U.S. Senators to CFPB: Hold Banks That Own Zelle Accountable for Inadequate Protections to Stop Fraudulently Induced Payments to Crooks | U.S. Senator Jack Reed of Rhode Island (2024)

WASHINGTON, DC -- In an effort to protect consumers and hold banks accountable for fraud conducted using bank-owned instant digital payment networks like Zelle, U.S. Senators Jack Reed (D-RI), Bob Menendez (D-NJ), Elizabeth Warren (D-MA), alongside Senators Sherrod Brown (D-OH), Catherine Cortez Masto (D-NV), and Rev. Raphael Warnock (D-GA), are calling on the Consumer Financial Protection Bureau (CFPB) to update and clarify its rules and guidance for peer-to-peer payments regarding fraudulently induced transactions. Doing so, the Senators say, would provide more consistent and fairer outcomes for consumers requesting reimbursem*nt for scams enabled by the network, prevent fraudsters from easily stealing people’s savings, and help people protect themselves from sophisticated scammers that are increasingly targeting people’s phones and email accounts.

Zelle’s network operator, Early Warning Services LLC, is owned by seven major banks: Bank of America, Capital One, Chase, PNC Bank, Truist, U.S. Bank and Wells Fargo.

Nearly 18 million Americans were victims of scams involving Zelle and other instant payment applications in 2020 and the institutions that participate in the network do not appear to have provided sufficient protection or recourse to their customers for fraudulently induced transactions. The six Senators say that the banks participating in these apps, while touting their convenience, have not worked sufficiently to safeguard consumers and have instead sought to avoid providing reimbursem*nt when their customers are defrauded or scammed. The Senators want banks to ensure mechanisms are in place to reduce fraud that occurs on instant payment apps that they own, operate, control, and market to their customers.

Noting that existing rules don’t keep up with the pace of technology, Reed, Menendez, Warren, Brown, Cortez Masto, and Warnock wrote to the head of the CFPB today: “Determining liability based on whether a consumer or a fraudster physically initiates a transaction is antiquated. This approach developed when consumers transferred money electronically by providing their own bank with the recipient’s account number and routing number, and then waiting days for accounts to be credited and debited. It is not suited for the current system, where consumers need only a cell phone number or username to send peer to peer payments from a mobile device with nearly instantaneous credits and debits. Our nation’s consumer protection rules must evolve to keep pace with the growth of instant payment services like Zelle.

“Following an investigation into reports of widespread fraud on Zelle, we wrote to Zelle’s parent company, Early Warning Services, LLC (EWS) in April 2022, and to the seven banks that own EWS in June 2022. Although EWS failed to answer many of our questions, the response letter confirmed that an existing gap in regulatory authority allowed both EWS and the financial institutions on the platform to avoid liability and deny consumers recourse for fraud, which has cost consumers hundreds of millions of dollars. Given the sheer numbers of consumers using instant payment services such as Zelle and the hundreds of billions transferred through these platforms each year, the inadequacy of current consumer protections is unacceptable.

“We are pleased by recent reports that the agency is considering strengthening Regulation E and expanding liability for operators and owners of these platforms. Indeed, the CFPB has options under its existing authority to protect consumers from the common frauds and scams that occur on these services. The CFPB could clarify that, in certain circ*mstances, a payment is an “error” when a consumer is defrauded into initiating a transfer to a scammer. Indeed, the EFTA already provides the CFPB with authority to prescribe additional categories of “error” transactions that the financial institution—rather than the consumer—should be responsible for correcting. Or the CFPB could issue guidance that a fraudulently induced transaction is an “unauthorized electronic fund transfer” under the EFTA, which could also end up shifting liability from consumers to financial institutions.

“These kinds of approaches would provide more consistent and fairer outcomes than the current rules, which offer no protections against the common scams and frauds that have proliferated on instant payment services like Zelle. To be made whole, consumers now must beg their scammer to return their money, or they must seek voluntary reimbursem*nt from their bank. Neither alternative holds much certainty. According to press reports, one of the nation’s largest banks (which co owns Zelle) has denied reimbursem*nt requests even by customers with a “spotless 25-year history” with the bank. The CFPB should send a strong signal that the agency expects banks under its supervision to bear more responsibility for letting scammers and fraudsters onto services that they developed and that they currently market as safe platforms to send and receive money.

“Raising the bar on banks’ liability would create powerful incentives for Zelle and other instant payment services to invest more in fraud prevention. Current industry efforts are limited to boilerplate pop-up warnings and FAQs that customers should send money only to people they know and that using Zelle is akin to using cash. But these low tech methods are not suited for today’s sophisticated services. The rampant fraud and abuse on Zelle demonstrate that a simple “buyer beware” approach has not worked. And the face-to-face interaction inherent in cash transactions provides a layer of fraud prevention that cannot be replicated online or through a mobile device. A more effective approach would be for the CFPB to expand banks’ liability to encompass a far greater set of fraudulent transactions. If a bank permits a scammer or fraudster onto the platform, then that bank should naturally bear some responsibility when its own customer uses a bank-provided payment service to rip off others—rather than telling customers that it is their fault for being victimized.”

The Senators are concerned that if the banks that participate in these money-transfer services, as well as the receiving institution on the other end, allow the status quo to continue then fraud and theft on these platforms will continue rising exponentially as scammers get more sophisticated and the banks refuse to take action to help consumers who’ve been wronged.

“Given the growing marketing and use of these services, we believe it is essential that the CFPB intervene to protect consumers by more vigorously applying its existing authority under the EFTA and Regulation E, and we are pleased by reports that the agency is considering some of these actions,” the Senators concluded. “We appreciate your attention to this critical matter, and look forward to your prompt reply.”

People who have been scammed using the Zelle app or other methods of payment should immediately contact their bank or credit union to notify their financial institution about the fraudulent transaction and request that action be taken to get the money back from the scammer’s financial institution. If banks don’t take action to stop illicit financial transactions, a complaint may be filed with the CFPB, which tracks complaints and forwards them to financial institutions: www.consumerfinance.gov/complaint. Consumers also can call the CFPB at 855-411-CFPB (2372). People may also report scams to the Federal Trade Commission at: www.ReportFraud.ftc.gov

Full text of the letter follows:

July 20, 2022

The Honorable Rohit Chopra

Director

Consumer Financial Protection Bureau

1700 G Street NW

Washington, DC 20552

Dear Director Chopra:

We write to urge the Consumer Financial Protection Bureau (CFPB) to protect consumers from frauds and scams on instant payment services.

Instant payment services, such as Zelle, provide users with the ability to transfer funds in real time to family, friends, businesses, and strangers. The benefit of speed comes with a hidden cost. Fraudsters and scammers are drawn to these platforms because it is all too easy for them to convince a consumer to use their phone to send money, which they will receive nearly instantly. Operators and owners of these services, while touting their convenience, have not worked sufficiently to safeguard consumers and have instead sought to avoid providing reimbursem*nt when their customers are defrauded or scammed.

In these circ*mstances, consumers are often on the hook because existing rules do not reflect new technological developments. Under the Electronic Fund Transfer Act (EFTA) and the CFPB’s Regulation E, a consumer is protected if they are tricked into handing over account information to a fraudster who then initiates a transfer. But a consumer is not protected if they are tricked into opening an application to transfer funds directly to the fraudster. Consumers should be protected in both circ*mstances.

Determining liability based on whether a consumer or a fraudster physically initiates a transaction is antiquated. This approach developed when consumers transferred money electronically by providing their own bank with the recipient’s account number and routing number, and then waiting days for accounts to be credited and debited. It is not suited for the current system, where consumers need only a cell phone number or username to send peer to peer payments from a mobile device with nearly instantaneous credits and debits. Our nation’s consumer protection rules must evolve to keep pace with the growth of instant payment services like Zelle.

Following an investigation into reports of widespread fraud on Zelle, we wrote to Zelle’s parent company, Early Warning Services, LLC (EWS) in April 2022, and to the seven banks that own EWS in June 2022. Although EWS failed to answer many of our questions, the response letter confirmed that an existing gap in regulatory authority allowed both EWS and the financial institutions on the platform to avoid liability and deny consumers recourse for fraud, which has cost consumers hundreds of millions of dollars. Given the sheer numbers of consumers using instant payment services such as Zelle and the hundreds of billions transferred through these platforms each year, the inadequacy of current consumer protections is unacceptable.

We are pleased by recent reports that the agency is considering strengthening Regulation E and expanding liability for operators and owners of these platforms. Indeed, the CFPB has options under its existing authority to protect consumers from the common frauds and scams that occur on these services. The CFPB could clarify that, in certain circ*mstances, a payment is an “error” when a consumer is defrauded into initiating a transfer to a scammer. Indeed, the EFTA already provides the CFPB with authority to prescribe additional categories of “error” transactions that the financial institution—rather than the consumer—should be responsible for correcting. Or the CFPB could issue guidance that a fraudulently induced transaction is an “unauthorized electronic fund transfer” under the EFTA, which could also end up shifting liability from consumers to financial institutions.

These kinds of approaches would provide more consistent and fairer outcomes than the current rules, which offer no protections against the common scams and frauds that have proliferated on instant payment services like Zelle. To be made whole, consumers now must beg their scammer to return their money, or they must seek voluntary reimbursem*nt from their bank. Neither alternative holds much certainty. According to press reports, one of the nation’s largest banks (which co owns Zelle) has denied reimbursem*nt requests even by customers with a “spotless 25-year history” with the bank. The CFPB should send a strong signal that the agency expects banks under its supervision to bear more responsibility for letting scammers and fraudsters onto services that they developed and that they currently market as safe platforms to send and receive money.

Raising the bar on banks’ liability would create powerful incentives for Zelle and other instant payment services to invest more in fraud prevention. Current industry efforts are limited to boilerplate pop-up warnings and FAQs that customers should send money only to people they know and that using Zelle is akin to using cash. But these low tech methods are not suited for today’s sophisticated services. The rampant fraud and abuse on Zelle demonstrate that a simple “buyer beware” approach has not worked. And the face-to-face interaction inherent in cash transactions provides a layer of fraud prevention that cannot be replicated online or through a mobile device. A more effective approach would be for the CFPB to expand banks’ liability to encompass a far greater set of fraudulent transactions. If a bank permits a scammer or fraudster onto the platform, then that bank should naturally bear some responsibility when its own customer uses a bank-provided payment service to rip off others—rather than telling customers that it is their fault for being victimized.

An industry representative was recently quoted in the press to say that these approaches run the risk of inviting so-called “friendly fraud, where consumers abuse the new liability rules” and that “[t]here’s potential for abuse” with the bank as the victim. But the EFTA already protects banks against “transfers initiated with fraudulent intent by the consumer.” All we are asking is for the CFPB to similarly protect banks’ customers against transfers with “fraudulent intent” involving other consumers on payment services that banks themselves own, operate, and control. Because even one instance of fraud can wipe out a consumer’s personal finances, the CFPB should strike a more appropriate balance between preserving the benefits of faster payment options with curtailing consumer harm.

Given the growing marketing and use of these services, we believe it is essential that the CFPB intervene to protect consumers by more vigorously applying its existing authority under the EFTA and Regulation E, and we are pleased by reports that the agency is considering some of these actions. We appreciate your attention to this critical matter, and look forward to your prompt reply.

Sincerely,