“I rob banks because that’s where the money is”, a quote once attributed to bank robber Willie Sutton, is helpful in understanding the risks of consumer loss in electronic fund transfers.
Consumers are growing more comfortable with electronic fund transfers. Because “that’s where the money is”, criminal elements have also capitalized on weaknesses in security of those transfers.
CBC News’ Go Public facility has recently focused on numerous tales of consumers defrauded using e-transfers. In one, a Manitoba consumer lost the $3,000 he sent to a contractor, when the contractor’s e-mail account was hacked and the hackers were able to correctly answer the security question (“What is your wife’s name?”) with a simple glance at Facebook. The financial institution said the consumer was to blame.
In another, a Toronto contractor had his e-mail hacked, and e-transfer payments to him were redirected into a different account. Each story contains numerous other examples of consumers being defrauded and financial institutions unable or unwilling to intervene.
The victims argue that the banks promote that transactions are safe and secure, while the smaller print in online agreements undercut that security.
The banks note that password-based security can be disarmed if the body of the email contains the password, or if the password is sent in a separate e-mail to the same hacked e-mail address.
TD-Bank’s online resources note that the e-transfer sender has some key responsibilities, including “an effective security question and answer that isn’t easily guessable, and is known only to the sender and the recipient…..this means avoiding easily obtained or guessable information like names, birth dates, places of employment, etc..” The site notes the Federal Get Cyber Safe campaign offers tips on how to protect money online. The bank also recommends reporting scams to local police and the Canadian Anti-Fraud Centre.
Interac notes that its e-Transfer transactions cannot be reversed once a recipient has deposited the funds, and recommends only using the service with people you know and trust “the same way you would with cash.” It also describes some of the common scams that deceive consumers into providing personal information or cash, such as false classified ads, unsolicited job offers, threatening messages from the CRA, fake transfers and “phishing” scams.
The CBC report also quotes security and risk management experts about the shortcomings to Canadian systems. Measures such as “two-factor authentication” (which only allows a user to log on to an account once they receive a code on a separate device or an e-mail at a different address) could reduce fraud. Others noted payments could not be intercepted if they were bank-to-bank and avoided e-mail altogether.