Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.

Digital Payment Frauds: The Case of Zelle

Categories : Cash does not require a technology infrastructure, Cash enables an immediate transfer of value, Cash generates security
August 10, 2022
Tags : Digital payments, Mobile Payments, payment fraud, Security, US
Millions of U.S. customers use payment apps and solutions to transfer money. But free, fast, and convenient mobile payments also attract criminals, fraudsters, and scammers.
Manuel A. Bautista-González

Ph.D. in U.S. History, Columbia University in the City of New York

Post-Doctoral Researcher in Global Correspondent Banking, 1870-2000 – Mexico and South America, University of Oxford

This post is also available in: Spanish

In 2020, nearly 18 million U.S. customers were victims of scams involving digital wallets and person-to-person payment apps, according to Javelin Strategy & Research. Payment app fraud is second only to fraudulent credit card transactions, according to Aite-Novarica Group.

Zelle Emulates Cash Payments’ Instant Settlement

In 2011, Bank of America, JPMorgan Chase, and Wells Fargo launched clearXChange, a joint venture to develop a mobile payments network. Other banks joined them, including Capital One, PNC Bank, Truist, and U.S. Bank. In June 2017, the bank consortium Early Warning Services launched Zelle (from gazelle), a payment network enabling nearly 86 million customers to send and receive payments via banking apps.

Zelle has become the most popular mobile payments solution in the United States, with transfers going from $75 billion in 2017 to $490 billion in 2021. With Zelle, banks sought to compete against payment apps (such as PayPal Venmo and Square Cash) and digital wallets (Apple Pay and Samsung Pay).

Zelle’s real-time transfers enable recipients to use funds immediately and for free. That immediacy allows fraudsters to siphon away thousands of dollars in seconds. Reversing transfers is usually impossible.

Users’ Impersonation

Zelle assumes that users’ phone numbers or email addresses are unique and that users will not impersonate others on the platform. Scammers have used this vulnerability to mimic their victims.

Users Are Liable, Even with Stolen Phones and Cloned SIMs

Bruce Barth lost his phone in late 2020. A thief accessed Barth’s digital wallet, used his credit card, withdrew cash at an ATM, and made three Zelle transfers for $2,500. Bank of America refunded Barth’s cash and credit card losses, but it denied his Zelle claims, as the transfers were validated with authentication codes, even though his phone was stolen.

“It’s like the banks have colluded with the sleazebags on the street to be able to steal. I filed grievances with every agency I could get my hands on, locally and nationally. Every response I got was useless,” said Barth.

In March 2022, a thief robbed Argelys Oriach at gunpoint, asking for his iPhone and passcode. The thief drained $8,294 from Oriach’s accounts at Capital One, using payment apps including Zelle. Capital One refunded just $250 to Oriach, saying the transactions were legitimate.

“I filed a police report, identified the suspect at a precinct and even testified at a grand jury. But none of that seems to have helped my case,” said Oriach.

“Me-to-Me” Scams

In “me-to-me” frauds, thieves impersonating bank officials trick their victims into surrendering sensitive information.

Banks’ Denial and Obfuscation

Banks’ officials and customer service representatives are aware of widespread fraud on Zelle.

U.S. banks balk at refunding customers for Zelle scams, arguing that U.S. federal rules (Regulation E) require them to cover only “unauthorized” transactions. Regulation E was written in 1978, decades before payment apps emerged.

Customers’ Complaints Prompt Legislative Action

 Many customers have filed class-action lawsuits against Bank of America, Capital One, and Wells Fargo, claiming that their banks did not do enough to protect them against fraud via Zelle.

On April 25, 2022, Senators Elizabeth Warren and Bob Menendez asked Al-Ko, the CEO of the bank consortium Early Warning Services, about Zelle’s actions to protect consumers from scams. Warren and Menendez said

“Alarmingly, both your company and the big banks which both own and partner with the platform have abdicated responsibility for fraudulent transactions, leaving consumers with no way to get back their funds. Zelle’s biggest draw – the immediacy of its transfers – also makes scams more effective and a ‘favorite of fraudsters,’ as consumers have no option to cancel a transaction even moments after authorizing it. And banks have chosen to let consumers suffer, blaming them for authorizing fraudulent transactions. […] Your company and the banks have a clear responsibility to more aggressively protect consumers.”

Regulators Act After Banks’ Inaction

In 2020, the Consumer Financial Protection Bureau (CFPB) instructed banks to reimburse losses on Zelle transactions “initiated by a person other than the consumer without actual authority to initiate the transfers – i.e., the fraudster.”

The CFPB’s updated guidance protects victims through fraud or robbery, but it doesn’t help those who physically use their phones in scams to transfer funds via Zelle. The changes “caused a lot of angst and confusion for banks. Regulation E. was never intended for instant movement products,” said payments consultant Peter Tapling.

In an April 2022 meeting of the Senate Banking Committee, Senator Bob Menendez asked the CFPB’s director Rohit Chopra about the rise in scams using Zelle and other payment apps. “The fraud has gotten more egregious that we’re seeing through P.-to-P. [person-to-person] payment transfers,” said Chopra.

Last week, The Wall Street Journal reported that the CFPB is preparing to force banks to pay back more victims of scams through Zelle and other payment apps connecting to consumers’ bank accounts. Per the new guidance, fraudulently-induced transactions would be considered unauthorized, even if the consumer approves them. Banks and industry groups are likely to fight against the updated guidance.

This post is also available in: Spanish