$870M in Zelle fraud losses spark lawsuit against platform, 3 major banks

The Zelle payment app opened the door for crooks and con artists to steal hundreds of millions of dollars from consumers over several years, and some big banks are to blame for a chaotic rush to roll out the platform, according to the Consumer Financial Protection Bureau.

The financial regulators Friday sued Bank of America, JP Morgan Chase and Wells Fargo saying they failed to protect consumers from widespread fraud on the popular peer-to-peer payment network. The independent agency also sued the operator of Zelle, called Early Warning Services.

The CFPB put Zelle-related fraud losses at more than $870 million involving customers at just the three banks alone over seven years since the launch of the app in 2017.

Zelle disputes how the CFPB reached the $870 million figure. A Zelle spokesperson issued a statement, saying, "The CFPB’s headline grabbing number is misleading, as many reported fraud claims are not found to involve actual fraud after investigation."

In some cases, banks say, a customer might report fraud but maybe the customer later remembers that they did make a certain purchase. So, it's not fraud, after all. Or maybe a criminal is trying to exploit the network by submitting a false claim.

The CFPB figure, banks said, is based on total fraud claims minus what banks paid out in losses. But banks said all claims do not involve actual fraud or end up being a case where banks are required by law to reimburse a customer using a payment app, such as if they were tricked into paying $500 or $1,000 as part of an online puppy-for-sale scam.

Hundreds of thousands of consumers filed complaints after getting hit by fraud, according to the CFPB, and they were largely denied assistance. In some cases, the CFPB said, some consumers were told to contact the fraudsters directly to recover their money.

'A gold mine' for fraud

Rohit Chopra, director of the CFPB, told journalists on a conference call Friday that the major financial institutions failed to fix glaring flaws in the system while marketing Zelle's near-instant electronic money transfers as safe.

"What they built became a gold mine for criminals," Chopra said.

Bankers see a 'last ditch effort' by CFPB

Bankers defended the safety of the Zelle app, saying the CFPB was overreaching in its actions.

Zelle said in a statement to the Detroit Free Press, part of the USA TODAY Network, that the CFPB was attempting to expand the existing law and appeared to be timing the lawsuit on political factors unrelated to Zelle.

Bill Halldin, a spokesperson for Bank of America, said in a statement to the Detroit Free Press that the bank strongly disagreed with the “CFPB’s effort to impose huge new costs on the 2,200 banks and credit unions that offer the free Zelle service to clients.”

He noted that “23 million Bank of America clients have embraced Zelle, regularly using it to send money to friends, family and people they trust.”

Bank of America said it works directly with customers when they have an issue.

Trish Wexler, a JPMorgan Chase spokesperson, called the CFPB's December lawsuit "a last ditch effort in pursuit of their political agenda."

"The CFPB is now overreaching its authority by making banks accountable for criminals, even including romance scammers," Wexler said in an emailed statement to the Free Press.

"It’s a stunning demonstration of regulation by enforcement, skirting the required rulemaking process," Wexler continued.

The Consumer Bankers Association issued a statement Friday, defending the bank's actions.

"Banks have rigorously followed the law in characterizing and offering services through Zelle, yet the CFPB today has moved the goalposts, suggesting that ‘being safe’ means something other than what Congress has defined in law," said Lindsey Johnson, president and CEO of the Consumer Bankers Association.

Chalk up one more heated issue that could be in play in Washington in 2025.

President-elect Donald Trump and Republicans in Congress are expected to try to vastly limit the CFPB's powers.

The CFPB was launched after the 2008-09 recession as part of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act.

The scams are real and so are the losses

Consumers have been upset for years after being hit with a long list of scams, which can involve money being withdrawn from their bank accounts via Zelle. Crooks didn't need to send their victims out to buy gift cards when they could get instant cash via a payment app, like Zelle.

Over the years, I've talked with many consumers at all sorts of financial institutions who faced massive headaches because crooks knew the maneuvers to make, often starting by impersonating a bank or someone else, to steal money from a bank account via the Zelle app.

Too many times, the consumer told me, they were stuck on the hook and out the cash.

One consumer watchdog group called the CFPB's legal action "an important step in holding payment systems accountable for enabling fraudulent and unauthorized payments."

“Payment fraud impacts all Americans across many communities, young and old,” Carla Sanchez-Adams, senior attorney at the National Consumer Law Center, said in a statement.

“The CFPB is standing up for people who weren’t able to get the big banks to take their claims of fraud seriously and return their hard-earned money.”

PIRG’s research arm, the U.S. PIRG Education Fund, has been persistently raising awareness about fraud and other problems involving peer-to-peer payment apps, such as Zelle. The group issued a report called "Virtual wallets, real complaints" in June 2021.

Mike Litt, PIRG’s consumer campaign director, said consumers have had problems with fraud on Zelle for years.

"Hopefully, the CFPB’s lawsuit can change that," Litt said in a statement.

"These troubling alleged practices need to be addressed by all parties as quickly as possible. It’s crucial that in our increasingly cashless age, we have digital financial systems that the public can trust and use without fear of losing their money.”

What is often debated is what kind of fraud would be covered under existing banking rules. Did the consumer send the money willingly via a romance scam – or do something that isn't covered? Regulators are pushing banks to cover something new called “induced fraud” when a customer is tricked into sending money under false pretenses.

Last year, I reported that, after much public pressure, the network operator of Zelle had agreed to implement new requirements to "mandate consumer reimbursement for certain types of scams" on the Zelle Network. But Zelle was not specific about the kinds of scams for which people would be reimbursed.

Consumers can report fraud to their banks and submit complaints with the CFPB at www.consumerfinance.gov/complaint.

What the CFPB said about Zelle

The CFPB's complaint Friday takes aim at how the Zelle system itself worked and allegedly enabled fraud, too.

Chopra said the CFPB's investigation uncovered two major patterns of account takeover fraud that banks failed to address.

Some criminals, he said, would obtain one-time passcodes that could be used to take over accounts.

Other bad actors, he said, would physically steal phones or devices with banking apps installed to make immediate, unauthorized transfers.

"In case after case," he said, "banks routinely denied requests for help, turning a blind eye, even when customers provided clear evidence that criminals had taken over their accounts and that the transactions were unauthorized, including police reports documenting the crimes."

The lawsuit charged that more than $360 million in losses associated with Zelle-related fraud hit 420,000 Chase customers; some 210,000 Bank of America customers complained that they lost $290 million; and 280,000 Wells Fargo customers complained of losing more than $220 million.

The Zelle system, Chopra said, made it easy for fraudsters to move money quickly. And many consumers found it nearly impossible to get their money back.

Many times, Chopra said, the banks didn't do enough to stop suspicious activity across the banking system.

"When one bank detected fraud and closed an account, nothing stopped the criminal from hopping to another bank and starting fresh when fraud occurred," Chopra said.

Chopra said the three banks systematically failed their customers hit by fraud on Zelle.

Big banks, regulators said, joined forces to launch Zelle once the banks saw that they were losing out to other money transfer platforms, such as CashApp, Venmo and PayPal. But the regulators say the move to rush the Zelle network to the market to compete against growing payment apps was done without implementing effective consumer safeguards.

Early Warning Services, which designed and operates Zelle, is co-owned by seven big banks – Bank of America, Capital One, Chase, PNC Bank, Trust, U.S. Bank and Wells Fargo. Early Warning Services is a financial technology and consumer reporting company based in Scottsdale, Arizona.

The Zelle payment system is massive. Back in 2021 alone, about 1.8 billion payments – totaling $490 billion – were sent by consumers and businesses through the Zelle Network, according to Early Warning Services. Total dollars transferred were up 59% from 2020.

The regulators are not suing the other banks that co-own Zelle, noting that a bulk of the transactions involve the three banks being sued.

The CFPB said it is seeking to stop the "alleged unlawful practices, secure redress and penalties, and obtain other relief."

Consumers have reported losses related to fraud and Zelle at a wide range of financial institutions, however, regulators did not address those losses in the media call. Some 2,200 participating financial institutions offer the Zelle app to customers with U.S.-based deposit accounts.

The lawsuit points out that Zelle is embedded in the mobile apps of Bank of America, Wells Fargo and Chase and consumers cannot remove the Zelle function.

From the start, according to the legal complaint, Zelle's marketing and branding "exploited consumers' perceptions of reliability and security."

Specific charges of failing to prevent fraud

The CFPB said Friday that the defendant banks failed to implement appropriate fraud prevention and detection safeguards. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo and Early Warning Services violated federal law through critical failures including:

What Zelle has to say

Jane Khodos, a Zelle spokesperson, emailed a statement to the Free Press, saying that the CFPB's lawsuit will hurt consumers, as well as small businesses, community banks, minority-owned banks and credit unions.

"Zelle leads the fight against scams and fraud and has industry-leading reimbursement policies that go above and beyond the law," according to the company's statement.

"The CFPB’s misguided attacks will embolden criminals, cost consumers more in fees, stifle small businesses and make it harder for thousands of community banks and credit unions to compete," Zelle said.

In 2023, Zelle said in its defense, the company saw a 27% increase in transaction volume but reports of scams and fraud decreased by nearly 50%. Some 99.95% of payments were sent without reports of scams and fraud.

Zelle also took issue over when consumers must be reimbursed under the law, which has been a point of contention between banks and consumer watchdog groups.

"Zelle reimburses customers for all instances of fraud as required by the law under the Electronic Funds Transfer Act and Reg E, and today’s litigation from the CFPB does not dispute that fact," Zelle stated.

Zelle said it also goes "above and beyond what is required by law and reimburses customers for certain types of scams where the customer authorized the transaction."

Zelle said the CFPB, through the lawsuit, "would be simultaneously creating and enforcing entirely new legal requirements that go well beyond what Congress authorized the CFPB to do."

Regulation E

At issue is how much ability the CFPB has to expand consumer protections under what's known as Regulation E. The banks say the CFPB is overreaching its authority.

Zelle said the "CFPB is attempting to impermissibly expand the law to require banks to reimburse consumers for transactions they authorized, which goes well beyond the clearly defined requirements established by Congress in the Electronic Funds Transfer Act."

Consumers need to be suspicious of every contact that appears to be made from a financial institution or other trusted entity – and recognize that often you might not get any money back from the bank in cases of fraud. Do not try to resolve a problem quickly – say a call about unpaid taxes – by agreeing to transfer money via a payment app.

A U.S. Senate permanent subcommittee on investigations in July, for example, disclosed that nearly two-thirds of consumers were not reimbursed for their losses in 2023 when they disputed a transaction after falling victim to scams involving Zelle at three major banks: Chase, Bank of America and Wells Fargo. Nearly $102.3 million was not reimbursed in 2023, according to the report.

The subcommittee found several areas where Congress, regulators and companies that participate in the Zelle Network could take steps to improve consumer protection, including amending the Electronic Fund Transfer Act to require financial institutions to reimburse consumers for “fraudulently induced” authorized transactions.

It was also recommended that the CFPB update Regulation E to require financial institutions to provide greater transparency and clarity on what constitutes a “reasonable” investigation. The goal is to create a higher standard for dispute investigations, giving banks a minimum set of requirements.

Source