Woeful Security On Financial Phone Apps Is Getting People Murdered

Longtime Slashdot reader theodp writes: Monday brought chilling news reports of the all-count trial convictions of three individuals for a conspiracy to rob and drug people outside of LGBTQ+ nightclubs in Manhattan's Hell's Kitchen neighborhood, which led to the deaths of two of their victims. The defendants were found guilty on all 24 counts, which included murder, robbery, burglary, and conspiracy. 'As proven at trial,' explained the Manhattan District Attorney's Office in a press release, 'the defendants lurked outside of nightclubs to exploit intoxicated individuals. They would give them drugs, laced with fentanyl, to incapacitate their victims so they could take the victims' phones and drain their online financial accounts [including unauthorized charges and transfers using Cash App, Apple Cash, Apple Pay].' District Attorney Alvin L. Bragg, Jr. added, 'My Office will continue to take every measure possible to protect New Yorkers from this type of criminal conduct. That includes ensuring accountability for those who commit this harm, while also working with financial companies to enhance security measures on their phone apps.'

In 2024, D.A. Bragg called on financial companies to better protect consumers from fraud, including: adding a second and separate password for accessing the app on a smartphone as a default security option; imposing lower default limits on the monetary amount of total daily transfers; requiring wait times of up to a day and secondary verification for large monetary transactions; better monitoring of accounts for unusual transfer activities; and asking for confirmation when suspicious transactions occur. 'No longer is the smartphone itself the most lucrative target for scammers and robbers -- it's the financial apps contained within,' said Bragg as he released letters (PDF) sent to the companies that own Venmo, Zelle, and Cash App. 'Thousands or even tens of thousands can be drained from financial accounts in a matter of seconds with just a few taps. Without additional protections, customers' financial and physical safety is being put at risk. I hope these companies accept our request to discuss commonsense solutions to deter scammers and protect New Yorkers' hard-earned money.'

'Our cellphones aren't safe,' warned the EFF's Cooper Quintin in a 2018 New York Times op-ed. 'So why aren't we fixing them?' Any thoughts on what can and should be done with software, hardware, and procedures to stop 'bank jackings'?

Read more of this story at Slashdot.