No one knows exactly how many Americans have lost money in fraudulent charges through the money transfer app Zelle, though millions could be at risk. One thing is clear: neither Zelle, nor its parent company Early Warning Services, nor the banks that host the app have been stepping up to refund the stolen funds.
News reports from all over the country—in Chicago, Atlanta, San Francisco—tell stories of customers swindled out of their money with no way to get it back, except in individual cases brought to specific banks’ attention by reporters. Debbie Shepard-Polak, for example, a landscaping company owner in the Chicago suburbs, recently lost $4,600 in a Zelle scam.
The torrent of complaints from angry customers has spurred two Democratic senators, Elizabeth Warren of Massachusetts and Robert Menendez of New Jersey to write a letter to Early Warning Services telling the company that it and banks need to provide “appropriate redress to defrauded customers.”
Zelle is an app created by EWS, which is owned by seven of America’s biggest banks: Bank of America, BB&T (now Truist), Capital One, JPMorgan Chase, PNC Bank, U.S. Bank and Wells Fargo. Hundreds of banks and credit unions across the U.S. offer Zelle.
The Consumer Financial Protection Bureau considers these fraudulent money transfers to be covered by a federal law, Regulation E, which means that the consumers should be getting their money back.
“Regulation E protects consumers when they use electronic fund and remittance transfers,” a spokesman for the CFPB said in an email. “Financial institutions must comply with this regulation when they are responding to consumer notices of error. When a consumer provides notice to a financial institution that money was stolen from the consumer’s account, the burden is on the institution to show that the transfer of funds out of the consumer’s account was authorized by the consumer.”
Banks deny responsibility
Many banks have been refusing to reimburse customers defrauded through Zelle, arguing that the customers themselves approved the transfers. Right now, the only recourse for customers that banks won’t help out is to file a complaint with the CFPB.
Neither Zelle nor EWS responded to requests for comment.
In the meantime, banks might consider bolstering their security measures to protect customers using Zelle.
To access bank customer’s money, thieves often impersonate the customer’s bank in a phone call or text—with the bank’s phone number spoofed so that the communication looks like it actually is from a bank official.
In one common scenario, the customer receives a text that looks like it’s coming from the bank asking if a payment had been made with Zelle. The customer texts no. Then there’s a phone call from a person impersonating a bank official who asks about another transaction. While on the phone, with the phony bank official, the customer receives another text asking if they authorized a different payment via Zelle and provides a six digit code.
The phony bank representative then tells the customer to log into their account and provide the six digit code to reverse the transaction—but by typing in the code, the customer is authorizing it instead.
Consumers love the speedy money transfers, but that speed is part of what makes the frauds successful, said Michael Levy, a former prosecutor and currently an adjunct professor of law at the University of Pennsylvania Carey School of Law.
“The real problem is that Zelle and other things, like Venmo, are instantaneous,” Levy said. “So there’s very little time for the customer to notice and say there’s a mistake that the bank needs to undo.”
By contrast, payments made by credit card move slower, Levy said.
“That means credit card companies have some ability to reverse a transaction,” he added. “Another thing about credit card companies is they have algorithms that are really good at detecting fraud and pick up transactions that look weird.”
Levy recommends that people not give out any information when they get texts or calls even if they look like they’re coming from the bank. It’s best to just call the bank yourself or log on to your account and see if there’s anything amiss, he said.