A funny thing happened when I went to make a purchase with my ATM card the other day.
The store clerk said my transaction was declined. I asked her to try again – several times – with the same result. Declined.
It didn’t make sense. I had just rented a bike and made a purchase – no more than 5 minutes earlier.
I was supposed to have a balance of $770. I’d deposited $800 that very morning at my bank. But when I went to the ATM machine, I discovered that my checking balance was just $2.28. What happened?
I called a friend of mine who works in IT for the intelligence community. He immediately suspected a cyber-theft, perhaps from a “skimmer,” someone using an electronic device to “skim” my checking account of funds while I made a purchase – perhaps my recent bike rental.
But when I checked the record of my recent bank transactions, I discovered the real problem. Turns out that three different people had hacked into my Cash App account and sent money transfers from my account to their own.
I didn’t recognize any of the people, but they must have known each other. All of the transactions had occurred over a span of 2-3 minutes. And they’d cleaned me out.
I was aghast. My Cash App was linked to my cell phone but my cell phone was – and is – never out of my sight. How could anyone have hacked me?
I still don’t know. But the problem is widespread – and growing.
It turns out that all of the new “hip” money transfer systems – Pay Pal, Venmo, Cash App, Zelle, and others – are highly vulnerable to cyber-theft – and the companies aren’t doing anything about it.
Last June, an investigation into Zelle — now the largest instant money transfer system with $120 billion in transactions in 2018 — found widespread scamming and hacking. Thieves that often tricked Zelle users into giving up their transfer codes with phony text messages that seemed to originate with their bank.
While all banking-related websites and apps are vulnerable to scammers, it turns out that Zelle and Cash App are particularly appealing targets because unlike other peer-to-peer payment apps like Venmo, the system is embedded within banking apps and automatically connected to user accounts.
Apparently, scammers have also figured out a way to use Zelle to pilfer from your bank account even if you aren’t a Zelle user yourself, as one woman found out earlier this year.
They usually make contact with you via text message. Once you reply, they try to mine information about your bank account through your phone
In some cases, hackers may access your online bank account directly to steal your funds. Some of the larger banks like Chase Manhattan have agreed to make restitution. But others like Bank of America haven’t.
Cash App proved to be almost completely unresponsive. The company does not permit you to contact its customer service by phone; you have to do it by email and wait for a reply. It can take days.
Two successive Cash App representatives – named “Merardo” and “Alice” — declined any responsibility for the thefts; instead, they referred me to my bank and suggested that I try to recover the funds there.
But my bank disclaimed responsibility for the thefts saying I incurred the risk of cyber-theft when I linked my Cash App account to my checking account.
“Read the fine print of your contract,” my bank representative said – and then hung up.
It took repeated requests to Cash App, and an angry posting on Linked In to my network of 4,500 professionals to compel the company to launch its own investigation, which could take up to two months to complete.
And despite having detailed information on the Cash App thieves, including the names on their account, and the amounts and dates of their thefts, Cash App has made no promise of restitution.
Will I ever recover my funds? Almost certainly not. One of the thieves, who appears to be a female teenager judging from her listed profile – “Loco Uno” — has already canceled her Cash App account, having absconded with my funds and the funds of many others, I suspect.
Is Loco Uno even a real person? Who knows. Maybe someone hacked he account to hack mine. It seems that anything’s possible.
Naturally, I’ve canceled my own Cash App account. I suspect many others have, too.
But that’s no solution to a widespread and growing phenomenon with millions of prospective victims.
I’ve written to the FBI to launch its own cyber-theft investigation and have contacted members of Congress asking for greater accountability from the instant cash transfer companies that are taking in mega-profits and bamboozling their customers into thinking they have a safe and inexpensive way to transfer funds instantly anywhere.
In fact, the real costs of these services in the form of unrestrained and unaccountable cyber-theft are mounting rapidly. Consumers need real protection, not self-serving corporate excuses.