By Joseph Moss, International Banker
On October 3, the United States Senate published a report revealing that rampant fraud and theft had been occurring on the popular digital payments network Zelle and was continuing to increase. And with the banks that jointly own the service blatantly refusing thus far to compensate customers impacted by these thousands of scams, concern is growing over whether financial regulatory frameworks are sufficiently robust in the world of online instant payments.
The Senate Committee on Banking, Housing, and Urban Affairs (BHUA) published the report following the opening of an investigation into Zelle and its owner and operator, Early Warning Services (EWS), by Senator Elizabeth Warren in April 2022; several key reports—most notably from the New York Times—had found that bad actors prolifically used the platform to defraud customers by abusing its instantaneous, easy-to-exploit transfer system. The report also detailed Warren’s findings of the fraud data provided by the consortium of banks that own and operate Zelle and EWS—Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank and Wells Fargo—and jointly set up the company five years ago.
Launched in June 2017, Zelle offers an electronic peer-to-peer (P2P) service for Americans to send and receive money, competing with other similarly renowned P2P players such as Venmo and Cash App. It charges no transaction fees and is estimated to work with around 1,700 banks and credit unions. Last year, Zelle processed a whopping $490 billion worth of transactions, up 59 percent from the previous year, thus making it easily the largest P2P system in the United States—for comparison, the next biggest, Venmo, handled $230 billion in transactions.
The report’s findings were telling, to say the least. For one, Zelle is aware of several scam strategies, including “spoofing” and “me-to-me” scams. The former involves the scammer using “a reputable institution’s name or branding to induce a fraudulent payment”, while the latter entails the “use of a consumer’s own contact information to disguise a payment” to a scammer’s account, which tricks the consumer into believing that he/she is sending a payment to his/her own account. As the New York Times reported in March, one consumer lost $500 to a scammer impersonating a Wells Fargo official. But the bank said the transaction was not fraudulent because the consumer had authorised the transaction, despite being tricked into doing so.
The report also found that fraud and theft remain rampant on Zelle and are rising, despite the big banks that own the service continuing to market it to customers as a safe and secure platform. Bank of America says Zelle is “a safe and easy way to send money fast”, for instance, while Wells Fargo tells its customers that it is “fast, safe, and convenient”. Early Warning Services, Zelle’s parent company, brands itself as “innovative,” “collaborative” and “trustworthy”. And yet fraud and scams on Zelle continue to grow in frequency; for example, PNC Bank reported that such claims from customers rose from 8,848 in 2020 to more than 12,300 in 2022, while U.S. Bank reported a sharp increase in claims from 14,886 in 2020 to what is expected to surpass 45,000 for 2022. The report also noted that the four banks that reported the relevant data received scam and fraud claims worth more than $90 million in 2020, which are expected to surpass $255 million this year. Those lenders also reported more than 190,000 cases of scams involving more than $213 million in payments in 2021 and the first half of 2022.
Although the banking consortium initially refused to hand over any data pertaining to the extent of the fraud, a hearing before the BHUA Committee on September 22 saw the big banks’ chief executive officers being further pressured to provide the necessary information regarding the volume of and procedures for addressing fraud on their Zelle platform. The hearing saw Senators Warren and (Bob) Menendez receive an agreement from a handful of chief executives to provide the requested information. That said, JPMorgan Chase, Wells Fargo and other major banks continued to stall on providing key information. “New internal data from the big banks shows that their platform Zelle is rampant with fraud and theft, and few customers are getting refunded—potentially violating federal laws and consumer rules,” said Senator Warren. “Despite their CEOs’ promises to the Senate Banking Committee, JPMorgan and Wells Fargo have still not turned over complete data, and I’ll keep fighting for stronger consumer protections and to hold all these banks accountable for abuse.”
Even more astonishingly, banks remain reluctant to compensate their customers for the vast majority of fraud cases that nefariously relieved them of their money. The three banks that provided full data repaid customers in only 9.6 percent of scam claims worth $2.9 million (or 11 percent of payments). And consumers were reimbursed for only 47 percent of the dollar amount of cases in which they reported unauthorized payments on Zelle in 2021 and the first half of 2022.
The report noted that the banks that were refusing to repay customers who contested “unauthorized” Zelle payments might be violating federal law and Consumer Financial Protection Bureau (CFPB) rules. Some have argued that the banks are specifically violating the federal Electronic Fund Transfer Act (EFTA), which protects consumers from liability for those unauthorised transfers occurring without their explicit approval, as well as Regulation E, which applies to P2P or mobile-payment transactions that meet the definition of “electronic fund transfer”, including debit card, Automated Clearing House (ACH), prepaid account and other electronic transfers to or from a consumer account.
“All of your banks have promoted Zelle, the payment app that most of you own. You pushed this on customers—but you haven’t taken responsibility for the fraud that it’s perpetuated,” Senator Sherrod Brown, the chairman of the BHUA Committee, told the banks at the September 22 hearing, entitled “Annual Oversight of the Nation’s Largest Banks”. And Warren’s office added, “Big banks own and profit from Zelle but are failing to make their customers whole for both authorized and unauthorized fraudulent activity on the platform, despite their claims that it is safe.” A separate class-action lawsuit in which a college student alleged she was conned out of money also argued that when consumers are induced to send money to bad actors as part of a scam, such a transfer is considered as “unauthorized”.
But Zelle claims to have a “zero liability policy” when criminals gain access to a consumer’s account and make fraudulent payments. Should a consumer send money to another party who has taken the consumer’s money under false pretences, Zelle believes that such a transfer is considered “authorized”, and it remains compliant under the law. In spoofing and me-to-me scams, Zelle argues consumers initiate the payments, and banks are not legally required to reimburse scammed consumers. On the company’s webpage created for customers to report a scam, therefore, Zelle states, “While we are unable to assist with getting your money back, it is important to us that users have the ability to report this experience. We will report the information you provide to the recipient’s bank or credit union to help prevent anyone else from having the same experience.”
Zelle has also downplayed the report’s findings. “Tens of millions of consumers use Zelle without incident, with more than 99.9% of payments completed without any report of fraud or scam,” the company stated, adding that “the proportion of fraud and scams has steadily decreased as its user numbers have climbed”. According to the banking industry group Bank Policy Institute (BPI), moreover, Zelle’s peers Venmo and Cash App receive more reports of disputed transactions. “Zelle is the safest peer-to-peer network,” it claimed in a statement. “For any real discussion of online fraud, the focus belongs elsewhere.”
The ultimate judgement for Zelle could lie in the hands of the CFPB. “Reports and consumer complaints of payments scams have risen sharply, and financial fraud can be devastating for victims,” a CFPB spokesman told the Los Angeles Times. “The CFPB is working to prevent further harm, including by ensuring that financial institutions are living up to their investigation and error-resolution obligations.” Senator Warren, meanwhile, has reiterated that the CFPB has regulatory authority over Zelle and other peer-to-peer platforms and is reportedly considering issuing guidance clarifying the scope of Regulation E. “The agency must act to clarify and strengthen ‘Regulation E,’ and to include fraud in the Regulation’s error resolution purview,” Warren added.