describe in detail how easily scammers and Internet crooks can trick people out of their money using Zelle. It’s a serious situation, nothing to be downplayed or dismissed. With that in mind, I decided I needed to take my own advice given in my 2020 columns by calling and using my phone to actually talk to someone at my bank, using my voice, asking that my accounts be disconnected from any possibility of being used with Zelle.
When I explained to my bank what I wanted to do, I was at first met with skepticism and resistance. I was told that, even though Zelle was listed as an option on my personal online banking page, the answer was to simply not use it. I replied I wanted the option removed, so there was no possibility of enabling Zelle in association with my bank account. I was told the Zelle option was built into the online banking portal for everyone, and it probably could not be removed “just for one person.” This did not make me feel very special as a customer.
Nevertheless, I persisted in my request. I was told they would ask the appropriate department about my situation, and call me back. Ten minutes later, my phone rang; it was my bank. Much to my delight, I was informed the Zelle option could indeed be disabled for individual online banking portals, and they had done so to mine, fulfilling my request. I thanked them very much, and marked that one off my list of potential security risks.
The Better Business Bureau website has a great page at bbb.org/scamtracker called BBB Scam Tracker. It shows a map of the United States, and lists various scams that have been reported to them going back six years. You can zoom in on different parts of the country, and learn about specific scams in specific areas. They show 2,090 scams involving Zelle occurring since March, 2020, and those are just the instances reported to the BBB.
The New York Times reports payment apps like Zelle, Venmo and Cash App “have long had fraud rates that are three to four times higher than traditional payment methods such as credit and debit cards.” It’s time to stop trusting financial apps just because your bank gets paid to promote them, and treat them with the caution they deserve.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com