Such transfers are widely used in practice and usually do not cause problems, but, like any financial transactions, they can be the target of cybercriminals. So, the issue of security of electronic transfers is quite natural. There are well-known cases of people losing thousands of dollars as a result of wire transfer scams .
In this article, we’ll look at how wire transfers work, how to protect bank accounts from identity theft, how banks investigate fraudulent transactions, and what you can do to protect your transfers.
The concept of electronic transfer
The United States Electronic Funds Transfer Act of 1978 defines an electronic transfer as follows:
“ A transfer of funds initiated through an electronic terminal, telephone, computer (including via Internet banking) or a magnetic tape for the purpose of providing a financial institution with an instruction, instruction or permission to debit or credit funds from a consumer account.”
Electronic funds transfers around the world can be called differently. For example:
- In the US, these are “electronic checks”.
- In the UK, the terms “bank transfer” and “bank payment” are used.
- In some European countries, the term “cashless transfer” is widely used.
How wire transfers work
Online money transfers are a modern analogue of telegraphic transfers. You can instantly send funds by transferring money (or data that acts as money) to another person.
Such a transaction, as a rule, is associated with the contact information of the sender and recipient linked to a bank account – this can be, for example, a mobile phone number or an email address. Usually, the service of electronic funds transfer is provided for a small commission through secure Internet services.
The process is quite simple and often looks like this:
- The sender starts an Internet banking session and specifies the recipient, the amount to be sent, as well as the secret question and answer to it. Funds are debited instantly, usually along with a commission.
- The sender sends the answer to the security question to the recipient using another communication method to secure the transfer.
- An email or SMS message is then sent to the recipient with instructions on how to receive the funds and provide an answer to the question.
- The recipient must answer the security question correctly. The recipient is given a certain number of attempts to give the correct answer to the question, after which, if the correct answer is not given, the funds are returned to the sender.
- The wire transfer must also be received within the deadline, otherwise it will not be executed. This period depends on the specific bank and (or) parameters set by the sender.
In some cases, it is not necessary to have a bank account to transfer money online (or even to receive it that way). Instead, you can use a credit card or cash, but the fee in this case may be higher.
Some common reasons for using wire transfers are:
- It can take days for checks to be sent by mail, and they can be lost or stolen.
- In the case of an international money transfer, there is the issue of a conversion fee, which usually exceeds the fees for a money transfer.
- Online money transfers are almost instantaneous, can be received anywhere in the world and do not involve physical complications.
Are wire transfers safe?
The theft of an electronic transfer can occur if unauthorized people intercept it by hacking the email of the transfer participant and correctly selecting or extracting the answer to the secret question. Attackers transfer money to themselves that never reach the recipient.
Wire transfer scams usually involve people asking you to send them money, asking you to buy a product, or donating funds to a cause. Coronavirus-related schemes are a notable example of this scam : there are many cases where people were asked to transfer money to purchase a vaccine, personal protective equipment and test kits that were never delivered (and these are just some of the known cases).
There is no system that is 100% reliable. However, additional security measures can be applied to secure wire transfers, including:
- Multilevel data encryption . The data is encoded several times so that outsiders cannot read it if they try to steal or hack on the way to the recipient.
- Fraud Prevention . Trusted wire transfer companies require a security question or identity verification to ensure transfers are secure. For example, the anti-fraud mechanism is activated when funds are transferred to a suspicious recipient or when logging in from a new device.
- Identity verification . If the service provider requires you to use a strong password or automatically logs out of your system session after a certain time, this may indicate that the service provider takes precautions to ensure the safety of your funds at all stages of the transfer.
- Automated Settlement and Clearing Center (ACH). In the US, all internet banking transactions, including online fund transfers, are processed by an automated clearing house , which is an independent agency offering secure financial data transfer.
Different services provide different levels of protection, such as receiving phone verification from the sender and recipient (who must verify personal information), email confirmation, and even insurance that ensures your money is sent and your bank accounts are not hacked. Some service providers set limits on the minimum or maximum amount that can be sent, as well as a limit on the amount that can be transferred within a certain period.
This industry is regulated by several institutions that grant licenses to funds transfer companies. It is important to use the services of reliable companies with a good reputation and a valid license.
When making an electronic transfer, the sender must:
- Provide the exact email address of the recipient.
- Specify a secure secret question and answer that is difficult to guess and known only to the sender and recipient.
- Do not send the password in the same message where the transfer details are indicated.
- Make sure that only the recipient can know the passwords, i.e. avoid using information that would be easy to obtain or guess, such as names, dates of birth, places of work, etc.
Theft of identification data and wire transfers
If criminals gain access to your debit or credit cards or personal financial information, including account numbers, passwords, or ID number, they can steal money from your bank account or spend funds from your credit cards.
They may also commit so-called “identity theft” , which is to use your identity to get a loan or credit card in your name. Identity theft can seriously damage your credit history and financial reputation, and it can take years to restore your good name. According to the US Federal Trade Commission (FTC) , there are many ways in which personal data is stolen, including:
Criminals can rummage through your trash looking for bills or other papers with your personal information. By stealing your mail, attackers can get, for example, your bank account numbers, health insurance or credit card details. This data may be enough to create a new “identity”, especially if data such as your ID number falls into the hands of scammers.
Criminals may pose as representatives of financial institutions or organizations, send you spam emails or pop-up messages in order to extort personal information from you.
Criminals use all sorts of ways to install malware on your devices. The types of such software are also very diverse: they include viruses, spyware, Trojans, and keyloggers. All of them allow criminals to gain access to your device and the information stored on it.
Redirecting Your Mail
Criminals can submit a change of address application on your behalf to redirect your billing documents to another address in their possession.
Criminals can steal your credit or debit card number by using a special reader called a skimmer while processing your card transaction. Skimmers can be installed at gas stations or ATMs. Some of these devices may take the form of a POS terminal.
Criminals can get your personal information by stealing your wallet or bag, mail, bank or credit card statements, pre-approved loan offers, etc.
Remember, if your account is being scammed, it doesn’t always mean your identity has been stolen. This may be a single theft, which is easy enough to deal with. In any case, if you are the victim of a theft, you should immediately contact your bank.
Methods for investigating unauthorized transactions by banks
Online banking theft is a serious problem, but in order to investigate an unauthorized transaction, the bank first needs to identify it. Scammers often start with modest amounts that you may not even notice. Sometimes an attacker uses a hacked card for years, buying renewable subscriptions or gift cards that can then be resold. If the cardholder does not notice such transactions because they do not check their account statements, the fraudster may become bolder.
This shows how important it is to regularly check bank statements and card transactions. As soon as you notice that something is wrong, report it to the bank immediately. After that, bank employees will be able to start an investigation.
Upon receiving a report of suspicious or unauthorized transactions, bank staff will ask you to provide additional details about the unauthorized debit, as well as any evidence that such a debit was the result of fraud.
Banks’ procedures for dealing with unauthorized transfers are different in each jurisdiction and country, so it is important to have a good understanding of what rights you as a consumer have in your country.
In the US, the Electronic Funds Transfer Act of 1978 states that if fraud is reported within two days of the date of issue, the customer’s liability is limited to $50. If the client reports fraud after two days, but no later than sixty, the liability limit is $500. However, if a fraud report is submitted after 60 days, the customer is liable for all fraudulent transactions. This once again confirms how important it is to regularly check the movement of funds in your accounts.
After the bank receives a report of fraudulent charges and related documents from you, it must respond within 30 days regarding the disputed transactions. In most cases, the bank has up to 90 days to investigate and correct the error.
As a rule, the problem will be considered by bank employees who specialize in investigating cases of fraud in the lending sector, who are able to establish the fact of fraud and how it was carried out. Depending on the nature and extent of the fraud, the bank may involve law enforcement agencies.
As a rule, bank employees also recommend that the client contact agencies that provide credit history data (in the US , Equifax , Experian and TransUnion ) and ask that a fraud attempt be entered into your credit history in relation to your accounts.
After that, any attempts to open new credit accounts will require your personal presence and additional steps to establish your identity.
How to protect yourself from the theft of electronic transfers
Be vigilant when transferring or receiving money. Here are some tips to help you avoid wire transfer theft:
- Only transfer money to people you know and trust , just like with cash. Never transfer money to strangers.
- Call the person requesting the money transfer to confirm that it is indeed him. Make sure you transfer funds to the right person at the correct email address.
- Choose a security question that is hard to guess the answer to . Avoid answers that include names, dates of birth, hometown, etc. Do not use anything that can be guessed from your social media pages.
- Don’t include the answer to your security question in the wire transfer message .
- Always use a strong password that is difficult to guess or guess , and be sure to transmit it over a secure communication channel. Create strong and unique passwords to protect your accounts, including your email and social networks. Do not store data on public computers.
- Be careful with suspicious emails. Do not provide personal information if the letters cause you doubts. Never click on links in unexpected emails or messages.
- 7. Also, do not call the numbers listed in the messages that you did not request . If you’re not sure if the message is real, you can check the organization’s phone number or website yourself.
- Protect your email too – log out if you need to get away from your computer. Do not leave your device unattended in public places.
- 9. Do not use wire transfers to pay for goods or services . Electronic transfers are very difficult to dispute or return, as are cash payments. If you’re shopping online , pay with a credit or debit card for extra payment security.
- 10. Remember that people may not be who they say they are . Always be on the lookout and double check your information before making any payments.
- Do not immediately trust requests for prepayment . Be especially vigilant if a person or “company” is selling something you didn’t ask for, sign up for, or expect. Do not immediately agree if you are suddenly asked for some information – this may turn out to be a scam. Instead, contact the company directly via a verified email address or phone number to verify that the request actually came from their representatives.
- Banks and other reputable organizations, including law enforcement, will never ask you for a PIN or full password, or ask you to transfer money to another account . Always be vigilant if you receive a call or message asking for a PIN or personal information by phone or email.
- Sign up to receive fraud alerts from your financial institution so you don’t miss suspicious transactions on your accounts.
- Check URLs and email addresses. Pay close attention to website addresses and senders’ full email addresses to make sure you’re not being scammed. Make sure the site is using HTTPS and don’t trust HTTP sites.
- Pay attention to spelling and grammatical errors. Real banks and goods sellers check their emails to look as professional as possible. Spelling, grammar, or punctuation errors may indicate a scam attempt.
- Be alert if you are in a hurry . For example, if you are told that you need to “act quickly” in order to take advantage of a special offer or buy an item before it runs out, or that your money is “at risk” and you need to transfer it to another account. When it comes to your finances, only criminals will try to make you panic, not official representatives of organizations. Therefore, do not fall for this bait and do not make impulsive decisions. Remain calm, give yourself time, think carefully about the situation
What to do if you are a victim of wire transfer theft or fraud?
The first step is to immediately contact your bank or financial institution. Warn them about the incident and find out if you can get your money back after being scammed online. Be sure to cancel all recurring payments. Hacked accounts should be blocked.
It doesn’t hurt to change all your passwords, including social media accounts. If you think that your personal information may also have been stolen, report it to the police. You can also report fraud to the appropriate organization in your country. For example:
IN THE USA
You can contact one of the three major credit reporting agencies and discuss with them whether you need to report fraud on your accounts on your credit report. This will help prevent fraudsters from using your identification information to open a new account in your name. The bureaus mentioned above are Equifax , Experian and TransUnion .
You can report all suspicious contacts to the Federal Trade Commission . On its website, IdentityTheft.gov , you can get a customized fraud remediation plan, recommendations, track progress, and download pre-filled forms and letters.
In Great Britain
You can fill out a form on the Financial Ombudsman Service website if you do not receive a response from your bank within 8 weeks. In addition, if the bank rejects your request and sends it to the ombudsman, you can contact him before this time. There are also Citizens Advice Scams Action and Action Fraud services in the UK .
IDCARE is a service that will provide you with free assistance in finding ways to minimize the damage from your identity theft. The Australian Consumer and Competition Commission’s Scamwatch service collects data on fraudulent activity in Australia. The information we collect from you will help Scamwatch generate fraud alerts and warn other people.
You can report identity theft to the Canadian Anti-Fraud Centre , which provides support and assistance to fraud victims.
Finally, one of the easiest ways to protect yourself is to install a robust cybersecurity solution on all your devices. We recommend Kaspersky Internet Security , which will protect you from malware, spyware, data theft, and secure your online payments with strong encryption.