Visa Growth Corporates Working Capital Index Europe Edition February 2024 Banner

Manhattan DA: Payment Apps Need Greater Anti-Theft Protection

Cash App

If someone stole your phone, how quickly would they be able to steal your money?

It’s a scenario that Manhattan District Attorney Alvin Bragg says has become all too common: an unwitting person hands over their phone to someone who asks to use it for a moment and has their account drained. That’s to say nothing of the people whose phones are taken in violent robberies.

And while Bragg says his office prosecutes these cases, he wrote to companies such as Venmo, Zelle and Cash App earlier this week asking them to institute greater protections against theft.

“The ease with which offenders can collect five- and even six-figure windfalls in a matter of minutes is incentivizing a large number of individuals to commit these crimes, which are creating serious financial, and in some cases physical, harm to our residents,” he wrote.

Reached for comment by PYMNTS, a spokesperson for PayPal — which owns Venmo — provided this statement:

“PayPal and Venmo take the safety and security of our customers and their information very seriously. In addition to proactively leveraging sophisticated fraud detection tools, manual investigations, and partnering closely with law enforcement agencies to protect our customers against common scams, we have several options in place to enable enhanced layers of security and protection directly within our apps.”

“We are aware of isolated criminal incidents described in the Manhattan District Attorney’s letter,” Zelle said in a separate statement.

“Providing a safe and reliable service to consumers is the top priority of Early Warning Services, LLC, the network operator of Zelle®, and our 2,100 participating banks and credit unions. As a result of our continued efforts to build on Zelle’s strong foundation of security, less than one tenth of one percent of transactions are reported as fraud or scams, and that percentage keeps getting smaller.”

And a Cash App spokesperson provided a similar response:

“Cash App continues to be committed to building trust with our customers and investing in areas that help build a safe and secure platform. We work proactively and diligently to safeguard our customer’s money and mitigate against the risk of fraud on our platform through a combination of preventative controls like multi-factor authentication, account transaction limits, fraud detection, and consumer education. We also partner with law enforcement agencies to detect and combat criminal activity.”

Bragg asks the companies to consider further measures to protect users, including the addition of a “second and separate password for accessing the app on a smartphone as a default security option.”

He also suggests imposing lower limits on the amount of total daily transfers, and requiring wait times and secondary verification of up to a day for large transactions. 

The letter also mentions Apple’s recent roll-out of its stolen device protection feature, which blocks thieves from changing a device’s passcode. If someone tries changing the password when the device is away from a familiar location, they’ll need the user’s Face ID or Touch ID. 

Better protection might make consumers more inclined to use payment apps, according to recent PYMNTS Intelligence research.

As reported here earlier this week, payment fraud incidents have been increasing, jumping 88% since December of 2021.

“Amid this surge in fraud incidents, consumer fears of data breaches and vulnerability to fraud are fostering reluctance towards apps aggregating and connecting payment information,” PYMNTS wrote. “This concern spans various demographics, including generation, education, income and financial lifestyle, as highlighted in the study.”

The research showed that 45% of consumers are worried about data breaches, while 34% feel more vulnerable to fraud. In addition, roughly 30% do not feel comfortable having their personal information stored on a connected platform, and 27% would rather manage their credential and payment information manually to reduce risks.