Digital Payment Frauds: The Case of Zelle
Ph.D. in U.S. History, Columbia University in the City of New York
Post-Doctoral Researcher in Global Correspondent Banking, 1870-2000 – Mexico and South America, University of Oxford
This post is also available in:
In 2020, nearly 18 million U.S. customers were victims of scams involving digital wallets and person-to-person paymentA transfer of funds which discharges an obligation on the part of a payer vis-à-vis a payee. More apps, according to Javelin Strategy & Research. Payment app fraud is second only to fraudulent credit card transactions, according to Aite-Novarica Group.
Zelle Emulates CashMoney in physical form such as banknotes and coins. More Payments’ Instant SettlementThe discharge of an obligation in accordance with the terms of the underlying contract. In e-transfers the settlement may take days, whereas cash settlements are instantaneous and irreversible. More
In 2011, Bank of America, JPMorgan Chase, and Wells Fargo launched clearXChange, a joint venture to develop a mobile payments network. Other banks joined them, including Capital One, PNC Bank, Truist, and U.S. Bank. In June 2017, the bank consortium Early Warning Services launched Zelle (from gazelle), a payment network enabling nearly 86 million customers to send and receive payments via banking apps.
Zelle has become the most popular mobile payments solution in the United States, with transfers going from $75 billion in 2017 to $490 billion in 2021. With Zelle, banks sought to compete against payment apps (such as PayPal Venmo and Square Cash) and digital wallets (Apple Pay and Samsung Pay).
Zelle’s real-time transfers enable recipients to use funds immediately and for free. That immediacy allows fraudsters to siphon away thousands of dollars in seconds. Reversing transfers is usually impossible.
Users’ Impersonation
Zelle assumes that users’ phone numbers or email addresses are unique and that users will not impersonate others on the platform. Scammers have used this vulnerability to mimic their victims.
- Brian Kemm sent $300 to his mom, Carol, via Zelle. Both Mse Bank of America customers, but Ms. Kemm did not receive the funds. “She told me she didn’t get it, and my first thought was, ‘Mom, you’re not being very tech-savvy. Eventually, after a few days, I realized it really didn’t get there,” said Brian. He discovered that a JPMorgan Chase customer had registered the same phone number as Ms Kemm and had received the funds.
Users Are Liable, Even with Stolen Phones and Cloned SIMs
Bruce Barth lost his phone in late 2020. A thief accessed Barth’s digital wallet, used his credit card, withdrew cash at an ATM, and made three Zelle transfers for $2,500. Bank of America refunded Barth’s cash and credit card losses, but it denied his Zelle claims, as the transfers were validated with authenticationThe process of proving that a banknote or security document is genuine. More codes, even though his phone was stolen.
“It’s like the banks have colluded with the sleazebags on the street to be able to steal. I filed grievances with every agency I could get my hands on, locally and nationally. Every response I got was useless,” said Barth.
In March 2022, a thief robbed Argelys Oriach at gunpoint, asking for his iPhone and passcode. The thief drained $8,294 from Oriach’s accounts at Capital One, using payment apps including Zelle. Capital One refunded just $250 to Oriach, saying the transactions were legitimate.
“I filed a police report, identified the suspect at a precinct and even testified at a grand jury. But none of that seems to have helped my case,” said Oriach.
“Me-to-Me” Scams
In “me-to-me” frauds, thieves impersonating bank officials trick their victims into surrendering sensitive information.
- Jane Butler, a Wells Fargo customer, received a call to hand over one-time passcodes. The fraudsters used that information to make six Zelle transfers from Butler’s account, totaling $2,500.
- Julia Gibson received a provisional credit from Wells Fargo after losing $2,500 in a Zelle scam. However, the bank decided hers was not a fraudulent loss and rescinded the credit, sending Gibson’s balance to zero and incurring overdraft fees.
Banks’ Denial and Obfuscation
Banks’ officials and customer service representatives are aware of widespread fraud on Zelle.
- “The banker I spoke with was not surprised at all. He stated he was aware this sort of scam was going around,” said Cory McWilliams, a Wells Fargo customer in Houston who lost $1,000 to cyber thieves.
- “A lot of people are getting scammed on Zelle this way. Many people [are] getting hit for thousands of dollars,” said a Wells Fargo representative to Justin Faunce, who lost $500 after a fraudster tricked him into giving him access to Zelle.
U.S. banks balk at refunding customers for Zelle scams, arguing that U.S. federal rules (Regulation E) require them to cover only “unauthorized” transactions. Regulation E was written in 1978, decades before payment apps emerged.
Customers’ Complaints Prompt Legislative Action
Many customers have filed class-action lawsuits against Bank of America, Capital One, and Wells Fargo, claiming that their banks did not do enough to protect them against fraud via Zelle.
On April 25, 2022, Senators Elizabeth Warren and Bob Menendez asked Al-Ko, the CEO of the bank consortium Early Warning Services, about Zelle’s actions to protect consumers from scams. Warren and Menendez said
“Alarmingly, both your company and the big banks which both own and partner with the platform have abdicated responsibility for fraudulent transactions, leaving consumers with no way to get back their funds. Zelle’s biggest draw – the immediacy of its transfers – also makes scams more effective and a ‘favorite of fraudsters,’ as consumers have no option to cancel a transaction even moments after authorizing it. And banks have chosen to let consumers suffer, blaming them for authorizing fraudulent transactions. […] Your company and the banks have a clear responsibility to more aggressively protect consumers.”
Regulators Act After Banks’ Inaction
In 2020, the Consumer Financial Protection Bureau (CFPB) instructed banks to reimburse losses on Zelle transactions “initiated by a person other than the consumer without actual authority to initiate the transfers – i.e., the fraudster.”
The CFPB’s updated guidance protects victims through fraud or robbery, but it doesn’t help those who physically use their phones in scams to transfer funds via Zelle. The changes “caused a lot of angst and confusion for banks. Regulation E. was never intended for instant movement products,” said payments consultant Peter Tapling.
In an April 2022 meeting of the Senate Banking Committee, Senator Bob Menendez asked the CFPB’s director Rohit Chopra about the rise in scams using Zelle and other payment apps. “The fraud has gotten more egregious that we’re seeing through P.-to-P. [person-to-person] payment transfers,” said Chopra.
Last week, The Wall Street Journal reported that the CFPB is preparing to force banks to pay back more victims of scams through Zelle and other payment apps connecting to consumers’ bank accounts. Per the new guidance, fraudulently-induced transactions would be considered unauthorized, even if the consumer approves them. Banks and industry groups are likely to fight against the updated guidance.
This post is also available in: