Electronic funds transfer (EFT) is a fast and convenient way to send and receive money. Ordinarily, they are widely used without problem, but as with anything involving money — they can be a target for cybercriminals. Raising the question, are e-transfers safe? After all, there have been reported cases where people have lost thousands of dollars due to e-transfer fraud.
This article explores how e-transfers work, how to protect bank accounts from identity theft, how banks investigate fraudulent transactions, and what you can do to ensure safe e-transactions.
According to the United States Electronic Fund Transfer Act of 1978, e-transfers are defined as,
"A funds transfer initiated through an electronic terminal, telephone, computer (including online banking) or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account."
Electronic fund transfers (sometimes known as 'e-transfers') are called by different names around the world.
Online money transfers are the modern equivalent of wiring money. You can instantly send someone funds by transferring money (or the data that represents that money) from you to another person.
A typical transaction mainly involves contact information — such as a phone number or an email address — for the sending and receiving parties, tied to a bank account. Usually, for a small fee, online money transfers can be done from secure, web-based services.
The process is straightforward and often works like this:
In some cases, you do not need to have a bank account to send money online or even to receive an online transfer. A credit card or cash can be used instead, which may incur higher fees.
Common reasons to use e-transfers include:
E-transfer fraud occurs when a third party intercepts a transfer by hacking into a person’s email account and correctly guessing or finding the answer to the security question. They then deposit the money themselves, and it never reaches the intended recipient.
E-transfer scams are usually people asking for money (either for themselves or for you to buy a product/service) or people asking you to donate to a cause. Coronavirus scams are an excellent example of this: many asked people to e-transfer money to fund vaccines, PPE, and testing kits that never got delivered.
While no payment or collection system is 100% safe; there are extensive safety measures to ensure that e-transfers are protected, including:
Various services offer varying protection levels, such as confirmation phone calls to both parties (who have to verify private information), confirmation emails, and even insurance policies that guarantee your money will be sent. Some providers limit how little or how much money can be sent, and how much can be transferred in a period of time.
The industry is regulated with several authorities providing licenses to companies specializing in money transfers. So, it is important to go through reliable, reputable, licensed money transfer companies.
When sending an e-transfer, the sender has some essential responsibilities:
If criminals obtain your debit or credit cards, or personal financial information such as account numbers, passwords, or Social Security number, they can steal money from your bank account or make charges to your credit cards.
They can also commit a crime called identity theft by taking out loans and obtaining credit cards in your name.
Identify theft can seriously damage your credit and financial reputation, and it can take years to restore your good credit and name. According to the Federal Trade Commission (FTC), identity thieves use various methods to steal your personal information, including:
This is where criminals go through your garbage looking for bills or other papers with your personal information on it. Identity thieves can get hold of details like bank account numbers, health insurance cards, or credit card details by stealing mail. They might be able to create a new identity if they access key information like your Social Security number.
Criminals pose as financial institutions or companies, sending you spam emails or pop-up messages to trick you into revealing personal information.
Criminals use different techniques to install malware on another person's device. Malware types include viruses, spyware, trojans, and keyloggers, all of which allow the criminal to access your device and the information stored within it.
This is when criminals complete a change of address form to divert your billing statements to another mail location, which they control.
Criminals steal your credit or debit card numbers by using a special storage device called a skimmer when processing your card. Skimmers can be installed at gas pumps or ATMs to collect card data. Some machines act like point-of-sale technology.
Criminals steal wallets or purses, mail, bank or credit card statements, pre-approved credit offers, and so on, to obtain your personal information.
Keep in mind: if fraudulent transactions occur on your account, it does not automatically mean your identity has been stolen. It may be an isolated incident of theft that can be quickly resolved. Either way, contact your bank immediately if you believe you are the victim of theft.
Online banking theft is serious, but before a bank can investigate an unauthorized transaction, it has to be identified in the first place. Often, fraudsters start small — by carrying out a small transaction that is more likely to go unnoticed. Sometimes, a fraudster might hack a card number for years, buying small recurring subscriptions or gift cards, which can then be resold. If these go undetected (because the consumer does not regularly check his or her card statements) then the fraudster can feel confident to go even further.
This underlines the importance of checking your bank and card statements regularly. Once you notice something is wrong, you should notify your bank immediately: once they are told, the bank can investigate.
Once the bank is aware of the disputed or unauthorized transaction, they can open an investigation. You will be asked to provide details of the unauthorized charge(s), along with any supporting evidence that the charge is fraudulent.
The rules for how banks deal with unauthorized transfers vary by jurisdiction and country, so it is essential to familiarize yourself with your rights as a consumer in your country.
In the US, the Electronic Fund Transfer Act 1978 states that if fraud is reported within two days of the statement, liability is limited to $50. If reported after two days, but within sixty, liability is limited to $500. However, if reported after 60 days, the consumer is liable for all fraudulent activity — which highlights the importance of regularly checking your banking activity.
Once a bank knows about the fraudulent charges and has received the relevant documentation from you, they should respond to the dispute within 30 days. In most cases, the bank will have up to 90 days to investigate and resolve the error.
Usually, the matter will be handled by the bank’s internal credit fraud investigators, who will be trained to determine whether and how fraud has been committed. Depending on the nature and extent of the fraud, the bank may decide to involve law enforcement.
Typically, the bank will also advise the consumer to contact the major credit reporting agencies (in the US, these are Equifax, Experian, and TransUnion) and ask for a fraud alert to be placed on the file.
This ensures that attempts to open new credit accounts are declined unless the creditor speaks directly to the consumer and takes additional steps to verify their identity.
You should always exercise caution when it comes to sending or receiving money. To avoid e-transfer theft, follow these tips:
The first thing to do is to contact your bank or financial institution immediately. Alert them to the situation and find out if you can get your money back after being scammed online. Make sure you cancel any recurring payments and consider freezing any accounts which have been tampered with.
It’s also a good idea to change your passwords across the board, including on social media. If you think your identity has been stolen as well, contact the police. You can also report the scams to the relevant agency in your country. For example:
You could contact one of the three major credit bureaus and discuss whether you need to place a fraud alert on your file. This will help prevent identity thieves from opening a new account in your name. The three major credit agencies are Equifax, Experian, and TransUnion.
You can report all suspicious contacts to the Federal Trade Commission. Their website, IdentityTheft.gov, can provide you with a personalized recovery plan, guidance, progress tracking, and prefilled forms and letters.
You can fill in a form at the Financial Ombudsman Service website if you haven’t heard back from your bank in 8 weeks. It can help sooner if your bank has sent you a rejection letter suggesting you use the ombudsman. Citizens Advice Scams Action and Action Fraud are also useful UK-focused resources.
IDCARE is a free service that will work with you to develop a plan to limit the damage of identity theft. The Australian Competition and Consumer Commission’s Scamwatch collects data about scams in Australia. Your report helps Scamwatch create scam alerts to warn the community.
You can report identity theft to the Canadian Anti-Fraud Center, which provides support and assistance to victims.
Finally, one of the easiest things you can do to protect yourself is to install a robust cybersecurity solution on all your devices. We recommend Kaspersky Internet Security, which defends you from malware infections, spyware, data theft, and protects your online payments using bank-grade encryption.