Bank P2P service Zelle is having some issues with fraud, with some customers reporting that hackers, exploiting weaknesses in the platform, had cleaned out their bank accounts: even if those customers had never used, or head of Zelle, according to a New York Times report this weekend.
With thousands of new users signing onto the platform per day via its dozen or so partner banks, hackers and fraudsters are targeting the platform in order to gain access to these linked bank accounts. As the service is integrated into a bank’s mobile application, this is possible even if a customer has never actively used Zelle to send money.
Just under twenty banks are partnered with Zelle in the U.S., and their approaches to such fraud differ: some banks don’t always notify their customers when money is moved, for instance. Additionally, some banks integrated Zelle into their apps “without any protections,” Genevieve Gimbert, a partner for PwC’s financial crimes division, told the NY Times.
The lack of protections, such as two-factor authentication or behavior monitoring, makes it much easier for hackers, Gimbert said. One bank on Zelle is experiencing a 90% fraud rate, as Gimbert told Bank Innovation this past February.
UPDATE: PwC has since put out a statement, noting that the 90% figure it had previously shared is “unsubstantiated.” Read the full statement here.