As of last Tuesday, Facebook has switched on person-to-person (P2P) payments for users in the US to "instant-message" money to their friends, using the debit cards connected to their bank accounts.
Essentially, how it works is pretty simple.
- Start a message with a friend
- Tap the $ icon and enter the amount you want to send
- Tap Pay in the top right and add your debit card to send money
To receive the money, you open your friend's conversation, click Tap Add Card in the message and add your debit card to accept money for the first time. After you've added a debit card to your Messenger
account, you can also create a PIN for additional security the next time you send money which arrives after one to three business days.
Facebook claims they are not using credit cards to reduce fraud and fees. They also promise they have wrapped the whole system in secure layers with encrypted connections between users and itself and "layers of software and hardware protection that meet the highest industry standards."
"Trust us!" Facebook says, pointing out that it's been processing transactions for game players and advertisers since 2007 and at this point is processing over 1 million transactions daily.
Looks like they overlooked a simple thing like social engineering. I predict that the press will flood with fraud stories very soon. Just like the Apple Pay system that was exploited by fraudsters a few months after its release, same thing is going to happen here.
The number one problem will be phishing attacks that claim the victim has received money from a Facebook friend... just click here to open Facebook Messenger and get your cash. Yeah sure.
I would send the following or something like it to your employees, friends and family. Feel free to edit, copy and paste.
Facebook just announced a new feature that allows you to send money to a friend using your own debit card and your friend's debit card, which of course are linked to both of your bank accounts. You need to attach your debit card to your Facebook messenger to send and receive money. Facebook claims this is all technically secure.
Well, Apple thought their Apple Pay was secure too, but fraudsters started making cash right away gaming the system. This new Facebook payment option could allow several kinds of scams. To start with, you have to be alert when you get emails that claim a Facebook friend has sent you money. Also, when a friend messages you and their account has been hacked, there is a criminal trying to scam you impersonating your friend. So, anything to do with Facebook Payments: Think Before You Click!
For KnowBe4 customers, we have a new pre-made security awareness training phishing template for you in the Social Media Templates section. I strongly suggest you send this to your users rather sooner than later!
If you are not a KnowBe4 customer yet, new school security awareness training which combines web-based on-demand training by a social engineering expert, combined with frequent simulated phishing attacks is a must these days to protect your organization against these kinds of attacks. Find out how affordable this is today: