With financial payment platforms used more regularly to exchange cash between individuals, scammers have become more creative in using them to defraud users. Today’s guest is John Breyault. John is the National Consumers League Vice President of Public Policy, Telecommunications, and Fraud. As the director of Fraud.org, John is a nationally recognized expert in fraud, with more than 17 years of experience in educating consumers in advocating for stronger consumer protections at the federal, state, and local levels. He is the author of Fraud.org’s monthly Fraud Alert emails and NCL’s bi-weekly Data Insecurity Digest. He has testified before Congress, federal regulatory agencies, and state legislatures dozens of times about fraud related topics. He is quoted regularly in the press about fraud including The New York Times, Wall Street Journal, and Washington Post.
“The features of peer to peer payment platforms that are attractive to users are also attractive to scam artists.” - John Breyault Share on XShow Notes:
- [1:10] – John shares his background and current roles with the National Consumers League.
- [3:02] – John has been working in consumer advocacy for over 20 years.
- [4:27] – What are peer to peer payment platforms? Venmo is the most commonly used.
- [5:53] – The features of peer to peer payment platforms that are attractive to users are also attractive to scam artists.
- [7:46] – John shares the trends in what scammers have been using to get money through Western Union, Green Dot cards, and gift cards.
- [9:32] – More needs to be done to make security a priority.
- [11:09] – John explains the difference between credit card transactions and peer to peer payment platforms.
- [12:16] – With peer to peer platform fraud, banks can’t do anything about it due to a loophole in the law.
- [13:38] – When this type of fraud is much more painful to experience than credit card fraud.
- [14:44] – A huge appeal to these platforms is that they are free. But security needs to be improved.
- [17:09] – There are a couple of regulations related to the connection of Venmo to a bank account.
- [19:19] – The responsibility has been put on users and victims to monitor and fight back against fraud.
- [21:47] – Scammers are very adept at creating a sense of urgency.
- [23:38] – John shares an example of how this sense of urgency can fool anyone.
- [24:34] – Cryptocurrency is the next focus of attention for those trying to prevent fraud.
- [26:40] – These trends tend to follow a pattern.
- [28:09] – One of the problems in tracking scam trends is the way data is collected.
- [29:23] – We need to change how we talk about fraud victims.
- [31:28] – Scams are run as a business these days, which make them much more convincing than in the past.
- [34:15] – With most overseas scams, the likelihood of getting your money back is slim.
- [35:50] – As a business, think about how you can make peer to peer payment apps as safe as possible?
- [37:35] – John shares an example of Venmo transactions that are protected and those that are not.
- [40:07] – A legitimate business will accept payment in other ways than only peer to peer apps.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Fraud.org
- National Consumers League Website
- John Breyault on LinkedIn
Transcript:
Can you give myself and the audience a little background about who you are and what you do?
Sure. I work for the National Consumers League. At NCL, I am a Vice President of Public Policy Telecommunications and Fraud, which is the world's most complicated, long title. What I spend most of my time doing is running a campaign we have called Fraud.org, which has been around since the 1990s, and it's all about educating and empowering consumers to spot the warning signs of fraud and avoid becoming victims.
In addition to education, we also work with more than 200 law enforcement and consumer protection partners to share the complaints that we get from consumers. We also advocate on their behalf in Congress, state legislatures, and before federal agencies for policies that better protect us. Fraud is a problem that we are not going to consume-educate ourselves out of. It's going to need stronger consumer protection laws. It's going to need businesses to be incentivized to do the right thing to make sure their services don't get misused by scam artists.
In addition to that, I also do a lot of public policy advocacy on behalf of consumers, everything from financial services issues to data privacy and data security legislation, and then I get to work on fun projects like why does buying a ticket to a concert cost us so much money and figure out what to do about that. I wear a lot of hats at NCL, but certainly working on fraud issues is one that takes up the lion's share of my time.
That's cool. Was there an incident of fraud in your life or in a family member's life that got you interested in the consumer advocacy, in the fraud realm?
Not really. Not one specific instance. I've been doing consumer advocacy now for over 20 years. I joined NCL back in 2008 and the Fraud.org program had been started by a predecessor of mine at the organization. I took over the program from her and really tried to make sure that we were keeping up with the never-ending new twists on old scams that we're seeing, the new scams that we've never seen before.
Fraud is an area where there is no lack of innovation on behalf of the scam artist. -John Breyault Share on XUnfortunately, as I probably don't have to tell your audience, fraud is an area where there is no lack of innovation on behalf of the scam artist. There's always something new to warn consumers about, some new way that they are misusing—for example, payment platforms—that we need to look at government regulation to fix sometimes by putting pressure on the companies themselves to do the right thing. That's all part of the day-to-day job for me at NCL and as the director of Fraud.org.
That's cool. Let's talk a little bit about the peer-to-peer payment platforms. What are they? How do they work? Then, how are they being abused for fraudsters' benefits?
Chances are, if you're like most consumers, you've probably already Venmo’d somebody to split a bar tab. Venmo is just one of the most well-known peer-to-peer—also known as P2P—payment platform.
Basically, what they exist to do is to facilitate instant or near-instantaneous payments between individuals. They have experienced explosive growth over the past five to six years, particularly during the pandemic, as people have not wanted to do things like exchange cash between each other.
You've seen apps including Venmo, Blocks, or at least we called Square's Cash app. There’s also PayPal's Friends and Family, and the banks have their own product called Zelle. All of these different products exist basically to do the same thing, like I said, to facilitate the exchange of money between people. That's peer-to-peer.
We're also seeing businesses increasingly accepting payment via these P2P platforms as well. Unfortunately, the very things that make these services attractive to consumers, are the fact that they are instantaneous, for the most part, they are free to use, and are easy to use often based on mobile apps. That also makes them very attractive to scam artists.
Having worked on this issue for as long as they have, it's always interesting to see how scammers ultimately glom onto one payment mechanism over another. When I started this work back in 2008, the number one payment method that scammers asked to get paid by was through Western Union or MoneyGram.
That was the one that's been around for 20 or 30 years, is the fraudster payment method of choice.
Exactly. You could easily see why the transfers were nearly instantaneous, almost irreversible. On the other hand, the scammer got cash at hand, which is ultimately what the vast majority of scammers want. They either want to get money itself, merchandise that they can turn into cash, or information they can sell for money.
Regulators like the Federal Trade Commission ultimately started cracking down on Western Union and MoneyGram for not doing enough to do things like train their agents or spot agents who might have been in on the scam. Once that happened, we started to see them get a little more stringent about who they allowed to send money through their system.
The scammers quickly realized this, too, and they started moving on to other payment methods. They're still using wire transfer, but for a while, they were going to these cards called Green Dot cards. Netspend was the name of the entity behind them. They were basically reloadable prepaid cards.
That became the new hotness among scammers to move money around. They would get consumers to go to stores, buy these cards, put on hundreds of dollars, and then give them the code off the back. Same story. A lot of complaints involved at Netspend. The CFPB and the FTC got involved, and the Green Dot card started to go away in terms of a payment method.
What we saw after that was we started to see gift cards become a big thing. I remember the day my colleague who handles all of our incoming complaints came in and said, “John, a lot of people are being asked to pay with iTunes gift cards. I totally don't understand this.”
I said, “That doesn't make any sense to me either,” but we got in touch with Apple. We got in touch later with Amazon, Target and all the other gift card providers and found out that, yeah, indeed, this is the way scammers are asking to be paid. They're telling consumers to go to retail outlets like CVS, Target, and grocery stores, put hundreds of dollars on these cards, and give them the code off the back. That continued for a number of years. It still continues today.
Now what we're seeing are the P2P platforms becoming, really, a payment method of choice. As with all the way from wire transfer to today, the reasons are mostly the same: nearly instantaneous payment, easy to turn it into cash or merchandise that can be turned into cash, and nearly impossible to stop the transaction once it's happened.
This is why I think we are really raising the alarm along with lots of other organizations, that more needs to be done to make sure that these payment platforms actually make security as much a priority as making sure that they have lots of transactions. At the end of the day, that's how Venmo, Zelle, and other P2P platforms make their money: by having large numbers of transactions go into the system. It's fractions of a cent for each transaction, but over billions of transactions, you can see how they would make money doing this.
How does using Zelle, Venmo, or a cash app differ from, let's say, a credit card transaction?
There are a number of ways that they're different. Number one, in a credit card transaction, there are actually three parties involved. There's the sending bank or the issuing bank. That's basically, if I have a credit card, that credit card was issued to me by Bank of America. That's the issuing bank.
There's the merchant that I'm using the credit card at. Let's say Best Buy where I go to buy a TV and there's Best Buy's Bank, which is the receiving bank. When I swipe my credit card, my bank tells Visa that John wants to spend $100 on a new TV. Best Buy gets the OK, give me the TV, and the money transfers probably through Visa again to Best Buy’s Bank.
There are three parties and Best Buy, at the end of the day, is the one who holds a lot of the risk. Not only are they paying a fee for that transaction to the credit card networks, but if it turns out that it's not actually my credit card I was using, it's one that I've stolen from somebody or somehow compromised to buy online, then what will happen is that when the fraud is discovered, the actual credit card holder whose balance just got rung up by this card will dispute the transaction and be made whole. Then Best Buy will have to make the […]. The merchant carries a lot of the risk in that situation.
In a peer-to-peer transaction, on the other hand, you really only have two banks. You've got my bank that I'm sending the money from to the bank of the person to whom I'm sending the money to. There's no vendor or merchant in the middle who really bears the risk. Consequently, what that means is I, as the account holder, am the one that bears the risk.
If I end up sending money to a scam artist—let’s say $500 to somebody who made me think that if I send them $500, I'm going to get a big prize, or they're impersonating the IRS, or some other reason that I need to send the money. I send the money through Venmo, it shows up in their account automatically and then they quickly turn that into cash.
When I figure out it was a fraud and I call my bank to dispute it, the bank says, “I'm sorry. There’s nothing we can do about that.” The reason they can say that is because there's a loophole in the law.
Let's go back to my first example with credit cards. The scammer gets ahold of my credit card, uses it to ring up a bunch of charges, and then I figure out later on, usually because I saw the fraudulent charges on my bill, that there was fraud going on.
That transaction was never authorized by me. It's just somebody who got my credit card number, and I dispute it. And I'm going to be made whole by my credit card company. That happens not out of the goodness of the credit card bank's heart, but because they're required to do so under one of two federal laws.
One is the Fair Credit Billing Act, or the Electronic Funds Transfer Act, which most of the banks have taken even further rather than just a $50 liability limit, which is what the law establishes. They say there's zero liability. Consequently, we all feel very safe using our credit cards. We use them for practically everything.
In the case of peer-to-peer, because I am being convinced to send the transaction to a scammer of my own choice, it's considered an authorized transaction even though it's for fraudulent purposes, so it's not protected by federal law. The banks say, “Sorry, you're out of luck here. There's nothing that we have to do,” and it's the consumer who's left holding the bag.
The problem with that is that when that fraud occurs to an individual like me, a $500 fraud can be the difference between making rent or not. Whereas in the credit card space fraud, the risk for that is dispersed across all the holders of credit cards. You can see how it's a much less secure transaction, but the fraudsters love it because, again, there's no way for them, for the money, to stop once it's been sent.
What we'd like to do is get either law or regulation changed in Washington to basically say that if a fraudster gets in touch with me and convinces me that they're with the IRS, and if I don't send them $500, I'm going to jail—by the way, the cops are already on their way—and I send the money, that I will still be made whole once that happens.
One of the reasons that peer-to-peer has become so quickly embraced by consumers is that it's free. -John Breyault Share on XThe banks hate this because one of the reasons that peer-to-peer has become so quickly embraced by consumers is that it's free. Doing this kind of insurance on these transactions would cost them money and they may or may not have to take a little bit of a cut on that and they really don't like that.
We're working right now. The Consumer Financial Protection Bureau in Washington has indicated that they are interested in this issue. They're going to be looking at it. There's a discussion draft of the legislation in the House of Representatives that would fix that so we're making progress, but this is an issue that I think isn’t going to go away anytime soon. That's not even to say the next thing, which appears to be cryptocurrency, is the way the scammers are starting to look at wanting to get paid in the future. We're fighting this battle today.
Is the common thing, even going back to Western Union, is that there's no either legally mandated dispute mechanism or no systemic dispute mechanism?
You can dispute these transactions with a Western Union, or with the company that you bought the gift card from, or with PayPal, the parent company for Venmo, but they are under no legal obligation to make you whole if you're the victim of fraud. In all of those cases, those transactions fall into that unauthorized versus authorized loophole that I talked about.
It's a fairly simple fix, but the implications of that fix on a lot of companies' bottom lines could be substantial. There are a lot of fights that happen in Washington on this.
I'm trying to think of the process when I set up some of these accounts. Are some of the processes the lack of verification of who you're sending the money to? To me, if I were a bank and Bob walks in and sets up an account and he's getting deposited $50,000 a day and $500 transactions, to me, it would be like, “This is suspicious.” I would do something.
Is there an element on the bank side of these? While it's not Venmo's issue, it's the bank that Venmo is connected to or your own personal bank, is the regulation on that, and that would help consumers?
There is, and that's another avenue we're looking at. There are two kinds of regulations related to the issue you just talked about. One is, to Know Your Customer rules. Banks are required to obtain certain data from consumers in order to allow them to open a bank account. That's usually one of the reasons why when you want to open a bank account, you should have to provide some identification.
Banks are required to monitor large transactions that happen in these banks, but the scammers are very adept at this. -John Breyault Share on XThere are also anti-money laundering rules. Banks are required to monitor large transactions that happen in these banks, but the scammers are very adept at this. They know which banks to target that may not have the resources to monitor transactions or to be as thorough in vetting prospective customers as other banks and they quickly learn where the weak spots are and they exploit that.
What we'll see is that scammers may have an account that they will have open for days or weeks, collect a lot of money, it will be shut down, but then they just go and open another account. It's a constant game of Whac-A-Mole.
In other instances, we found that victims of fraud themselves become ensnared in this, becoming what we call money mules. These are people whose only job is to accept the money into their account and then forward it on to somebody else or use gift card numbers to have merchandise shipped to them at their home and then reship it to somebody else.
I think what this all boils down to at the end of the day is that the scammers are sophisticated. They're sophisticated, networked, and this is all they do. Consequently, they get very, very good at what they do.
When we hear from banks, or regulators, or other people who say, “Well, how could consumers be so stupid to send $500 to somebody or hand over a gift card number? Shouldn't we fix this by making consumers more aware of these things?”
I'm like, “Well, yeah. We should be warning consumers about that, but you're asking people who have lives to try and fight back against this really sophisticated professional network of scammers who are out to defraud them.” Absent smart people at the banks and at the credit card networks and elsewhere are having more of an incentive to fight back against this fraud. We're never going to solve it, and the risk is ultimately going to fall on the people who can least afford the losses, are people like you and me.
With respect to these direct payment or peer-to-peer transfer methods, whether it's gift cards or Venmo, what are the warning signs the consumer should be looking out for, the red flags of maybe this isn't legitimate?
Number one is if someone is asking for payment through a peer-to-peer platform like Venmo, or asking you to go out and put money on a gift card to pay them, that should be a red flag right there. A legitimate business, for example, should never ask for payment in an unusual way like that. Ninety-nine percent of the time, they're going to have a merchant account set up. You can just use a credit card.
I think number two is to recognize that a lot of these imposter scams—we’re talking about the IRS scam, but we see in many other flavors there are things like the grandparents scam or somebody calls and tells you that a loved one has been in a terrible accident overseas and you need to send money for a doctor right away. There are practically limitless variations on those.
The scammers are very adept at creating a sense of urgency in getting you to not ask questions, and to take action quickly. -John Breyault Share on XThe scammers are very adept at creating a sense of urgency in getting you to not ask questions, and to take action quickly. We really caution consumers that if you're in a situation like that, stop, take a breath, and think about what they're telling you. That's often a good way to avoid becoming a victim.
Certainly, there are many other tips. For example, if you're being told that you won a prize, you should never have to pay money in order to get that prize. If you're being asked to pay a deposit on an apartment or a car that you've never seen with your own eyes, that is a big red flag of fraud.
Ask a friend. I mentioned a minute ago, stop and think about this. Stop and ask a loved one. Just do a quick Google search on what they're telling you and then the word scam, and chances are you'll probably find other people who have been in a similar situation. As I said, the scammers are very good at what they do. They seek out people who may be vulnerable and they seek to exploit that.
With data breaches and things like that going on, they can make their pitches sound far more convincing than they really could have in previous years. They may know the names of your relatives. They may know where you live, where you work, or the fact that you've been traveling recently, because so much of this information is available for free online or through the dark web. It's really a Wild West out there for consumers right now.
I've definitely gotten calls from—to me, it's obviously a scammer, but they know it's not surprising that they might know a name. When they start getting things, “We know your address,” is like, I'm like, oh man, there are just more data breaches out there that have exposed enough information to make it harder to determine who's legit, who's not.
Yeah, and we feel, for example, in what are called business email compromise—that’s a broad term—but basically it encompasses imposters who, for example, will know that a boss is out of town because they put on LinkedIn that they're going to be speaking at a conference halfway across the country or in another country altogether.
They know who the accountant is, or the person has the authority to write checks to the organization. This almost happened at our organization. They'll say, “Hey, I'm in Mexico, but I want to do gift cards for the whole office. Can you go out and buy a 100 gift cards, or however many, 10 gift cards, and put $100 on each of them, and give me the code off the back?”
They know that the boss is out of town. They know who the accountant is. The ability to make these pitches sound more convincing than ever is, I think, something that is truly new in the fraud world.
I know that your organization accepts complaints on your website. Are there any new scam trends that you're starting to see arise?
Yeah. I think the cryptocurrency angle is one that we're really starting to key into in terms of where we're putting our resources to educate consumers. What we've seen is that as things like Bitcoin and other cryptocurrencies have exploded in value, interest, particularly among younger consumers in cryptocoin investments, for example, has really gone up.
Consequently, we've seen a lot of scammers who are trying to take advantage of this by running ads promising risk-free investing, as if you are just putting your money into their trading platform while the trading platform ends up bogus and any cryptocurrency that you purchase through it, you can't get out.
There's a tremendous amount of fraud in the cryptocurrency space and we're looking for ways to help consumers understand this, because all you see, obviously this has changed in recent weeks, but when one bitcoin is at $20,000 and going up, it's easy to see how consumers’ resistance to scams involving that might decrease.
Particularly when there is a history of cryptocurrencies having extremely high rates of returns for periods of time, it's not unusual for a cryptocurrency to fluctuate 20% or 30% over the course of weeks or months. When a scammer says, “Oh, yeah. You can get to 10%.” That seems reasonable.
Yes. Particularly at a time like now where we've seen scammers who are keying into economic anxieties about inflation and about potentially a pending recession. We saw this in 2007 and 2008 where things like gold-buying scams suddenly had a renaissance because there's a lot of concern that your investments are going to be worthless and gold is the only place that you can put your money that's safe.
Scammers redouble their efforts to get people to invest in bogus gold EFTs or things like that. These trends do tend to follow the new cycle, and because inflation has been at the top of the news cycle for months now, the scammers are definitely keying into that.
Are there any other kinds of unusual scams that are on the rise?
I think those are the ones I think we're paying the most attention to. While there tend to be new twists on old scams, they do tend to follow a pattern. I'll tell you one thing that is frustrating to me is I often get questions like, “What's the new scam?” Or, “What are the top scams you're hearing about now?”
That points to, I think, a larger problem in the fraud space, which is actually tracking the data. How do you know what's the big problem? Because there are so many organizations out there that attract us, that have your methodologies, who may be wanting to sell you some sort of cybersecurity solution to go with their data as opposed to making you scared, that the estimates are really all over the map.
I consider one of the gold standards to be the Federal Trade Commission's Annual Consumer Sentinel Reports. Those have consistently shown that imposter scams are rapidly increasing, particularly during the coronavirus pandemic. As people have been isolated, their ability to connect to wider social networks to vet the solicitations they're getting has decreased. Imposter scam certainly has become an issue we see there.
At the same time, even that gold-standard report at FTC is based on self-reported complaints. If you actually survey or represent a sample of consumers, you might get a different answer. It's really, I think, one of the challenges in this space is getting consistent data.
I think one of the things we're trying to do as well—and we're not alone in this, I have colleagues at groups like AARP who are on the same mission, too—is really changing how we talk about fraud victims. If you have a chance after this podcast and you want to listen to another great event, my colleague Kathy Stokes at AARP has a fantastic TedTalk about how we're talking about fraud victims.
What she does is look at headlines in newspapers and websites about fraud victims and they often say something along the lines of a local grandmother duped out of $10,000. What a headline like that does is it says, number one, is focusing on the victim and insinuating the victim's culpability with a word like duped. That's how we often talk about fraud and fraud victims in this country, unfortunately. It's often, “How could you be taken in like this? Why are you so greedy to go along with this? How could you be so stupid?”
I think the right way to think about fraud is to focus on the criminals and the crime. -John Breyault Share on XI think the right way to think about fraud is to focus on the criminals and the crime. We're really trying to change how the media talk about fraud, not just because it's the right thing to do, but we hear constantly from fraud victims that when they go to the police, as we advise them to do when they're victims, the police either say, “That's not a local police matter. We don't have the people to deal with that. Why did you do it? This is a civil matter.” None of these are helpful to the victim in their process of recovering from that crime.
We see the prosecutors don't give the fraud the same resources and priority that they should, given what we know to be the extent of the financial losses that happen from fraud. By changing how we talk about victims, we're really trying to change how we deal with fraud in this country from one where it's easy to blame the victim, to one instead where we treat it as the multinational organized crime that it actually is.
I think about the way you frame it with the understanding that a lot of the scams are run as well-oiled, well-funded, well-educated, and extremely well-trained. It's a business. For the most part, it's not some guy sitting in his mom's basement just dialing random phone numbers, hoping he can get a little bit of money out of somebody. They’ve got playbooks. They’ve got flowcharts. They’ve got their weekly training sessions on how to be a better scammer. It's not surprising that people fall victim to it.
Yeah, you go to some of these carding forums on the dark web where they sell compromised credit card numbers, for example, and these guys will actually advertise 24/7 customer service to people because they know that it is that professionalized marketplace, but it's ultimately also a criminal enterprise.
When I started doing this work, the top scam we were hearing about was the so-called Jamaican Lottery scam where you were told that you had a big lottery winning or you'd won the Publisher's Clearinghouse Sweepstakes and all you had to do was send $100 for taxes to collect it. A lot of that was coming out of Jamaica and other Caribbean nations. They had lists of people in the United States that they considered vulnerable to these kinds of scams.
We actually saw reports of gangs in Kingston who were literally killing each other to get access to these lists, which just tells you how lucrative it is that they'd be willing to commit murder in order to get this information. It’s that organized.
I think one of the reasons it can be that organized and that blatant to the fact that, as you said, there are seminars on how to be a better scammer is because it's so low risk. From time to time, we'll see law enforcement do sweeps in places like India, West Africa, or the Caribbean. For the most part, I think the scammers know that it's a crime that they're probably not going to go to jail over, which is why you see them being so organized and blatant.
Sometimes we've even seen call centers in South Asia where there's a legit side of the business. They're doing real call center work for real companies and then there's the other side where it's just a total scam and they can get away with them.
I think that the hard thing to explain to the people that have approached me over the years is that if the person is overseas that has scammed you, the likelihood of you getting your money back—not to say that you shouldn't report it—is pretty slim.
I think that is true and the solution to that, at least from our point of view, is to make sure that the entities who are facilitating the transfer of that money overseas have more skin in the game to spot, catch, prevent that fraud, and to remedy it when it happens.
Right now, unfortunately, what we see far too often is that the first incentive of companies that are in a money transmitter business, whether they're P2P, or gift cards, or whomever, is to make sure that there's nothing that gets in the way of those flows. We talk to them a lot about friction. We don't want to create too much friction because that will slow down the number of transactions that are going through our system.
I think the reason that that is a business incentive for them is, frankly, the lack of regulation. The reason that credit cards are the way they are now—we use them to pay for almost anything—is because they are a trusted payment method. They're a trusted payment method because we know if somebody gets ahold of them and uses it to run up unauthorized charges, we're going to be made whole. I think while taking steps to make P2P or gift card transactions more secure may involve costs, and it will. There's really no way around it.
What we're trying to help banks and other actors in that ecosystem understand is that if you don't take action, you're just decreasing consumer trust. You might be helping your business in the short term by resisting these reforms, but you're hurting long-term consumer confidence in your business. If you want to have a P2P environment that people are comfortable using for decades to come like they are with the credit card space, it behooves you now to think about how you make it as safe as possible.
I think the philosophy that I've always taken and told people is you treat peer-to-peer and these cash apps the way that you would cash. In a sense that you only give off the cash in your pocket to your friends and your family. You don't just give it out to random people that you've never met in person before.
It's a great tip. I would go even further and say don't use these apps for anything but splitting your bar tab or paying the babysitter. Somebody that you have physically laid eyes on and that you can reach out and touch. Anything beyond that, just because of the lack of consumer protections, is an invitation to fraud.
Because there aren't consumer protections in the transaction, is there an increased risk of lack of protection at the bank level, that if Venmo gets compromised and starts issuing unauthorized transactions, is there protection against that sort of thing?
Let's say your Venmo account gets hacked and somebody starts sending out payments to their buddy overseas, then chances are you will be protected under federal law because if you did not authorize that transaction, you will still be made whole. What I think we see more often than that is a social-engineering attack. Consumers are intended to send the money of their own volition even though it's pursuant to fraud. In those cases, it's not covered.
Another instance where it wouldn't be covered is, for example, if you sent it to the wrong person. Venmo has gotten better about verifying who you're sending it to. For a while, all you really need is either a phone number or an email address to send money. If you just mistyped into your app and sent it to the wrong person, Venmo's advice was to reach out and ask for your money back, which there may be kindhearted people who will give you your money back, but there was no obligation that they do so.
That's like going into the grocery store, asking for the store managers and saying, “Hey, I dropped a bunch of $20s on the floor. Did anyone turn them in?”
Exactly. That's a great analogy.
I have no idea what you're talking about. I didn't get any money. I don't have that bill. If it's not someone that you know in person—I have a backstory to this—but you have reason to believe that they are a legitimate entity, but you're not necessarily sure that you've got the right phone number and the right email, is there a way to do this kind of test transaction?
I suppose you could do some de minimis amount of $0.50 or something like that just to test it out to make sure that the right person is getting the money that you're trying to send to them. I hesitate to say that just because I think for the vast majority of consumers, the safest way to use these P2P platforms is really just to send it to people that you've met in person.
There are so many ways for scammers to impersonate other people and get you to send money without doing all the vetting that you need to. A legitimate business should be willing to accept payment in some other way if they really do want your business. If they're not, then maybe you should consider shopping somewhere else.
Or pay cash.
Or pay cash. Don't send cash through the mail, though. We definitely hear from consumers who are convinced to do that, to put it into a magazine, put it in an envelope, and send it off to a scammer. Obviously cash, there's no way to get your money back if you send them cash.
The philosophy, anytime someone is asking you to do something that's outside of the norm of business, if they over-issued a refund, fine, just reverse the charge. You can do that from your side.
A legitimate business asking for payment in an unusual way is one of the biggest red signs or red flags of fraud. -John Breyault Share on XYou're absolutely right. A legitimate business asking for payment in an unusual way is one of the biggest red signs or red flags of fraud.
As we wrap up here, are there any resources that you guys offer, and where can they find them?
Definitely. Our website is www.fraud.org. We have over 150 pages of content on frauds and scams of all kinds there. I would invite your listeners to check it out, share those pages widely with your friends and family, and also sign up for our fraud alerts.
We do a monthly fraud alert email that goes out. It's often tied to trends that we're seeing in our fraud data or that are being reported from other folks' fraud data.
For example, we just sent one out today about rental scams. With lots of students heading back to college, getting rental housing, along with just the general fact that in many cities—LA, for example—the rental market is extremely hot. There's a lot of incentive to put down money for an apartment before you may have seen it.
That's a great opportunity for scammers who put up ads or listings on Craigslist, for example, for a three-bedroom, two-bath condo in downtown Malibu for $1200 a month. Definitely this one, we're using this opportunity to warn consumers about.
That's awesome. Can they find you guys on social media?
Definitely. Our Twitter is @ncl_tweets. Just look us up on the National Consumers League on Instagram, LinkedIn, and Facebook. You can get all of our information there, too.
Awesome. John, thank you so much for coming on the Easy Prey Podcast today.
My pleasure. Thanks for having me on.