How Safe Are Money E-Transfers?
Electronic funds transfer (EFT) is a fast and convenient way to send and receive money. Ordinarily, they are widely used without problem, but as with anything involving money — they can be a target for cybercriminals. Raising the question, are e-transfers safe? After all, there have been reported cases where people have lost thousands of dollars due to e-transfer fraud.
This article explores how e-transfers work, how to protect bank accounts from identity theft, how banks investigate fraudulent transactions, and what you can do to ensure safe e-transactions.
According to the United States Electronic Fund Transfer Act of 1978, e-transfers are defined as,
"A funds transfer initiated through an electronic terminal, telephone, computer (including online banking) or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account."
Electronic fund transfers (sometimes known as 'e-transfers') are called by different names around the world.
- In the US, they can be referred to as "electronic checks" or "e-checks."
- In the UK, the terms “bank transfer” and “bank payment” are used.
- In several European countries, the term "giro transfer" is widely used.
How Do E-Transfers Work?
Online money transfers are the modern equivalent of wiring money. You can instantly send someone funds by transferring money (or the data that represents that money) from you to another person.
A typical transaction mainly involves contact information — such as a phone number or an email address — for the sending and receiving parties, tied to a bank account. Usually, for a small fee, online money transfers can be done from secure, web-based services.
The process is straightforward and often works like this:
- The sender opens an online banking session and specifies the recipient, amount to send, as well as, a security question and answer. The funds are debited instantly, usually for a fee.
- The sender sends the security answer separately to the recipient, usually via another medium, for security purposes.
- An email or text message is then sent to the recipient, with instructions on how to retrieve the funds and answer the question.
- The recipient must answer the security question correctly. If the recipient fails to answer the question correctly within a set number of times, the funds can be returned to the sender.
- If an e-transfer has not been accepted after a certain period, it will not go through. The transfer duration depends on the bank and/or the person's settings.
In some cases, you do not need to have a bank account to send money online or even to receive an online transfer. A credit card or cash can be used instead, which may incur higher fees.
Common reasons to use e-transfers include:
- Mailed checks take days to be delivered and could get lost in the mail or stolen.
- If money is being sent internationally, there is the question of currency conversion fees, which are usually more expensive than money transfer fees.
- Online money transfers are near-instantaneous with no physical complications to anywhere in the world.
Are E-Transfers Safe?
E-transfer fraud occurs when a third party intercepts a transfer by hacking into a person’s email account and correctly guessing or finding the answer to the security question. They then deposit the money themselves, and it never reaches the intended recipient.
E-transfer scams are usually people asking for money (either for themselves or for you to buy a product/service) or people asking you to donate to a cause. Coronavirus scams are an excellent example of this: many asked people to e-transfer money to fund vaccines, PPE, and testing kits that never got delivered.
While no payment or collection system is 100% safe; there are extensive safety measures to ensure that e-transfers are protected, including:
- Multiple layers of data encryption. This means that data is coded multiple times so that, if it’s stolen or hacked on its way to the recipient, it cannot be read by others.
- Fraud prevention. Reputable e-transfer companies require you to answer security questions, give a unique code, or verify your identity. This is to ensure the safety of your money transfer(s). Sending funds to a suspicious receiver or using a new device to log in can trigger the occurrence of fraud.
- Identity verification. If the provider requires a secure password or logs you out automatically after a specific amount of time, then it can be a good indication that they follow precautions to ensure your money is safe throughout the process.
- Automated Clearing House (ACH). In the US, all online banking transactions, including online money transfer services, are processed by the Automated Clearing House (ACH), an independent agency that offers secure financial data transmission.
Various services offer varying protection levels, such as confirmation phone calls to both parties (who have to verify private information), confirmation emails, and even insurance policies that guarantee your money will be sent. Some providers limit how little or how much money can be sent, and how much can be transferred in a period of time.
The industry is regulated with several authorities providing licenses to companies specializing in money transfers. So, it is important to go through reliable, reputable, licensed money transfer companies.
When sending an e-transfer, the sender has some essential responsibilities:
- Providing an accurate email address for the recipient.
- Including an effective security question and answer that is not easily guessable and is known only to the sender and the recipient.
- Not including the password or code in the message that accompanies the transfer.
- Ensuring passwords or codes are something that only the recipient knows. This means avoiding easily obtained or guessable information like names, birth dates, places of employment, etc.
Identity Theft and E-Transfers
If criminals obtain your debit or credit cards, or personal financial information such as account numbers, passwords, or Social Security number, they can steal money from your bank account or make charges to your credit cards.
They can also commit a crime called identity theft by taking out loans and obtaining credit cards in your name.
Identify theft can seriously damage your credit and financial reputation, and it can take years to restore your good credit and name. According to the Federal Trade Commission (FTC), identity thieves use various methods to steal your personal information, including:
This is where criminals go through your garbage looking for bills or other papers with your personal information on it. Identity thieves can get hold of details like bank account numbers, health insurance cards, or credit card details by stealing mail. They might be able to create a new identity if they access key information like your Social Security number.
Criminals pose as financial institutions or companies, sending you spam emails or pop-up messages to trick you into revealing personal information.
Criminals use different techniques to install malware on another person's device. Malware types include viruses, spyware, trojans, and keyloggers, all of which allow the criminal to access your device and the information stored within it.
Diverting your mail
This is when criminals complete a change of address form to divert your billing statements to another mail location, which they control.
Criminals steal your credit or debit card numbers by using a special storage device called a skimmer when processing your card. Skimmers can be installed at gas pumps or ATMs to collect card data. Some machines act like point-of-sale technology.
Criminals steal wallets or purses, mail, bank or credit card statements, pre-approved credit offers, and so on, to obtain your personal information.
Keep in mind: if fraudulent transactions occur on your account, it does not automatically mean your identity has been stolen. It may be an isolated incident of theft that can be quickly resolved. Either way, contact your bank immediately if you believe you are the victim of theft.
How do banks investigate unauthorized money transactions?
Online banking theft is serious, but before a bank can investigate an unauthorized transaction, it has to be identified in the first place. Often, fraudsters start small — by carrying out a small transaction that is more likely to go unnoticed. Sometimes, a fraudster might hack a card number for years, buying small recurring subscriptions or gift cards, which can then be resold. If these go undetected (because the consumer does not regularly check his or her card statements) then the fraudster can feel confident to go even further.
This underlines the importance of checking your bank and card statements regularly. Once you notice something is wrong, you should notify your bank immediately: once they are told, the bank can investigate.
Once the bank is aware of the disputed or unauthorized transaction, they can open an investigation. You will be asked to provide details of the unauthorized charge(s), along with any supporting evidence that the charge is fraudulent.
The rules for how banks deal with unauthorized transfers vary by jurisdiction and country, so it is essential to familiarize yourself with your rights as a consumer in your country.
In the US, the Electronic Fund Transfer Act 1978 states that if fraud is reported within two days of the statement, liability is limited to $50. If reported after two days, but within sixty, liability is limited to $500. However, if reported after 60 days, the consumer is liable for all fraudulent activity — which highlights the importance of regularly checking your banking activity.
Once a bank knows about the fraudulent charges and has received the relevant documentation from you, they should respond to the dispute within 30 days. In most cases, the bank will have up to 90 days to investigate and resolve the error.
Usually, the matter will be handled by the bank’s internal credit fraud investigators, who will be trained to determine whether and how fraud has been committed. Depending on the nature and extent of the fraud, the bank may decide to involve law enforcement.
Typically, the bank will also advise the consumer to contact the major credit reporting agencies (in the US, these are Equifax, Experian, and TransUnion) and ask for a fraud alert to be placed on the file.
This ensures that attempts to open new credit accounts are declined unless the creditor speaks directly to the consumer and takes additional steps to verify their identity.
How to Protect Yourself From E-Transfer Theft
You should always exercise caution when it comes to sending or receiving money. To avoid e-transfer theft, follow these tips:
- Only send money to people you know and trust, just as you would cash. Never send money to people you do not know.
- Call the person requesting money to verify their identity. Make sure you are sending it to the right email account/person.
- Choose a security question with an answer that is not easy to guess. This means avoiding things like names, birthdays, hometowns, etc. Do not use anything that someone could guess by looking through your social media profiles.
- Do not include the security question’s answer in the e-transfer message.
- Always use a strong password that cannot easily be guessed or found — and make sure you share it via a secure channel. Create strong and unique passwords to protect your accounts, including your email and social media accounts. Do not save any details on public computers.
- Be cautious with suspicious emails. Make sure you do not provide personal information if you do not know if they are legitimate. Never automatically click on a link in an unexpected email or text.
- Similarly, do not call the phone numbers listed in unsolicited messages. If you are unsure if a message may be genuine, independently research the organization's phone number or website and find out for yourself.
- Protect your email's security — do not stay logged in when you walk away from your computer. Log out and make sure your device is secure and not left alone in public.
- Avoid using e-transfers to pay for products and services. E-transfers are like cash transactions — it is tough to dispute or refund them. If you are buying something online, you have extra protection if you pay by credit or debit card.
- Remember that people aren’t always who they say they are. Exercise caution and always follow up and investigate further before committing to payment of any kind.
- Be suspicious of any requests for money upfront. Be extra vigilant when approached by a person or 'company' selling something you have not requested, signed up to, or are expecting. Always question uninvited approaches asking for information — they could be scams. Instead, contact the company directly using a trusted email or phone number to check the request is genuine.
- Banks or trusted organizations such as the police will never contact you asking you to give your PIN or full password, or transfer money to another account. Always be wary of any caller or message asking for your PIN or personal information over the phone or by email.
- Sign up for fraud alerts with your financial institution to detect suspicious activity on accounts.
- Check the URL or email address. Look at the website address or the sender's full email address to check that it appears legitimate. Look for HTTPS and don't trust websites that are still using HTTP.
- Watch out for poor spelling or grammar. Legitimate banks and retailers will proofread their emails, wanting them to appear as professional as possible. Errors in spelling, grammar, or punctuation could be a sign of a scam.
- Be wary if anyone tries to rush you. For example, if you are told you need to act 'quickly' before an offer or product runs out, or that your money 'is not safe,' and you need to 'move it to another account.' When it comes to your finances, only criminals will try to panic you — official channels will not. So, don't fall for the tactic and don't act on impulse. Remain calm, take a moment, and make sure you investigate the claim separately.
What to Do If You Are A Victim Of E-Transfer Theft or Fraud
The first thing to do is to contact your bank or financial institution immediately. Alert them to the situation and find out if you can get your money back after being scammed online. Make sure you cancel any recurring payments and consider freezing any accounts which have been tampered with.
It’s also a good idea to change your passwords across the board, including on social media. If you think your identity has been stolen as well, contact the police. You can also report the scams to the relevant agency in your country. For example:
In the US
You could contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file. This will help prevent identity thieves from opening a new account in your name. The three major credit agencies are Equifax, Experian, and TransUnion.
You can report all suspicious contacts to the Federal Trade Commission. Their website, IdentityTheft.gov, can provide you with a personalized recovery plan, guidance, progress tracking, and prefilled forms and letters.
In the UK
You can fill in a form at the Financial Ombudsman Service website if you haven’t heard back from your bank in 8 weeks. It can help sooner if your bank has sent you a rejection letter suggesting you use the ombudsman. Citizens Advice Scams Action and Action Fraud are also useful UK-focused resources.
IDCARE is a free service that will work with you to develop a plan to limit the damage of identity theft. The Australian Competition and Consumer Commission’s Scamwatch collects data about scams in Australia. Your report helps Scamwatch create scam alerts to warn the community.
You can report identity theft to the Canadian Anti-Fraud Center, which provides support and assistance to victims.
Finally, one of the easiest things you can do to protect yourself is to install a robust cybersecurity solution on all your devices. We recommend Kaspersky Internet Security, which defends you from malware infections, spyware, data theft, and protects your online payments using bank-grade encryption.