Two Kinds Of Fintech Fraud And What Users Can Do About Them

 getty

Founder & CEO of MovoCash, Inc., where he’s combining the best of banking & blockchain through MOVO, a highly secure payment card platform.

Aspects of the fintech industry are in decline (e.g., stock price and valuation), and one cause may be a lack of security and an all-out assault by fraudsters (scammers, bad actors, etc.). A downturn in the economy doesn’t help, either.

Here are two issues and what users can do about them today, in simple terms.

1. First, fintech fraud can happen when scammers are able to sign up and use their app accounts to steal your money and launder it. Let’s stop the bad actors at sign-up.

2. Second, fraud can happen when valid users get scammed by giving their primary credit or debit card info to pay vendors they don’t know well (fraudsters as vendors). Let’s not give anyone the keys to our house or to our fintech balances.

Here are a few use cases that can help the non-expert better understand these security issues both at sign-up and during card use. See the suggested hints below for ideas to stop fraudsters.

Use Case #1: Find out if your fintech uses “push” and/or “pull” techniques to move your money into and out of your fintech account.

In a pull format, a fraudster can pretend to be you from within the fintech app (using your stolen credentials) and access your bank account via pull-access tools that act as the “middleman” between your fintech app and your bank. Then, they can send your money into their fraudulent fintech accounts, where it can be sent and spent freely.

That’s a major exposure. In a push format, the sender of money (you) must be inside of your trusted financial institution’s system/portal (your bank) and have full and secure access to all your money. Then you can confidentially send (push) it into your fintech account. That’s a lot harder for a fraudster to accomplish and means it’s far more likely to be you and not a bad actor.

Hint: Push for (look for) push only.

Use Case #2: Ideally, never give your primary card info (16 digits, expiration date and CVC) to anyone online or offline, be it card-on-file, for a subscription, a membership, a dinner or to pay for any product or service. Especially where the vendor has any capability to charge you more than you decided to initially pay them or the capability to charge you again at the end of some period, even after you told them to stop. Unfortunately, vendors can be scammers as well.

Hint: Look for multiuse virtual cards that disconnect from the primary card and its balances. These secondary cards can be instantly created and funded for the exact payment amount and be added to a digital wallet (e.g., Apple Pay, PayPal or similar) for hands-free ease of use without a physical card in hand. This gives you options and better control of your money when sending or spending it.

Another approach that can help is using PayPal to protect your primary credit or debit card, but even PayPal can have issues that can put users at risk of fraud. Fraud can hit both buyers and sellers, per government studies.

Use Case #3: The harder it is to sign up, the better! I know that’s tough to accept. But if a fintech lets you in too easily, then your assets are not as safe as they could be, as bad actors may be looking to join as users and create problems for you. Yes, it’s a pain to prove who you are sometimes, but without that, your money isn’t as safe and secure. And it’s mainly at sign-up. Just make sure your fintech is well known, highly rated and FDIC insured so you can share your personal info with confidence.

Hint: Don’t give up just because fintech wants to know so much about you. It’s actually a good sign and in your best interests!

Use Case #4: Be sure your fintech consistently monitors activity to watch for potentially fraudulent activity and then takes action, where necessary. If you’re a good user and they raise an issue with you, don’t be upset. In the long run, such security works to your advantage and the entire community.

Hint: Expect scrutiny along the way; it’s a good thing.

Use Case #5: Lastly, don’t be lax with card use just because you think the fintech and/or underlying bank will simply cover you in case of any fraudulent activity. They may cover you, but there are situations where they may not (e.g., if you’re slow in reporting the fraud), and the hassle factor is huge when having to change any and all legitimate and trusted card-on-file relationships you have. Plus, there are differences in the protection guarantees between credit cards and debit cards that may surprise you.

Hint: Don’t take unnecessary risks with your card info; it may eventually come back to bite you.

Per Bankrate.com: “Credit cards offer a few fraud protection benefits that debit cards don’t. Nearly all of today’s top credit cards offer zero fraud liability on unauthorized charges, which means you won’t owe a penny on any charge determined to be fraudulent. Debit cards also limit your fraud liability but require you to report your lost or stolen card within two business days to limit your liability to $50.

If you report after two business days but before 60, your liability goes up to $500. If just your debit card number is stolen and not the card itself, you are not liable for unauthorized charges, as long as you report them within 60 days of receiving your statement.”

Conclusion: Some of the potential solutions to fintech fraud issues are obvious and available today, as pointed out above. (Disclosure: My company provides such fintech solutions.) Once addressed industrywide, fintech has a bright future with a seemingly endless set of features, functions and benefits in the queue. Choose wisely and be aware of the use cases and liability protections discussed above.

The information provided here is not investment, tax or financial advice. You should consult with a licensed professional for advice concerning your specific situation.