As a frequent PayPal user, I wasn’t surprised to see a payment request on the app pop up. But when I read it, I knew something was wrong.
In the message, a stranger asked me to send them $699 to get a “refund”.
While I instantly recognised the request as fraudulent, I still felt vulnerable; I didn’t immediately see any obvious way to flag the request as a fraud, and with one click, I could have accidentally sent this stranger a huge chunk of money.
I am hardly alone in my worry over security when using peer-to-peer payment apps.
About one third of people who use payment apps or websites say they are “a little or not at all confident that payment apps or sites keep people’s personal information safe from hackers or unauthorised users”, according to a Pew Research Centre survey published last September.
And an alarming 13 per cent of people who have used PayPal, Venmo, Zelle or Cash App say they have made the mistake of sending money to a fraudster.
Fraud prevention experts recommend these strategies to keep your money safe.
1. Only send money to people you know
Generally, peer-to-peer payment apps are designed to send money between friends — not strangers. If you use them to send money to someone you don’t know, then you put yourself at risk of fraud.
“You shouldn’t send money unless you’ve met people in real life and know who you are sending money to,” says Paul Benda, senior vice president of operational risk and cybersecurity at the American Bankers Association, a trade association for the banking industry.
“If you do that, and you’re careful in terms of what number you are sending money to, these apps can be a convenient, safe and efficient way to move money.”
2. Use cash and credit cards in high-risk situations
If you need to exchange money for goods or services with someone you don’t know, the safest way to do that is through cash or credit cards, says Axton Betz-Hamilton, an assistant professor in the School of Health and Consumer Sciences at South Dakota State University and author of The Less People Know About Us, a memoir about identity theft.
Credit cards, for example, come with fraud protection attached.
“I want that protection, so I don’t use these apps,” she says.
While stolen cash can be harder to recover, it may be covered by homeowners and renters insurance policies (up to your policy’s limit and depending on your policy).
3. Be wary of texts, calls or unsolicited requests
Frauds are often perpetuated when fraudsters send a text, phone call or other kind of message urging you to send money, perhaps claiming you are due a refund or late on a bill.
“Fraudsters continue to get better at what they do,” says Joel Williquette, senior vice president of operational risk policy at Independent Community Bankers of America, a trade group for community banks.
That includes sending emails that are almost indistinguishable from legitimate banking emails.
A cyber criminal might impersonate the Internal Revenue Service or FBI and ask you to send a peer-to-peer payment immediately to satisfy a debt, but Mr Williquette says legitimate agencies will never contact you by text or call your cell phone with an urgent request for money.
“Typically, they will send you a letter,” he says, and they don’t ask for payment through apps or gift cards — another red flag.
From phishing to smishing: know your frauds
A fraudulent payment request sent on a peer-to-peer payment app is “usually for a small dollar amount and might even look like it’s from a friend”, says Eva Velasquez, president and chief executive of the Identity Theft Resource Centre, a non-profit.
Ms Velasquez urges people to verify requests first by double-checking they are sending money to the correct person, and says it is easier to fall for fraud when you are distracted and multitasking.
4. Upgrade your cyber hygiene
Enabling two-factor authentication on financial accounts, adding a pin lock to your phone and using unique passwords that are at least 12 characters long can help keep you safe, Ms Velasquez says.
In addition, she suggests setting your app privacy settings to the most private option to minimise the amount of information about you that is publicly available.
5. Flag fraud attempts
According to PayPal, if you receive a payment request like the one I got, you should cancel the request without paying.
Additionally, you can take a screenshot and forward it to email@example.com.
PayPal adds that you should not reply, open links, download attachments or call any phone number included in the request.
If you mistakenly disclosed any financial or personal data to a swindler, PayPal says you should change your password immediately, alert your bank and report any unauthorised payments to PayPal.
In my case, I cancelled the payment request and never heard from my would-be fraudster again.
With enhanced security steps in place, I plan to continue to take advantage of the convenience of PayPal and other payments apps — and now I know what to do next time I get an unsolicited payment request.