Use a payment platform provided by your bank or credit union, and you probably assume your financial institution will be there to help if there’s a problem.

Don’t count on it.

Listen to audio highlights of the story below:

Customers tricked into sending money to scammers via Zelle, the largest peer-to-peer (P2P) service, are learning that lesson the hard way.

• Debbie Shepard-Polak, who owns a landscaping company in the Chicago area, recently was scammed out of $4,600. JP Morgan Chase, said she “authorized” the Zelle payment, even though she was tricked into making the transfer, WGN TV reported.
• Scammers used Zelle to drain $1,050 from Cogan Lawler’s bank account. The high school senior in the Boston area was saving the money for college. “I didn’t approve it. I didn’t authorize these transactions, that’s just the truth of the matter,” Lawler told WBZ TV. Bank of America refused to refund the teen’s money.
• In Sacramento, Samantha Bradford believed a text from Wells Fargo security was real, which enabled the imposters to drain all the money from her checking account, $811. The bank denied her refund claim, saying she had authorized the transaction. “I didn’t deserve to be scammed because I thought it was Wells Fargo protecting me, and they were not,” Bradford told KGO TV.

All P2P payment services are vulnerable to fraud, but complaints about Zelle are soaring.

“I can’t believe how bad the Zelle fraud problem is and how little the banks have done to stop it,” said Bob Sullivan, an investigative journalist and host of AARP’s The Perfect Scam podcast. “I think this is a very, very large problem that the banks are not yet owning up to, and eventually we’re going to find out how large it is.”

UPDATE:

On Oct. 3, Senator Elizabeth Warren (D-Mass.), a longtime critic of Zelle, released a report that concluded there was “rampant fraud and theft” on the platform.

The report, based on data provided by four of the seven banks that run the payment network (Bank of America, PNC Bank, U.S. Bank, and Truist), found that “fraud is growing on the platform and that the banks are not refunding the vast majority of defrauded consumers, breaking their promises to their customers and potentially violating federal law.”

JPMorgan Chase, Capital One, and Wells Fargo did not provide the Senate Banking Committee with their information.

Here are the key findings from the new report:

• The four banks that reported the relevant data received scam and fraud claims in excess of $90 million in 2020, and are on pace to receive scam and fraud claims in excess of $255 million in 2022.
• Banks are not repaying the vast majority of customers who were tricked into making fraudulent payments using Zelle. The three banks that provided full data on this reported repaying customers in only 9.6 percent of scam claims, and repaid only $2.9 million, representing just 11 percent of money lost.
• Banks are not repaying customers who report “unauthorized” Zelle payments, which potentially violates both federal law and rules from the Consumer Financial Protection Bureau (CFPB). Zelle claims to have a “zero liability policy” when a criminal gains access to a consumer’s Zelle account and uses it to make unauthorized payments. The data provided by the banks show that customers were reimbursed for only 47 percent of the dollar amount reported stolen by unauthorized payments in 2021 and the first half of 2022.

Early Warning Services, the company that runs the Zelle payment system, responded to the report by saying more than 99.9 percent of payments are completed without any report of fraud or scam. In a statement, the company said: “Zelle usage has grown significantly since its launch, from 247 million transactions in 2017 to 1.8 billion in 2021, while the proportion of fraud and scams has steadily decreased.”

The Illusion of Safety

Zelle was launched in June 2017, created by a consortium of seven major U.S. banks: Bank of America; Capital One; JPMorgan Chase; PNC; Truist; U.S. Bank; and Wells Fargo. It is now run by a company they own called Early Warning Systems. The service is currently available from almost 1,500 banks and credit unions nationwide.

Last year, consumers and businesses transferred $490 billion using Zelle, nearly double the $230 billion sent via Venmo, according to eMarketer. Because criminals go where the money is, they’ve been targeting Zelle customers.

“Zelle’s biggest problem is that, because it is backed by the big banks, people associate traditional consumer protections with the service,” Sullivan told Checkbook. “So, you log into Bank of America and there’s Zelle, and you implicitly think, ‘Well, I’m protected if I use Zelle,’— and you’re not. There are no consumer protections at all with Zelle.”

Sullivan blames the banks for this. The early television ads, he recalled, included lines such as, “It’s backed by the big banks, so, you know, it’s safe.” They don’t run those ads anymore, Sullivan said, but part of the “perceptual problem” is based on that association with trusted financial institutions.

Rachel Gittleman, financial services outreach manager at the Consumer Federation of America, said the nation’s banks have failed their customers by refusing to help those who are fooled by bank imposters.

“It’s all on the consumer to verify who they’re sending the money to. We believe that consumer protection is a lot more than just disclosures,” Gittleman told Checkbook. “Warning customers about fraud is an important part of consumer protection, but it’s not going to help when you’re being lured in by a fraudster.”

Aren’t Financial Institutions Required to Help Fraud Victims?

P2P transactions are instantaneous and irreversible, so by the time you realize you’ve been taken, it’s too late. A study by Javelin Strategy & Research in 2020 found that 18 million people were scammed into sending money this way.

The Electronic Fund Transfer Act (EFTA), also known as Regulation E, provides protection for digital financial transactions, such as electronic withdrawals, transfers and deposits. It limits liability when there’s an “unauthorized electronic fund transfer” from the consumer’s account.

Consumer groups insist the regulation clearly protects people who had their money stolen by a fraudster. The banks, on the other hand, say these transactions were authorized, since the victim initiated them. Therefore, the banks say, it’s not their problem.

In a statement to Checkbook, Sara Grano, a spokesperson for the American Bankers Association, said consumers who use P2P services should remember that “it’s like handing someone cash, and they should only make payments to someone they know and trust.”

“Unfortunately, phishing scams are on the rise and the fraudsters are more sophisticated than ever,” Grano wrote. “If you receive a call, text, or email asking for account information or urging you to send money, remember that banks never ask that. If something doesn’t seem right, trust your gut and contact your bank through a trusted channel like the number on the back of your debit card or the bank’s mobile app.”

Ed Mierzwinski, senior director of the federal consumer program at U.S. PIRG, a national consumer advocacy organization, says the banks are “taking advantage” of Regulation E and interpreting it to their benefit.

“It’s outrageous,” Mierzwinski told Checkbook. “It’s absolutely clear that when the fraudster initiates the transaction in some way, it’s the bank’s responsibility to help the customer get their money back.”

The Consumer Financial Protection Bureau (CFPB) apparently agrees. In June of 2021, the CFPB made it clear that “if a third party fraudulently induces a consumer into sharing account access information that is used to initiate an EFT (electronic funds transfer) from the consumer’s account,” that “does meet Reg E’s definition of an unauthorized EFT.”

In other words, based on the CFPB’s interpretation of Reg E, customers should receive the same fraud protection with a P2P platform as they would if a fraudulent charge was made using their debit or credit card.

Here’s what the CFPB has posted on its website:

“…when a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E. (emphasis added)

For example, the Bureau is aware of the following situations where a third party has fraudulently obtained a consumer’s account access information, and thus, are considered unauthorized EFTs under Regulation E: (1) a third-party calling the consumer and pretending to be a representative from the consumer’s financial institution and then tricking the consumer into providing their account login information, texted account confirmation code, debit card number, or other information that could be used to initiate an EFT out of the consumer’s account, and (2) a third party using phishing or other methods to gain access to a consumer’s computer and observe the consumer entering account login information. EFTs stemming from these situations meet the Regulation E definition of unauthorized EFTs.”

A coalition of consumer groups, including U.S. PIRG and the Consumer Federation of America, has asked the CFPB to take enforcement action against the offending banks.

If you’ve been a victim of an unauthorized P2P transfer and your bank or the company that owns the app will not help you, your only recourse is to file a complaint with the CFPB.

Congress Wants Answers

The flood of Zelle fraud cases, and the media attention given to it, has three members of the Senate Banking Committee looking for answers. On April 26, Senators Elizabeth Warren (D-Mass), Robert Menendez (D-New Jersey), and Jack Reed (D-Rhode Island) sent a letter to the CEO of Early Warning Services (Zelle’s parent company), demanding answers about the “disturbing reports” of fraud and scams on the platform, “and the ongoing failure by Zelle or the banks that own this service to address these scams and provide appropriate redress to defrauded consumers.”

“Given the rise of increasingly sophisticated scams on your platform and the widely documented difficulties consumers have faced in seeking relief from banks, we seek to understand the extent to which Zelle allows fraud to flourish and the steps your company is taking to increase consumer protection and help users recover lost funds,” they wrote.

Early Warning Systems did not respond to Checkbook’s requests for a response to this letter.

Sullivan, the journalist who’s been reporting on Zelle fraud for several years, is “delighted” people are now focusing on this growing problem. On his website, Sullivan has a Zelle Fraud Emergency Kit designed to help victims.

Protect Yourself

If you use a P2P app, do so wisely; if something goes wrong, you may be out of luck. As a recent CNET story noted, most Zelle scams result from social engineering tricks, where fraudsters make victims believe they are dealing with people or companies they trust.

Here’s how to avoid that:

• Only Use Zelle (or other P2P apps) for transfers to people or businesses you know and trust. If you get a cash request from someone you don’t recognize, contact them using a number you know to be right before doing anything.
• Don’t respond to unsolicited text messages or emails that claim to be from your bank or credit union. If you didn’t contact them first, don’t respond. Instead, call your financial institution directly to inquire about your account and any potential security issues.
• Watch for “urgent” deadlines or requests from new recipients. Alarm bells should go off if you are told you must make that P2P payment immediately. Scammers use scare tactics like this to make you respond without thinking.
   

More Info: Complaints Against P2P Payment Apps Soar

Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He is also the consumer reporter for NW Newsradio in Seattle. You can also find him on Facebook, Twitter, and at ConsumerMan.com.