Blog

How to avoid fraud with P2P and A2A transfers

For many people, shopping and paying bills online is second nature. And now thanks to mobile payment apps, you can easily pay your friend or tip your hairdresser with a tap of your phone. But with the rise of mobile payment apps have also come a rise in fraud and scams. Add in the craziness of the holidays, and it can be easy to get distracted and fall victim to scams. Read on to learn more about P2P and A2A payments with mobile transfer apps and how you can best protect yourself from scams.

What are P2P & A2A transfers and how do they work?

Peer-to-peer (P2P) payments let you send money directly to another person. Commonly known through money transfer apps like Venmo, PayPal, and Zelle, P2P payments allow you to send and receive money through your mobile device. Typically, funds are transferred electronically from your checking account but some apps like Venmo accept a credit or debit card to transfer funds, sometimes for a fee. P2P payments are free to send through Georgia’s Own Bill Pay, online or with mobile banking, and the recipient can receive the funds faster by opting to pay a small fee.

Account-to-account (A2A) or external transfers can be used to electronically transfer funds to your accounts at other financial institutions or send money to friends and family if you know their account information (routing number, account number, etc.). A2A transfers can be set up online or through mobile banking and usually require you to validate access to the external account—sometimes that’s instant and other times that’s done through micro-deposit validation. Once the access has been granted, you can set up one-time or recurring transfers to those external accounts. Unlike P2P payments, A2A transfers can take a few business days to process, depending on the institution(s).

Both forms of payment are best used with people you know and trust. If you send or receive money via A2A, you need to share bank account information—which can potentially put you at risk for fraud. On the other hand, P2P payments are essentially like cash. Once the money is gone, it is gone. And while all systems encrypt personal data and financial information, they can still be susceptible to hackers or scammers.

Most common scams: what to look out for

Unfortunately, scammers are creative and constantly developing new ways to steal your money. Knowing some of the more common types of scams can help you keep you and your money safe.

With the rise of P2P payment apps, scammers have started “accidentally” paying people and then asking for a refund. Never send the money back, and instead contact the P2P service about the error. These payments are usually made with stolen funds or hacked accounts that will eventually be flagged as a fraud. If you send money back to the scammer, the P2P service could take funds out of your account or hold you responsible.

Another common A2A scam tactic is the impersonation of your financial institution. You may get a call to alert you about “suspicious activity” on your account. They may try to direct you to send money or ask you to confirm information such as your bank account username and password, credit card or debit card data, or Social Security numbers. Do not share this information—scammers want to create an account with your information, steal your identity, and gain access to your accounts.

Similarly, scammers may pretend to be contacting you on behalf of the government. They might use the name of a real government agency, like the IRS or Medicare, or make up a name that sounds official. Other scams involve pretending to be from a business you know, like a utility company or a charity asking for donations. Do not share any give your personal or financial information in response to a request that you didn’t expect. Honest organizations won’t call, email, or text to ask for your personal information, like your Social Security, bank account, or credit card numbers nor will they ask you to set up A2A payments.

Lastly, there has been an increase in scammers posing as a legitimate business. They may request a P2P payment to reserve a product or service. Once they receive your money, they disappear. Treat P2P payments like cash—do not pay until you receive the product. If you must pay in advance, use your credit card for extra protection.

Best practices for avoiding fraud

The most important tip for avoiding fraud with P2P payments and apps is to only send money to people you know and trust. In the case of real-time P2P payments, these transactions are the equivalent to handing over cash—once the money has left your account, it is gone. If you have two-factor authorization set up to receive a one-time passcode, do not share it. Your financial institution should never ask you for this information.

When setting up A2A payments, rely on processors that are sponsored or associated with your bank, like Georgia’s Own Bill Pay. This will allow you to track your payments and ensure the security of your account. Additionally, you should only set up A2A transfers with people you fully trust.

Always keep an eye on your account transactions, and watch for notifications from your financial institution. If you see notifications about a transaction that you didn’t make, contact your institution immediately. The faster you respond, the better chance of stopping the fraud from occurring. You also should not ignore messages about information changes. If you see something has changed and you didn’t make that change, contact your institution immediately.

Can I get my money back?

If you find unauthorized payments or think you’ve paid a scammer, there are several steps you’ll want to take. If you’ve used a mobile payment app, you will want to contact the app directly. You also need to report it to the FTC and potentially file a police report. When you report a scam, you help the FTC and other law enforcement agencies stop scams.

Lastly, one of the most important things you should do is talk about it with your friends and family. Unfortunately, we are all susceptible to fraud and talking about it may help others to see the signs before it is too late.

Final takeaways:

• Anyone and everyone can be susceptible to scams and fraud.
• Only pay people you know, and only set up A2A payments through your financial institution-sponsored payment options.
• Report any scams or fraud immediately to the correct organizations.

It is important to remember that fraud can happen to anyone, especially during this time of year as we may be distracted by friends and family. Keep your holidays happy and stay alert!

What is multi-factor authentication?

Multi-factor authentication (MFA) (also known as two-factor authentication or two-step verification) is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. MFA makes it twice as hard for criminals to access an online account and obtain personal or financial information. It’s an easy protective measure that increases your security, whether it’s for your social media accounts or online banking.

How does multi-factor authentication work?

By adding a step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works: Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving your identity, like entering a PIN, texting/emailing a code to your mobile device, or accessing an authenticator app.

What does multi-factor authentication include? 

There are various ways online organizations implement two-factor authentication. Some of the most common methods include PIN or verification codes, security questions, or biometrics—below is a list of popular types of multi-factor authentication:

• An extra PIN (personal identification number)
• The answer to a security question like, “What’s your favorite pet’s name?”
• An additional code, either emailed to an account or texted to a mobile phone
• A biometric identifier, like facial recognition or a fingerprint
• A unique number generated by an authenticator app
• A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system

What type of accounts offer MFA?

Not every account offers MFA, but it’s becoming more popular. It’s seen on many accounts that usually hold either valuable financial or personal information, like banks and financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information) or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. You should use MFA everywhere you can!

What are the pros and cons of multi-factor authentication? 

Multi-factor authentication was introduced to make it harder for hackers to access systems or applications and protect users from fraud. While the benefits outweigh the drawbacks, there are cons to multi-factor authentication. The downside is that some users often forget answers to security questions or may lose their tokens. Below are some additional pros and cons of MFA:

Pros of MFA

• Adds layers of security
• Uses one-time passwords that are randomly generated in real-time, making it harder for hackers to crack
• Allows for easy setup
• Can reduce security breaches by up to 99%
• Mitigates password risks, like duplicated passwords

Cons of MFA

• A phone is needed to access text message codes, and phones can easily be lost or stolen
• Hardware tokens can get lost or stolen
• MFA can fail if there is a network outage
• Phishing is still an issue, as hackers can create phishing emails that mimic MFA texts or emails

Following the above steps is essential to securing your personal and financial information. This is the third in a series of cybersecurity education posts to help you stay safe online. Over the next few months, we’ll share greater insight and tips on other ways to safeguard your online presence. In the meantime, we offer additional resources to brush up on your financial education with ACHIEVE for consumers and small businesses. Click here to start learning today.

Why should you update your software?

As your trusted financial institution, we believe it’s crucial to ensure our members know how they can protect their financial information. One of the easiest ways to keep your information secure is to keep your phone or computer software and apps updated. It’s necessary to update your software regularly to ensure hackers can’t access private information, like your Social Security number or bank account numbers. Below are four best practices for updating your software:

Update often

Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. Hackers are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

It’s better to install software updates as soon as they’re available. If you can’t, a good rule of thumb is to check for significant software updates weekly. You should also regularly back up your data to protect it from accidental loss.

Get it from the source

When downloading a software update, only get it from the company that created it. Never use a hacked, pirated, or unlicensed version—even if your friend gave it to you. These often contain malware and cause more problems than they solve.

Using unlicensed or pirated software can have severe consequences. Not only does your personal information become vulnerable to cybercriminals, but it’s also illegal. Using or distributing pirated software violates copyright law, and you could face up to $150,000 in penalties. You can even face up to five years in prison.

Make it automatic

Legitimate software usually provides an option to update your software automatically. Automatic updates allow you to get the latest security fixes as quickly as possible without doing anything. You can let your device do all the work when newer software or app versions are available.

There are some reasons to disable automatic updates. If you like knowing what changes or improvements are coming to apps or software, you can turn off automatic updates to keep yourself informed. Turning off automatic updates also allows you to control when they happen. But, some app or software updates involve critical security fixes that hackers actively seek. If you disable automatic updates, stay tuned to any announcements the developer may have about security updates to keep data secure.

Watch for fake software updates

Maybe you’ve seen pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form. These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secure or could contain malware.

Some phony software updates are more distinguishable than others. Pop-ups informing you that your device is infected with a virus or malware play on fear—and if you click on that pop-up, you’ll unknowingly install a virus or malware. Legitimate anti-virus software developers don’t use pop-up ads.

One of the most devious methods is receiving a notification via email that you need to update your software. You’ve provided your email address to the software company, and it’s reasonable to expect email communication about updates. Pay attention to the sender’s email address if you suspect something is off.

Following the above steps is essential to securing your personal and financial information. This is the second in a series of cybersecurity education posts to help you stay safe online. Over the next few months, we’ll share greater insight and tips on other ways to safeguard your online presence. In the meantime, we offer additional resources to brush up on your financial education with ACHIEVE for consumers and small businesses. Click here to start learning today.

10 ways to stay safe online

Protecting information and securing systems and devices is an essential task that seems like an afterthought to some. However, it’s crucial to stay safe online to protect your personal and financial information. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are ten tips you can put into action now:

1. Keep your software up to date

Keep all software on internet-connected devices—including personal computers, smartphones, and tablets—current to reduce risk of infection from ransomware and malware. Outdated software is vulnerable to hackers looking to steal personal information, like usernames and passwords, bank account numbers, or even your Social Security number. Configure your devices to automatically update or to notify you when an update is available. If you don’t enable automatic updates, it’s recommended to install software updates as soon as they roll out or check monthly.

2. Enable multi-factor authentication

Two-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) is a simple way to keep your financial information secure, and you should use it whenever offered. If a password is hacked, guessed, or phished, it’s not enough to give the intruder access without the second form of authentication—thus rendering it useless.

Two-factor authentication varies across platforms, but the overall process is generally the same. For example, you log in to your bank account with your username and password. If entered correctly, the server will send an authentication code to a secondary device, typically via text or email. You’ll then enter the unique code to confirm your identity and gain access. If someone is attempting to access your account, they won’t be able to without the authentication code.

3. Use long, unique passwords

Use a long, unique password to keep your accounts secure. A strong password is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, while also using a combination of letters, numbers, and symbols. Do not use sequential letters and numbers, like “qwerty” or “1234.”

It’s also important to use separate passwords for different accounts. Around 66% of Americans use the same password for more than one account, which can be detrimental if there is a security breach. If you use the same password for your social media accounts and online banking, your financial information can easily be stolen if your social media password were to be hacked.

4. Use a password manager

It’s hard to keep track of multiple complex passwords, but avoid writing your passwords on paper or storing them on an unprotected device. The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.

There are various free or cheap user-friendly password manager applications that can be used to securely store your information across multiple devices. Bitwarden offers a free personal plan that allows you to store unlimited passwords, use the app on unlimited devices, free sharing for two users, and more. They also offer a family plan for $40 per year that allows up to six users, encrypted file sharing, emergency contacts who can access your vault in case of an emergency, and more.

5. Think before you click

Links in emails, tweets, texts, posts, social media messages, and online advertising are the easiest way for cyber criminals to obtain sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Clicking on unknown links or opening attachments may install malware, like viruses, spyware, or ransomware, on your device. The software is covertly downloaded, so you won’t notice until it’s too late.

If you do accidentally click an unknown link, disconnect your device from the internet and ensure your files are backed up. Next, scan your device for malware, then change your usernames and passwords. Lastly, set up a free fraud alert on your credit report with one of the three major bureaus: Experian, Equifax, or TransUnion.

6. Report phishing attempts

If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. Procedures vary between organizations, so be sure you know your company’s policy for reporting phishing attempts.

If you’re at home and the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply to the email. Delete the email altogether. You can take your protection a step further and block the sending address from your email program, too.

7. Use secure WiFi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

VPNs encrypt your online traffic and anonymize your location, allowing you to browse safely and securely. Even if your traffic is intercepted, hackers can’t view your activity. VPNs are becoming increasingly popular due to the ability to unblock geo-blocked content on streaming platforms, and they’re also user friendly.

8. Back up your data

Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.

9. Check your settings

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort.

10. Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. One popular trend on social media consists of answering a list of personal questions, such as the name of your first pet or the street you grew up on. Many of those are common security questions, and you’re unknowingly distributing those answers for hackers to view—and potentially gain access to your financial information.

Following the above steps is essential to keeping your personal and financial information secure. This is the first in a series of cybersecurity education posts meant to help you stay safe online. Over the next few months, we’ll share greater insight and tips on each of the topics mentioned above. In the meantime, we offer additional resources to brush up on your financial education, with ACHIEVE for consumers and small businesses. Click here to start learning today.

Top identity theft scams on the rise

Did you know that in 2020 alone, the Federal Trade Commission (FTC) received nearly five million fraud reports from consumers? And while we hate to be the bearer of (more) bad news, that statistic does not include those consumers who may not have realized they had experienced fraud, meaning the number is probably even higher. One of the top categories of reported fraud is identity theft, which is becoming more of an issue as we venture further into the digital age. So how do you avoid becoming an identify theft scam’s next victim? In this case, information is power—so read on to learn how to recognize some common identity theft scans.

Prizes, lotteries, and contests

We’ve all gotten those spam texts that congratulate us for entering a contest we don’t remember signing up for, complete with a link to click on to claim our prize. Read carefully: never click on strange links.

Even if you just click on one of these fraudulent links without entering additional information, many of these website and services have the ability to gain valuable information that is stored elsewhere—like on your Google Chrome account or from your Facebook app. If you do click on a link by mistake, exit ASAP and monitor your credit and other activity to ensure your personal info stays safe.

Password passivity

It’s hard to keep up with all your passwords—between social media, email, job-related resources, and even your home alarm keycode, you probably feel the need to keep your passwords simple and easy to remember. But you should know that using these simpler passwords makes it easier for scammers to gain your personal info—especially if you don’t change your password often.

Create passwords that don’t include your birthday, kids’ names, favorite pet, or your mother’s maiden name—this is all info that anyone can look up online. Instead, create passwords that are difficult to guess and include a lot of variables, like capital and lowercase letters, numbers, and special characters. Bonus: you can use an online password storage system to help you out… just be sure to change your password to whatever service you use.

Unsolicited calls or emails

Raise your hand if you have gotten at least three calls today about your car’s supposed warranty expiring. The rate of spam calls has risen dramatically over the last few years, and while many of us know better than to trust the person talking about a nonexistent warranty, you should also know that many spam callers are working smarter to get you to take their call.

For instance, many spammers now use a local number that will increase the odds of you answering the call. Spammers also use email to personalize messages to you that seem legit enough to stay under the radar of your system’s spam filter. Use your common sense for these—if you didn’t purchase a “car warranty,” it can’t have expired. Send those calls to voicemail and then block the number or hit the “mark as spam” button and delete any weird emails you receive.

High-pressure communicators

You’re on LinkedIn when you get a private message asking you to consider a job opportunity. The person’s profile seems legit, Googling the company yields some results, but something about the message doesn’t ring true. Before you can answer, the person messages again, telling you that you must decide quickly. This is a red flag situation—legitimate potential employers will not ask you to decide on a job online within a matter of seconds.

These high-pressure tactics are also used by some spam callers who try to convince you that your social security number has been compromised or that you are under arrest and the police are on the way. If you’re not sure about the legitimacy of a caller or messenger, ask for their info to call them back (which they will probably not give) and do some research on your own. If it feels wrong, trust your instincts.

Ignoring data breaches

As much as we wish it didn’t happen, data systems can fail, sometimes leaving your information vulnerable. When this happens, the company who was breached will contact you or post a public announcement, but it’s up to you to update and secure your information, usually by changing a password. Even reputable businesses can experience data breaches, so don’t think you don’t have to take a threat seriously just because you feel confident in the business.

While you may not think that a data breach from your favorite pizza place matters, consider how many times you have ordered online from this restaurant, and whether your credit card info may be stored in their data. Small issues can turn into big ones when it comes to strangers having access to your finances.

Scams designed for kids

It seems especially wrong to scam a child, but, unfortunately, it’s been known to happen. Even older kids don’t always understand that a nice person asking them for personal information may have bad intentions, so it’s important to talk to your kids about what kind of info they should share with strangers.

If your child enjoys playing online games where purchases can be made, lock down the accounts as much as possible to avoid being defrauded by another player. Even features like the chatrooms available on many games can be used as avenues to gain personal info, so monitor your kids’ chats (or turn the feature off) to make sure they are not oversharing.

It may seem like identity theft is inevitable—but it doesn’t have to be. You can take steps to ensure the safety of you and those around you by implementing some simple safeguards. Change your passwords often, don’t answer sketchy calls, always double check that your emails are from a legitimate source, and get into the habit of treating your personal information like the invaluable resource it is. Not saving passwords on websites might seem unnecessary now, but the potential of undoing a web of financial fraud makes these extra steps worth it.

Are you high risk for identity theft?

Young adults ages 18-24 are most at risk for identity theft and often targeted by people they know. But, it’s vital to understand and recognize that identity theft can happen to anyone—even you! Identity theft may not seem like a big deal until it happens to you. It can damage your credit report and financial history as a young adult. Knowing this, it’s crucial to safeguard your financial information—but what does that mean? Here are five ways you can keep yourself from being at risk for identity theft:

Don’t leave out credit or debit cards

It’s as simple as it sounds—don’t leave your credit or debit cards lying out, whether you’re at home or in public. For example, you’re at a restaurant and pay for the check. You leave the table for a few minutes to run to the bathroom—in that short period, someone could easily and quickly snap a photo of your credit or debit card and use that information to their advantage. You’d never know, either, until you check your bank account, your account is drained, and there are dozens of unfamiliar charges. An easy way to combat that is by putting your credit or debit card in your wallet as soon as you’re finished using it.

Don’t leave your wallet in an unlocked room or office

You may think your office is one of the safest places to leave your wallet, and that could be the case—but only if your office is locked. Anyone could walk by while you’re gone and grab your wallet that contains sensitive information, from your credit and debit card numbers, driver’s license number, and more. It seems tedious, but if you’re leaving your office, even for just a second, be sure to lock the door if you can. If you can’t, bring your wallet with you.

Safeguard personal documents

Lock up and protect any documents that contain personal information like bank account, Social Security, and personal identification (PIN) numbers. Your best bet is to store them in a safe deposit box at your financial institution or credit union. If you have copies of those documents or want to keep the original documents with you, purchase a fireproof safe for at-home storage. You can purchase a fireproof safe with a locking mechanism for less than $50. Not only does it protect you from identify theft, but it also safeguards those documents in the event of an emergency, like fires or floods. And, be sure to shred receipts, credit card offers, and bank statements at least once per month.

Keep your guard up

Never provide financial information over the phone, via text, or email. One scam on the rise, called spoofing, allows fraudsters to fake the number they’re calling from by making a fake number appear on your caller ID. It can be easy to fall for, as the number could appear to be your bank’s phone number. They may say there’s a charge on your account you need to verify, or you may receive a fake text message. Remember, financial institutions (or any legitimate organization) will never ask for your Social Security number, card number, PIN, CVV, or expiration date.

Monitor your accounts

In addition to protecting your information, it’s necessary to monitor it, too. Checking your bank account or credit card activity often can help you recognize identity theft sooner. If you notice any suspicious activity, it’s a good idea to freeze or lock your debit or credit card so no one can use it, and contact your credit union or financial institution immediately. They can ensure you aren’t penalized for these transactions, help you get your money back, and ensure your card is replaced promptly. You should also periodically check your credit report to ensure no one opened any new accounts in your name. As a Georgia resident, you can request free copies of your credit reports through each of the three credit bureaus for free up to three times per year.

It may seem scary, but protecting yourself from identity theft is a necessary measure in today’s world. Your financial history is crucial in nearly every aspect of your life, and it’s critical to ensure no one gains access to personal information to potentially damage that. By implementing these measures, you’re taking control of your finances and preventing yourself from becoming someone’s next target.