Why You Should Think Twice Before Accepting Bank Transfers For Online Payment
If you’re a seller on Ebay or any number of other peer-to-peer commerce sites, chances are you’ve run into a buyer who either maliciously charges-back the transaction despite having received the product, or a buyer who is operating using someone else’s stolen credit card or other financial account. The accepted wisdom is that a bank transfer is the safest payment option to accept, on the basis that it cannot be reversed once it is credited to the recipient’s account. Unfortunately, that is not true in the case of ever-increasing online fraud. Due to regulatory conditions, banks continue to consolidate into ever-larger entities with an ever-larger number of individual transactions being overseen by algorithms rather than a smaller number being overseen by bank employees using common sense. And as competition thins out, the banks have less and less incentive to take responsibility for fraud detection. Here are a few of the most common payment methods buyers use and how you, as a seller, can get burned by a buyer using a stolen account in each case.
PayPal
PayPal, while being linked to your bank account and depositing sales proceeds directly upon request, has a dispute process in place which allows the buyer to make claims not only of fraud, but against the quality of merchandise received. A common fraud is for the buyer to claim he received a fake item, while pocketing the real item and ‘returning’ the fake via certified mail. If PayPal finds in favor of the buyer, it does not matter that the funds were transferred to the seller’s bank account; PayPal will back-draft the seller’s bank account to make itself whole in the event of a dispute.
Dwolla
Dwolla is linked directly to both the buyer and seller’s bank account and processes payments using ACH (Automated Clearing House) transfers for a flat fee of $0.25 per transfer. ACH is not a wire transfer but another type of electronic transfer which is processed in batches on a nightly basis. ACH provides a facility for an account holder to report fraud, and if done within 60 days, the transaction will be reversed if fraud is discovered. Dwolla will not take responsibility for the fraud, so when their account is debited by the ACH reversal, they will back-draft the Dwolla seller’s bank account for the same amount, leaving the seller at a loss with no chance of appeal.
Bank’s “Bill Payer” Service
Bill Payer services can be based on a monthly fee or bundled with the account for free depending on the bank and the account package. They use two methods of processing payments: computer-generated mailed check, or electronic transfer. The check is not a cashier’s check and can be stopped just like any other check. The electronic transfer uses the ACH system and has exactly the same drawbacks as using Dwolla above, except that there is no intermediary: if a buyer pays using electronic bill pay using a stolen account, the transaction will be reversed directly out of the seller’s account.
Bank’s Online Account to Account Transfer
This type of transfer is found at larger banks and allows people to send money directly from one account to another, instantly and usually free, but with daily limits. This is an even weaker option than an ACH transfer because the bank operates under its own terms (‘recourse agreement’) when it comes to fraud resolution. The received money can and will be taken directly out of the seller’s account to reimburse the victim of the fraud with zero recourse.
Wire Transfer
Wire transfer is billed as the ultimate payment method in terms of seller trust, supposedly non-reversible and secure against identity fraud since it was traditionally ordered in person. Unfortunately both counts are not true. Many banks offer online wire transfer which, despite various security measures, can be exploited by someone in possession of a stolen account and enough of the victim’s personal information to fool the system. And a wire transfer can in fact be reversed by the victim’s bank issuing what is called a wire recall. If the seller’s bank agrees to process the recall while the seller has available funds at the bank, the funds will be returned and the seller will be left high and dry. The likelihood of a recall being agreed to becomes less as more political borders are crossed, but is still very real.
Conclusion (Or, What The Heck Can I Do?):
When a bank is an intermediary in your sale, the manner of payment is not important. No method of payment will protect you from a fraudulent Internet buyer, and you must therefore engage in loss-limiting measures for each transaction. Prior relationship with the customer is not important, because a prior relationship means nothing when a cyber-criminal has hijacked their account to perpetrate fraud. A businessman must be able to explain to the customer that loss-limiting measures do not imply a lack of trust, but merely safe practice preventing criminal exploitation.
Some ideas for loss-limiting measures include:
- Verification of identity of the customer through official documents, face-to-face contact, or other means that would be hard for a third-world criminal to satisfy. A legitimate customer who wants to make a big deal in a hurry usually has an economic reason for it that will convince him that assuaging your concerns about his identity would be a wise thing to do if he truly wants to complete the transaction.
- Requiring a ‘cooling-off’ period that increases as the transaction becomes larger and the time since last transaction with this customer increases. One characteristic of cyber-criminals is that they tend to want to make big deals in a hurry and balk at attempts to verify them, possibly labeling such as ‘stalling’ and threatening to take ‘their’ money elsewhere. A purportedly legitimate customer can start with smaller transactions immediately and as time goes on, ramp up to bigger ones as trust builds.
An Undefeatable Bank Fraud Scheme
There is one scheme that will nail every seller who accepts bank payments from strangers, and there is literally nothing that can be done about it at present due to the banks’ unwillingness to engage in proactive fraud detection on behalf of the recipient of a payment. Scammer A is working together with Scammer B, but neither Seller nor the bank know of, or can possibly know of, this relationship. Scammer A opens a bank account, deposits the cash to be used in the scam, and shares identity information/login credentials to Scammer B. Scammer B then makes a deal with Seller for product and a price, and uses Scammer A’s online bank account from a foreign IP address to pay Seller. After Seller receives payment, he asks the bank to check if the payment is fraudulent or not. Unless the bank investigates deeply enough to find the evidence of fraud at this time, Seller will be falsely advised that nothing appears amiss with the transaction. Seller then ships product to address furnished by Scammer B. A few days later, Scammer A “notices” that the money in his account is gone and files a fraud claim with the bank. Scammer B’s login from a foreign IP address is used as evidence of fraud, Scammer A is reimbursed, and the funds in Seller’s account are debited to cover the claim. Scammers end up with both money and product, as well as license to proceed anew, while Seller is left with nothing, as well as a record of his account having been party to a fraud.
Unfortunately, as long as EFTA regulations are interpreted as requiring banks to directly reimburse fraud victims whose account was the source of a fraudulent payment, while not requiring banks to reimburse fraud victims whose account was the destination of a fraudulent payment, this situation is unlikely to change. As a seller who ships goods in exchange for money, the banks simply cannot be trusted to honor the transaction anymore, and sellers unfortunately must assume the worst about any new Internet buyer and minimize risks accordingly.
Alternatives
It cannot be overlooked that there are emerging alternatives to bank transfers for internet payment called virtual currencies. Linden, Amazon, and other companies have all announced virtual currencies, which trade like currencies but only require bank involvement at the point of conversion to a national currency. Likely the best and most widely used of all virtual currencies is Bitcoin, a peer-to-peer currency without a central issuer or controller of any kind. Bitcoin transactions are final and cannot be reversed by any entity. As a seller, you can rest assured that when you receive a Bitcoin payment that no one can remove the funds from your wallet at a later point. To learn more about Bitcoin, visit We Use Coins and consider using a service like BitInstant to integrate directly with your online shopping cart.