Interac e-Transfer® Fraud
Interac e-Transfer security
Interac e-Transfers are an increasingly popular way to transfer funds for both personal and business members. Unfortunately, as e-Transfers grow in popularity, they become an increasingly appealing target for cyber-criminals looking to intercept funds.
At Coast Capital, we're committed to ensuring the security of our systems. But you have an important role to play in ensuring your email accounts are secure and passwords used to claim and deposit e-Transfers remain confidential and are difficult to guess.
Knowledge is the best first-line of defence
For more resources, articles and tips about fraud protection, visit our Help Hub.
An intercepted e-Transfer is when fraudsters divert legitimate transfers from intended recipients to accounts they control. They do this through information gathered from compromised email accounts unsecured electronic devices.
Oftentimes intended recipients click on a phishing link which enables cyber-criminals to download malware or other monitoring software onto a device. This allows them to monitor and intercept incoming transfers.
How to protect against intercepted e-Transfers
Whether you are sending or receiving an e-Transfer, there are do's and don'ts to help ensure the secure transfer of funds.
- Don’t include the answer to your security question in the transfer itself.
- Don’t share the answer to your security question via email, text or other channels such as social media.
- Don’t use the same security question and same answer for all e-Transfers you send.
- Do select a security question/answer that is not generic and would be difficult to guess. Example: Don't use "Yes" or "No" responses as answers.
- Do use challenging and unique security questions and answers for each transfer you send.
- Do share the answer to the security question via a secure method like a phone call.
- Do double check the recipient’s email or phone number is correct before sending the transfer (if unsure, confirm with the recipient via a phone call).
- Do inform the recipient when you send them an e-transfer so they can deposit it right away.
- Do sign up for autodeposit. With the Interac autodeposit feature, the funds are directly deposited into the recipient’s account, minimizing the risk of interception if your email is compromised.
- Don’t share passwords for any of your accounts with anyone.
- Don’t use easily guessed passwords or the same password for all of your accounts.
- Don’t leave e-transfer notifications sitting in your inbox. Deposit promptly after receipt.
- Do ensure that your systems are secure and protected by updating all security software regularly.
- Do activate multi-factor authentication for your email accounts (common feature offered by email providers such as Gmail, Yahoo, Outlook, etc.).
We've answered some of the most common questions about e-Transfer interception.
We are confident that our technology systems and the Interac e-Transfer system is safe and secure, and that is why we use it. However, notifications of e-Transfers are received by email, and passwords are communicated by senders outside of those systems online.
It is also recommended that you set up the Interac auto-deposit feature for more secure transfers.
Autodeposit is the most effective way to mitigate the intercept threat. With autodeposit, the sender’s financial institution passes the e-transfer request on to Interac. Interac receives the e-transfer request, automatically deposits the funds into the recipient’s designated account and notifies the recipient. This leaves no opportunity for a fraudster to intercept, even if the recipient’s email account is compromised.
If there has been a compromise of the recipient’s device or email and the recipient uses the password-required method for deposit, there is a risk of having e-Transfers intercepted. It's harder to intercept an e-Transfer if you practice good cybersecurity habits and keep software up-to-date on your devices, use passwords that are hard to guess, and deposit incoming e-Transfers right away.
As a best practice, we recommend setting up Interac’s autodeposit feature for yourself and encouraging others to do the same if you’re sending them an e-Transfer.
No. E-Transfer intercept fraud is not the result of a hack of Coast Capital’s systems. Our systems remain safe and secure.
There are three parties involved in an e-Transfer: the sender’s financial institution, the recipient, and the recipient’s financial institution. For a secure e-Transfer, all the three parties need to have security and controls in place. The financial institutions are responsible for the appropriate security and fraud controls to protect their banking systems and individuals are responsible for securing their email accounts and devices.
Cyber-criminals who conduct e-Transfer intercept fraud access the recipient’s systems – including their email accounts – allowing them to deposit funds before the recipient attempts to accept and deposit the funds. The money doesn’t travel by email or text message; that is done between financial institutions using established and secure banking processes.
Once the e-Transfer is sent, the transfer moves from our systems to Interac’s system. There is only a small window of time where, if notified, Coast Capital can work with Interac to trace and attempt to recover the funds. Unfortunately, once the e-Transfer has been deposited, and funds removed from the recipient account (which usually happens very quickly), there is very little Coast Capital, Interac or the recipient’s financial institution can do to recover those funds.
It is imperative to contact us immediately at 1-888-517-7000 if you suspect anything unusual or if the recipient has not received the funds despite notification indicating that your e-Transfer was successful.