Have Fraudsters Found the Keys to Unlock Zelle?

Zelle, the revolutionary new app that allows you to send and receive money directly from your bank, launched with much fanfare earlier this month.  The app was launched as a partnership between EWS and the largest banks here in the US to kill Venmo.   The standalone app allows you to connect both your bank account and debit card to send funds.

Unlike Venmo which requires users to cash out their balances at the end of the day, the app promises “instant access to your funds” which can be appealing when you need your money right away.

This instant access is both appealing and scary at the same time.  As a consumer, it means I can get my funds right now.  But so can the fraudsters.

Fraudoption Is Always High With Instant Payments

As we know, fraudsters are always the first to adopt new technology around faster payments.  I call that phenomenon – Fraudoption (Fraud + Adoption).   How quickly fraudsters adopt the technology is determined how quickly they can figure it out, and then how quickly can they get paid.

If the Reddit chat boards are any indication of fraudsters activity, it appears that there are signs they might be having some success.

In the last 24 hours, multiple messages have appeared where fraudsters are communicating about Zelle.

Zelle is a Money Machine Right Now.. Spartanfox

The messages appear to indicate that fraudsters are looking for “bank drops” which are accounts that are opened with fraudulent credentials.  These bank drops enable the fraudsters to receive money from stolen accounts.  They essentially act as mule accounts which can be used by fraudsters to gain access to funds.

And it appears that there are quite a few fraudsters willing to split proceeds either through Bitcoin or wire transfers.

Since the app allows consumers to link their bank accounts as well as debit card accounts, it’s unclear where fraudsters have found the exposure point.  I tried to test the enrollment process with my own Zelle app which I downloaded here – Zelle Pay.    I was unable to hook up any of my accounts to the app at the time.

Instant Payments are Never 100% Secure

If in fact, it took less than 2 weeks for fraudsters to turn yet another instant payment service into a “money machine” it just goes to show that fast money always equal fast fraud.  This has happened time and time again and no secure payment system is impenetrable against fraud.  Even Apple Pay launched with problems a couple of years ago.

You cannot rely on technology alone to prevent fraud.  Keep your eyes on the fraud, and always remember Fraudsters are always the first to adopt convenience.

I will certainly be monitoring this and see what develops.

Update **October 7th **

I read a post from Reddit yesterday that sheds more light on the method fraudsters were using to expose Zelle.  It also appears that Zelle has closed down that loophole.

In a Post Called “Is the Zelle Method Burnt?”,   it appears that fraudsters were taking advantage of a loophole which allowed them to register a phone number and receive the activation code that wasn’t associated with the debit card.  Fraudsters could enter their own number and it wasn’t checked.

That loophole appears to have been closed.  So the fraudsters are moving on.  What’s next?  Venmo?  Square?

 

I am Frank McKenna, a fraud expert from San Diego. The views and opinions expressed here are entirely my own and do not reflect those of Point Predictive.