Zelle is supposed to make it easy and safe for you to send money to friends or relatives. But some consumers who never signed up for Zelle said strangers are using the service to steal money in a matter of seconds.
2 Likes
This is an automatically-generated Wiki post for this new topic. Any member can edit this post and use it as a summary of the topic’s highlights.
Click-bait headlines. Hackers got into the online account, changed the password, and made a Zelle payment to themselves (or a mule). It wasn’t “hacked through zelle” and the real problem is that the banks didn’t think this behavior was suspicious (or didn’t implement their security correctly).
I have to admit that I didn’t think of this instant attack vector with Zelle. But it is generally a good idea to not keep a lot of money in an account that allows such quick and easy withdrawals. I keep < $100 in my public* checking account. I pay bills using billpay from another, private** checking account, and keep cash in HYS or MMA that are not accessible from the public checking account. But even this would not have saved me from a Zelle attack if the banks with my private checking, HYS, or MMA accounts supported Zelle. I think the lesson here is until the banks get it right, don’t keep your money in an account that supports Zelle.
*public: an account I’ve used to write checks, so the routing and the account numbers are … public.
**private: an account I use only for billpay that generates a payment using the bank’s account number, so my account number is hidden from the payee.
3 Likes
Need to either have $0 liability for fraud, or an explicit opt-in for Zelle that makes it clear that you could suffer total loss of your account
I’m afraid something like this won’t stop people from opening such accounts – nobody reads the fine print.
It must be $0 liability for fraud. The two customers mentioned in the article had their money returned by the banks, but not right away (which can be a problem).
2 Likes