Zelle Fraud Is On The Rise And Many Victims Are Denied Refunds

When seven of the biggest banks in America saw that their customers liked using apps to send instant peer-to-peer payments, they rolled out Zelle through a jointly owned company called Early Warning Services in 2017 and quickly began processing billions in payments annually. By 2021, Zelle was processing nearly twice the number of payments as Venmo, but as the volume of Zelle payments increased, so did rumors about increased fraud. Scammed Zelle users complained to the New York Times that Zelle did not always reimburse customers who reported stolen money.

Suspicious after mounting anecdotal reports, one of the toughest policymakers on banks, Senator Elizabeth Warren (D-MA), launched an investigation. She demanded data from all seven of the big banks: JPMorgan Chase, Wells Fargo, US Bank, PNC, Capital One, Bank of America, and Truist. Only four banks complied. However, Warren’s report released this week shows that even half the data she sought was enough to show that “fraud is growing” on Zelle and that “the banks are not refunding the vast majority of defrauded consumers, breaking their promises to their customers and potentially violating federal law.”

According to Warren’s analysis of data shared by US Bank, PNC, Bank of America, and Truist, these four banks alone are “on pace to receive scam and fraud claims in excess of $255 million in 2022,” a dramatic spike compared to $90 million in 2020.

The majority of these claims—totaling more than 190,000 cases disputing $213 million in payments in 2021 and half of 2022—involved customers who were induced to make fraudulent payments by scammers. Only three banks provided complete data to Warren, which showed they repaid scammed customers in less than 10 percent of cases.

Warren’s report says that the banks are relying on federal laws— the Electronic Fund Transfer Act and the Consumer Financial Protection Bureau’s (CFPB) “Regulation E”—which “require that the banks repay customers when funds are illegally taken out of their account without authorization.” But crucially, banks don’t have to pay if people authorize such payments, which is happening here, even if the payments are made to scammers. Now Warren is pushing CFPB to clarify Regulation E so that banks must acknowledge this method of attacking consumers as fraudulent and unauthorized.

More troubling is Warren’s suggestion that banks are also potentially breaking current law by not reimbursing unauthorized fraudulent charges. Warren says that the three banks who shared data revealed that they only reimbursed consumers for 47 percent of unauthorized payments that they should be legally required to reimburse every time.

A spokesperson for Early Warning Services did not comment on the allegations of violating federal law but did tell told Ars that where Warren sees an increase in fraudulent activity year to year, Early Warning Services sees a decrease in fraudulent activity proportional to its growing userbase.

“Tens of millions of consumers use Zelle without incident, with more than 99.9 percent of payments completed without any report of fraud or scam,” Early Warning Services’ spokesperson told Ars. “Zelle usage has grown significantly since its launch, from 247 million transactions in 2017 to 1.8 billion in 2021, while the proportion of fraud and scams has steadily decreased.”

Common scams that banks aren’t required to reimburse

Warren reports that banks tell consumers that Zelle has a zero liability policy for fraud—but that banks know that Zelle’s policy excludes increasingly common scams known as “spoofing” and “me-to-me” scams.

When spoofing, scammers use “a reputable institution’s name or branding to induce a fraudulent payment.” Cases of “me-to-me” scams involve the “use of a consumer’s own contact information to disguise a payment” to a scammer’s account, leading the consumer to think that they’re sending a payment to their own account when they are not. In both cases, because consumers initiate payment, banks aren’t legally required to reimburse consumers making claims of fraudulent activity.

Both types of scams happened at once to one Wells Fargo customer who told the New York Times that the scammer linked their own bank account to the customer’s account, then called the customer from a number that the customer’s cellphone displayed as a valid call from Wells Fargo. The scammer posed as a Wells Fargo agent and got the customer to send a $500 payment to his own phone number before the customer got suspicious and disconnected. Later, Wells Fargo “repeatedly rebuffed” the customer’s claims of fraudulent activity on his Zelle app.

For some Zelle users, the cost of getting scammed can be much higher. Warren reported that consumers in Massachusetts, Georgia, Illinois, and California have reported losses of thousands of dollars from these scams, and “in many cases, consumers reported losses that could significantly impact their small business and even wipe out their life savings.”

According to Warren, Zelle distinguishes between fraud—unauthorized charges that are reimbursable—and scams—authorized charges that are fraudulently induced. Banks have argued that scam claims can be harder to verify; they say that what’s needed isn’t more bank regulations but better cooperation between banks and law enforcement investigating scam claims.

It’s hard to know the full extent of the problem without data from all 1,700 banks and credit unions that use Zelle. Since 2021, CFPB has collected hundreds of scam claims. Some banks reported data to Warren showing total scam activity that banks considered authorized and therefore not reimbursable, which happened in 2021 and six months into 2022. Data from Truist reported 7,223 scam cases involving over $5.4 million in payments, US Bank reported 21,794 cases involving over $13.6 million, and PNC reported 6,831 cases involving nearly $6.9 million. Chase, Wells Fargo, and Capital One did not provide this requested data to Warren.

Because Regulation E is currently vague, not all banks agree on how to manage spoofing and “me-to-me” scams. Some banks, like Truist, specifically do not include authorized scam activity under Zelle’s zero liability policy, but other banks reportedly do reimburse some scam activity. Chase Head of US Government Relations, Michelle Mesack, told Warren in a letter provided to Ars that Chase reimburses “me-to-me” scams, “even though this would be considered an authorized transaction under Regulation E.”

READ MORE HERE