CFPB finds that Billions of Dollars Stored on Popular Payment Apps May Lack Federal Insurance
June 1, 2023
WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) published an issue spotlight on digital payment apps heavily used by consumers and businesses. The analysis finds that funds stored on these apps may not be safe in the event of financial distress, since the funds may not be held in accounts with federal deposit insurance coverage. The CFPB also issued a consumer advisory for customers holding funds in these apps and how they can make sure their funds remain safe.
"Popular digital payment apps are increasingly used as substitutes for a traditional bank or credit union account but lack the same protections to ensure that funds are safe,” said CFPB Director Rohit Chopra. “As tech companies expand into banking and payments, the CFPB is sharpening its focus on those that sidestep the safeguards that local banks and credit unions have long adhered to."
Use of nonbank payment apps such as PayPal, Venmo, and Cash App have rapidly grown in the past few years. These apps allow people to quickly pay retailers and others, while providing the option to store funds. Unlike traditional bank and credit union accounts which have deposit insurance, funds stored in these nonbank payment companies may be unprotected.
In recent months, many Americans were reminded that funds deposited with banks and credit unions enjoy the safety afforded by federal deposit insurance through the FDIC or NCUA. Americans witnessed the failure of large systemically important banks such as Silicon Valley Bank, Signature Bank, and First Republic Bank. These banks experienced a run, but insured depositors could have confidence their money was safe. However, similar protection would not be guaranteed to customers that store money on nonbank payment apps.
Today’s issue spotlight finds that:
- More than three quarters of adults in the United States have used a payment app. Younger customers’ use of these payment app services is especially prevalent. Approximately 85 percent of consumers aged 18 to 29 have used such a service. Transaction volume across all service providers in 2022 was estimated at approximately $893 billion, and is projected to reach approximately $1.6 trillion by 2027.
- Nonbanks can earn money when users store funds on their platforms. When users of these digital apps receive payments, the funds are not usually swept automatically to the recipient’s linked bank or credit union account. Instead, companies hold and invest the funds. These activities are not typically subjected to the same oversight that an insured bank or credit union faces. Apps also earn money through fees on merchants and other ancillary services, like selling crypto-assets and offering affiliated financial products.
- Funds sitting in payment app accounts often lack deposit insurance. When users receive payments, through these apps, these funds are not automatically swept into their linked bank or credit union account. In addition, payment app companies do not necessarily store customer funds in an insured account through a business arrangement with a bank or credit union. The company’s investments carry risk and if it were to fail, customers could lose their funds.
- User agreements often lack specific information. User agreements for digital payment apps often lack information on where funds are being held or invested, whether and under what conditions they may be insured, and what would happen if the company or the entity holding the funds were to fail.
Many states are enacting policies to ensure that these digital payment apps are able to meet their obligations, including a new law recently enacted in Texas. State laws, however, generally do not require that customer funds be stored in or automatically swept into insured accounts. The CFPB will continue coordinating with other state and federal regulators to monitor the evolution of this segment of the payments ecosystem and take appropriate steps.
The CFPB also issued a consumer advisory providing information to customers that keep funds stored on payment apps. Until payment apps are designed to automatically sweep balances into a user’s insured account, consumers may need to take action to move their balances stored in payment apps.
Consumers can submit complaints about financial products and services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372)
National Consumer's Protection Week
Beware of Romance Scams!
March 6-10, 2023
Unfortunately, the Internet, social media, and dating websites are perfect for tricking susceptible Americans into romantic relationships. Scammers will pretend to be interested in an unwitting person and, after building a rapport, ask them to send money or to cash a check or money order. Often, the scammers create urgency by claiming to have a medical emergency or promising to come to the U.S. to be with that person—just as long as a check or money order is cashed to cover expenses. None of their stories are true. Anyone who is socially isolated is susceptible to this scam.
Although many dating sites take steps to provide a safe forum for meeting online, you can do more to protect yourself from scamming fraudsters to keep your online relationships safe.
- First, with any Internet-based relationship, keep your personal details to yourself.
- Next, do a quick Google search of the other person’s name and the town they claim to be living in.
- From there, proceed slowly and look for inconsistencies in the other person’s profile and the information they share.
- Keep an eye out for signs the relationship is moving in a direction that it wouldn’t otherwise go if meeting in real life.
- As you get to know the other person, gently apply the brakes if your new friend pushes to take the conversation to private email. Stay on the website’s platform until it’s time to meet in person.
Indications that someone may not be who they say they are:
- Their name and the name embedded in their email address does not match.
- Obvious spelling and grammar errors.
- The online profile suddenly disappears from the dating site.
- They pledge their love way too quickly.
- They ask you to send or receive money/packages.
- They need money right away due to a medical or family emergency.
- They need a Visa or plane tickets.
- They claim a business opportunity arose that was too good to turn down, and they ask you to wire a loan.
People conducting online imposter scams frequently spin the same lines or tell the same backstory over and over.
That’s where conducting a Google search can be especially helpful. If an online love interest starts making declarations of undying devotion and churning out love poems, search some of the lines on the Internet and see where they’ve been used before. The expressions and pet phrases that online catfishers use are frequently recycled.
Common phrases include:
- My child is being cared for by a nanny or guardian.
- My wife or husband is dead.
- My child is already calling you “mom” or “dad.”
- You are my love or my darling.
- I cannot wait to be with you.
A legitimate love interest will understand if you ask for proof they are for real.
Request a customized photo. Ask them to hold today’s newspaper or a book you have both read in the photo. Next, conduct an online search of any photos they’ve already provided.
If using Bing, choose “Search by Image” by clicking the camera icon under the image search subsection. If using Google, do an image search. If the search results indicate something suspicious, it’s time to lay the evidence on the table. Don’t be surprised if they admit they are a scammer but “have fallen in love for real.” That’s just another tactic, and a heavily recycled one.
What you can do:
Tennessee Secretary of State Warns of New Scam Targeting Tennesseans
September 28, 2022
The Tennessee Secretary of State’s office is warning Tennesseans about an official-looking mailer from TN UCC Statement Service that incorrectly implies that businesses or individuals need a copy of the UCC-1 financing statement filed against them.
The Uniform Commercial Code (UCC) is a comprehensive set of laws governing sales and other commercial transactions. A UCC-1 financing statement is a legal form that a creditor files to give notice that it has the right to take possession of and sell certain assets belonging to the debtor for the repayment of a specific debt.
UCC-1 financing statements are common in Tennessee, with the Secretary of State’s Division of Business and Charitable Organizations issuing around 200,000 each year.
The scam mailer, Tennessee UCC Statement Request Form, tries to get Tennesseans to pay $107 for the TN UCC Statement Service to request a copy of the UCC-1 financing statement on behalf of the debtor. The mailer implies that the recipient needs a copy of the UCC-1 financing statement. This is rarely the case, the Secretary of State clarified.
Businesses and individuals that do want a copy of a UCC-1 financing statement can request one directly from the Secretary of State’s office for $15 by phone at 615-741-2286, mail or online.
To report the receipt of a suspicious mailer about a UCC-1 financing statement, contact the Division of Business and Charitable Organizations by phone at 615-741-2286 or email at TNSOS.CERT@tn.gov and the Attorney General’s office by phone at 615-741-3491 or online.
LinkedIn Brand - Most Abused in Phishing Attempts
by Dark Reading Staff; April 20, 2022; DarkReading.com
New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks.
April 20, 2022
Shipping, retail, and tech companies are no longer the most popular brands used to hide phishing attacks. Instead, social media platforms have become the brands of choice used to dupe victims and steal their personal data, with LinkedIn-related lures accounting for a full 52% of all global phishing attacks during January, February, and March of 2022, according to new data.
LinkedIn phishing-lure use exploded by 44% over the previous quarter, when it was used in just 8% of phishing attempts, according to Check Point's latest Brand Phishing Report.
"As well as LinkedIn being the most targeted brand by a considerable margin, WhatsApp maintained its position in the top ten, accounting for almost 1 in 20 phishing-related attacks worldwide," the report said.
Shipping is still a draw, even though LinkedIn overtook DHL as the brand most often used in phishing attacks. DHL is now the second-most abused brand, behind 14% of attempts during the same time period. FedEx moved up from seventh place to fifth over the past quarter, with 6% of all phishing attempts spoofing its brand.
Check Point's List of Top 10 Abused Brands
- LinkedIn (accounting for 52% of all global phishing attacks over the quarter)
- DHL (14%)
- Google (7%)
- Microsoft (6%)
- FedEx (6%)
- WhatsApp (4%)
- Amazon (2%)
- Maersk (1%)
- AliExpress (0.8%)
- Apple (0.8%)
Top 10 Scams for 2022
- Debt Collection:
Most of the complaints under this category involve debt collectors. Consumers tell of receiving calls from harassing collectors who are threatening and will repeatedly call attempting to collect a debt. Other complaints that fall under this category involved credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
- Fake Government Officials
If you received an email, letter or phone call from a government agency (typically the IRS or FBI) and it instructs you to wire, Western Union or MoneyGram money someplace, or follow a link and enter information - don't believe it! The U.S. government would never instruct anyone to use those methods to pay any bill or carry out a financial transaction, particularly with an overseas bank or agency.
- Identity Theft, Phishing and Pharming
Scammers gain access to your confidential information, like social security numbers, date of birth and then use it to apply for credit cards, loans and financial accounts. Typically, the victim receives an email that appears to be from a credible, real bank or credit card company, with links to a website and a request to update account information. But the website and email are fakes, made to look like the real website.
- Phone scams
This includes telemarketers violating the Do Not Call list, Robo-dialers, scammers calling up pretending to be from a bank or credit card company. The National Do Not Call Registry (U.S.) or the National Do Not Call List (Canada) offer consumers a free way to reduce telemarketing calls. Scammers call anyway, of course, and they've even found a way to scam consumers by pretending to be a government official calling to sign you up or confirming your previous participation on the Dot Not call list! A good example of this is the "Your Microsoft license key has expired" scam call - which you can hear and read about on this page.
- Loans Scams / Credit Fixers
False promises of business or personal loans, even if credit is bad, for a fee upfront. Or a scam that promises to repair your credit for a fee.
- Fake Prizes, Sweepstakes, Free Gifts, Lottery Scams
You receive an email claiming you won a prize, lottery or gift, and you only have to pay a "small fee" to claim it or cover "handling costs". These include scams which can go under the name of genuine lotteries like the UK National Lottery and the El Gordo Spanish lottery. Unsolicited email or telephone calls tell people they are being entered or have already been entered into a prize draw. Later, they receive a call congratulating them on winning a substantial prize in a national lottery. But before they can claim their prize, they are told they must send money to pay for administration fees and taxes. The prize, of course, does not exist. No genuine lottery asks for money to pay fees or notifies it's winners via email.
- Internet merchandise scams
You purchase something online, but it is either never delivered or it is not what they claimed it was, or is defective. Online shopping, and other shop from home, such as catalog, mail and phone shopping scams are on the rise.
- Automobile-Related Complaints
Car loans, car buying, car sales, auto repair, fake or useless extended warranties. Some of the complaints alleged consumers paid for repairs and that services provided were shoddy. Consumers reported repair companies that return vehicles to the consumer in a worse condition than how it was initially given to them. Other complaints involved consumers not receiving title to their vehicles at the time of sale
- Credit Bureaus and related credit scams
Credit/debit card fees, pay day loans, credit repair companies and unauthorized use of credit/debit cards. Some of these complaints involved hidden fees and billing disputes as well.
- Phishing/Spoofing Emails
Emails that pretend to be from a company, organization or government agency but ask you to enter or confirm your personal information.
Scams, Schemes & Swindles from TN Dept. of Commerce
The Scams, Schemes & Swindles webpage managed by the TN Dept. of Commerce and Insurance serves as a central location for scam information with links to fraud and scam webpages of other departments and agencies. The webpage provides common scam information related to dozens of scams impacting all individuals including elderly financial scams like the medicare brace scam or the grandparent scam.
The site includes helpful links about the scam and some resources to help educate consumers, such as this infographic developed in partnership with the ABA Foundation and the FTC that shows the signs of and gives tips to avoid a romance or online dating scam.
New Malware Affecting Home & Small Business Routers
Federal officials and cyber security experts have been reporting about a newly disclosed malware known as “VPNFilter.” Security researchers are estimating that over 500,000 small business and home office routers could be affected. Among the devices identified are routers from Linksys, MikroTik, NETGEAR, TP-LINK and QNAP. While the list of devices reported is not all inclusive, these are the brands identified at this time.
The malware is destructive and it is important for home users to take precautionary steps. Below are some recommended best practices to help protect you and your home network:
- Modem/Router Reboot: A simple reboot of your modem/router can help prevent your device from becoming infected. This can be accomplished by unplugging the device from the electrical outlet, waiting at least 10 seconds, and then plugging the device back in.
- Proper Password(s): Always make sure any device at home that connects to the internet have unique passwords and never the default admin passwords that come with the device.
- Patch/Update Firmware: Many routers and modems receive security updates from time to time, but if you are not sure, contact your Internet Service Provider or go to your router’s website for the most up to date firmware or update for your router. Netgear and Linksys have already established how-to guides on their websites.
Important Tax Fraud Alert
The Internal Revenue Service has issued an alert on erroneous federal tax refunds resulting from an emerging fraud scheme effecting thousands of people. Real taxpayer information including bank account and routing information for direct deposit has been stolen from tax professionals and used to file fraudulent returns. The fraudster contacts the taxpayer posing as an employee of a debt collection agency on behalf of the IRS with instructions on returning the money. If this happens to you, the IRS requests you contact the Automated Clearing House department of the bank/financial institution where the direct deposit was received and have them return it to the IRS. Taxpayers are also asked to contact the IRS at (800) 829-1040 (individuals) or (800) 829-4933 (business) to explain why the direct deposit is being returned. For more information,
Tax Topic Number 161, Returning an Erroneous Refund
For information regarding the Equifax breach, please Click Here
to be directed to their website or call 866-447-7559.