In Letter to Companies, D.A.’s Office Demands Enhanced Protections for Financial Applications in Wake of Smartphone Thefts and Scams; Thousands Drained from New Yorkers’ Accounts

Manhattan District Attorney Alvin L. Bragg, Jr., today released letters sent to the companies that own Venmo, Zelle, and Cash App to demand better consumer protections for customers in the wake of financial app thefts sweeping Manhattan and across the U.S. These scams involve an unauthorized user gaining access to unlocked devices and draining bank accounts of significant sums of money, making purchases with mobile financial applications, and using financial information from the applications to open new accounts.

“No longer is the smartphone itself the most lucrative target for scammers and robbers – it’s the financial apps contained within,” said District Attorney Bragg. “Thousands or even tens of thousands can be drained from financial accounts in a matter of seconds with just a few taps. Without additional protections, customers’ financial and physical safety is being put at risk. I hope these companies accept our request to discuss commonsense solutions to deter scammers and protect New Yorkers’ hard-earned money.”

In the letters, which can be viewed in full here, D.A. Bragg notes the “growing number of incidents in the New York City region involving fraud and theft through the exploitation of your company’s mobile financial applications on personal electronic devices such as iPhones.” Specifically, “the ease with which offenders can collect five- and even six-figure windfalls in a matter of minutes is incentivizing a large number of individuals to commit these crimes, which are creating serious financial, and in some cases physical, harm to our residents.”

These scams take a number of forms: “In some instances, the fraudster asks to use an individual’s smartphone for personal use, and then quickly sends large amounts of money to themselves through the victim’s financial application. In other instances, the offender asks for a donation for a specific cause, offers to transfer the money directly from the victim’s smartphone, and then transfers significant funds to the fraudster’s own account. In the most disturbing cases, offenders have violently assaulted or drugged victims, and either compelled them to provide a password for a device or used biometric ID to open the victim’s phone before transferring money once the individual is incapacitated.”

Adding that “in all of these cases, we believe further security measures to prevent unauthorized access to unlimited use of your financial services would have prevented such crimes,” the D.A.’s Office offered the following commonsense solutions:

• Add a second and separate password for accessing the app on a smartphone as a default security option. While users may still have the option to turn off the additional security in their settings, multi-factor authentication establishes an extra level of security and should be the standard to protect consumers.
• Impose default lower limits on the monetary amount of total daily transfers. Transaction limits would reduce the amount of money that can be stolen from a user if a theft occurs, and reduce the incentive for offenders to steal unlocked devices.
• Require wait times and secondary verification of up to a day for large monetary transactions. This would give the user time to cancel large transactions that were made without their permission and reduce the chances of theft of large amounts of money at one time.
• Better monitor accounts for unusual transfer activities and ask for confirmation when suspicious transactions occur (e.g. unusually large monetary transactions, monetary transactions late at night, etc.). Similar to the policies of most credit card companies, this would add an extra layer of security to your product to prevent fraudulent transactions.

Noting that “a failure to take proactive steps in the name of your consumers will lead to further illegal behavior and countless unsuspecting victims,” D.A. Bragg requests “a meeting with representatives from Cash App to discuss the steps you are taking to combat this growing concern.”

Read the full letter.

###