Zelle is shock lightning rod in CFPB’s Huge Tech inquiry

Zelle is shock lightning rod in CFPB’s Huge Tech inquiry

The Consumer Financial Protection Bureau’s review of payment platforms has been focused on Silicon Valley technology giants. But the effort is also now highlighting fraud concerns about a bank-owned network: Zelle.

In October, the CFPB announced an inquiry into Big Tech payment systems, ordering six of the largest tech firms to provide information about the business. The agency also sought public comment on payment models. But most of the roughly 70 letters received by Friday focused on Zelle, the peer-to-peer network owned by seven of the largest banks that competes with nonbank providers such as Venmo.

Commenters complained that sophisticated scammers used fake identities to compel them to send money via Zelle. When they reported the fraud to Zelle’s parent, the Scottsdale, Arizona-based fintech Early Warnings Services, they were told to contact their bank but many alleged their banks denied the fraud claims.

One consumer said he was defrauded of $3,500 by a scammer posing as a Wells Fargo fraud representative.

“I had never consented to have Zelle attached to my accounts and had never used Zelle, yet when I logged into the Wells Fargo mobile app and tapped the Zelle icon, the fraudster’s send-to account was already in there,“ the consumer wrote in a comment letter to the CFPB. “This was a sophisticated phishing scam.”

It’s unclear how an information request intended to attract comments about Big Tech prompted so many consumers to sound off about their P-to-P experiences using Zelle. Its parent company, Early Warning Services, is owned by Bank of America, Capital One Financial, JPMorgan Chase, PNC Financial Services Group, Truist Financial, U.S. Bancorp and Wells Fargo.

Some observers suspect that the comment letters may have been triggered by an online article written by former NBC journalist Bob Sullivan, in which he linked to the CFPB’s information request. Sullivan has written extensively about consumers being defrauded while using Zelle.

Frustrated consumers flooded the CFPB with comments about money stolen in fraud schemes using Zelle, an online payment system owned by seven banks and used by hundreds more.

Adobe Stock

“All the more reason anyone who’s suffered at the hands of Zelle and bank indifference should participate in a new effort by federal regulators to investigate newfangled tech-driven payment tools,” Sullivan wrote.

Concerns that P-to-P services like Zelle leave users vulnerable to fraudsters have been around for years. Experts say that banks’ involvement with Zelle may lead consumers to think its security protocols are stronger than they actually are.

“The whole idea is that [digital payments] are a convenience that [banks] want to be able to offer their customers as a means of demonstrating that they’re innovating,” said Trace Fooshee, a strategic advisor at Aite-Novarica Group. “The most important thing that [consumers] want is security. If you offer faster payments at the cost of security, will you erode that trust relationship?”

The comment letters were submitted as part of CFPB Director Rohit Chopra’s order in October asking large tech companies — Amazon, Apple, Alphabet’s Google, Facebook, PayPal and Block (formerly Square) — to turn over information about their payments products, business plans and practices. The orders make clear that the CFPB is exerting its authority over Big Tech, experts say.

In comment letters, consumers described routinely being denied redress from Zelle — and their own banks — even though some types of fraud in online payment transactions are covered by the Electronic Fund Transfer Act, known as Regulation E. Violations of Reg E appear to be common, according to recent CFPB reports.

Zelle has sustained a rash of hacks this year and recently launched a public relations campaign aimed at explaining how to avoid scams.

Analysts and advocates say the CFPB is poised for a crackdown on online payment providers and banks that deny legitimate fraud claims. The bureau recently released a lengthy compliance document with answers to frequently asked questions about electronic fund transfers, similar to another one published in June.

The new FAQs discussed resolving errors in person-to-person payments initiated from a consumer’s online bank account portal, prepaid account portal or mobile application.

“The CFPB was very specific in laying out a variety of different scenarios under which they make clear their interpretation of Regulation E and how it would apply to scam victims,” said Fooshee.

Under Reg E, a financial institution generally must complete an investigation and determine whether an error occurred within 10 business days of receiving notice from a consumer. The investigation can take up to 45 days if the bank provides a provisional credit of the alleged error amount.

Some banks reimburse all consumers who are victims of fraud or scams, Fooshee said. But there also are “a good number of banks out there that believe their terms of service and their disclosures shield them from reimbursing scam victims in certain circumstances,” he added.

There is concern that if the amount of fraud and scams were publicly disclosed it would overwhelm financial firms. Banks already are under pressure to reduce losses and if the CFPB increased its scrutiny of Reg E compliance — and as a result, the amount that banks had to reimburse consumers claiming fraud increased — bank “losses have the potential to go up pretty substantially,” Fooshee said.

The American Bankers Association maintains that P-to-P payments are the same as cash.

“When using these services, consumers should keep in mind that it’s like handing someone cash and they should only make payments to someone they know and trust,” said ABA spokeswoman Sarah Grano.

Zelle markets its service as a fast, safe and easy way to send money to friends and family within minutes. A spokeswoman for Zelle, which processed $120 billion in payments in the second quarter, declined to provide any estimate of fraud but said the company is working to educate consumers about scams.

“People are getting scammed [and] it’s up to us to protect them,” said Meghan Fintland, a spokeswoman for Early Warning. “You just consistently have to educate consumers and the audience and make it an industrywide effort so people aren’t ripped off of their money.”

Many consumers told the CFPB that they believed the transactions are covered by the EFTA because they were made through their bank.

“Banks must be held accountable for exposing their customers to increased risk of fraud without their express consent, and then unjustifiably — arguably illegally — denying resulting customer fraud claims,” wrote one consumer. “Consumers should not have to fight the banks alone or hope someone in the news media takes up their cause. Consumer protection agencies must step up to hold the banks accountable for Zelle fraud across the board. Please take action.”

Ruth Susswein, deputy director of Consumer Action, a Washington-based advocacy group, has fielded hundreds of calls from consumers and said it is not clear what protections apply to online payment systems.

“Consumers deserve at least a minimum level of protection that requires all payment systems to be responsible for addressing and resolving errors and fraud online,” Susswein said. “The CFPB needs to clarify that all payment providers have a duty under the Electronic Funds Transfer Act to investigate and resolve errors.”

Even as more banks adopt Zelle in the push to offer faster payments, many of the consumers who wrote to the CFPB expressed anger at their bank for denying a claim.

“There seems to be no law or anybody to protect the rights of consumers using Zelle,” wrote a consumer who described how $4,725 was taken by a scammer from the commenter’s JPMorgan Chase savings account using Zelle. “No one is helping me get my money back. Too much money is being lost by consumers and there seems to be no regulation. I read a law that the money is protected through [the] EFT act, but the bank is denying this. Please help.”

Complaints to the CFPB about online payment services have skyrocketed this year, according to a June report by U.S. PIRG, a federation of state nonprofit Public Interest Research Groups.

The CFPB has received more than 9,000 complaints about “mobile or digital wallets” since 2017, with two-thirds of complaints about a handful of firms, including Venmo, a unit of PayPal; Cash App, a unit of Block; and Coinbase Global, the owner of a cryptocurrency exchange platform, the report found.

“The significant thing is the CFPB doing an inquiry into the big tech payment systems and highlighting the fact that there are real problems with fraud and consumer errors that are not being addressed,” said Lauren Saunders, an associate director at the National Consumer Law Center.

Leave a Comment