OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Letters to CEOs of Financial Institutions - An Hollen, Colleagues Press Big Banks on Widespread Zelle Fraud

Letter

Date: July 11, 2022
Location: Washington, DC
Issues: Finance and Banking

Dear [Bank CEO],

We are writing in response to recent reporting of widespread fraud on the online peer-to-peer money transfer platform Zelle, a service jointly owned by seven of the nation's largest banks, including the institution that you run. It is imperative that the banks that created, own, and offer the service do more to protect consumers from the fraud and scams that are being perpetrated through the platform.

The COVID-19 pandemic has led to a large increase in the use of Zelle and other peer-to-peer payment services. In 2021, consumers and businesses made 1.8 billion payments to transfer $490 billion through Zelle alone. Payment volumes have increased 49% year-over-year. As these payment networks have become ubiquitous, frauds and scams have proliferated. One of Zelle's biggest selling points to consumers -- the ability to immediately transfer money -- makes the platform a "favorite of fraudsters" because consumers have no option to cancel a transaction, even moments after authorizing it. In 2020, nearly 18 million Americans were defrauded through scams involving Zelle and other instant payment applications. At least in the case of Zelle, the banks that participate in the network appear not to have provided sufficient recourse to their customers.

Recent reporting has exposed a number of scams that are popular on Zelle. In one instance, a user purportedly bought tickets to a concert using Zelle, based on the false belief that its affiliation with banks would provide a layer of protection. But once she sent funds, the seller stopped replying and never sent the tickets. Additionally, users have been scammed by fraudsters impersonating bank employees via spoofing, or changing the phone number that appears on Caller ID.

These scams are not isolated incidents. A Wells Fargo customer service representative told one consumer that "a lot of people are getting scammed on Zelle this way" and "many people were getting hit for thousands of dollars." But the platform still provides weak consumer protections and participant banks do not provide sufficient relief to defrauded consumers. Bank of America and Capital One refused to refund customers whose stolen phones had been used to make unauthorized Zelle transfers. In another case, a customer who lost $500 to a scammer impersonating a Wells Fargo employee was told that even though he was tricked, the customer had authorized the transaction and therefore it was not fraudulent. Several customers who fell victim to scams were made whole only after contacting the press, suggesting that avoiding unwanted public scrutiny may be a significant factor in a decision to provide recourse to customers. In some cases, these customers had sterling decades-long relationships with the bank.

This is a widespread problem. According to Consumer Watchdog, banks were essentially "throw[ing] up their hands and say[ing] "it's not our problem because you authenticated it.'" One customer observed that "it's like the banks have colluded with the sleazebags on the street to be able to steal." Another said that her bank was "calling me a liar and they're calling me a criminal, because what they're saying is, I'm trying to steal [money] from the bank."

Zelle is owned and operated by a company called Early Warning Services (EWS), which itself is owned by seven of the nation's largest banks, including the institution that you run. On April 29, 2022, several of us wrote to EWS seeking information about the prevalence of frauds and scams on Zelle. In response to this letter, the company described its consumer protection policies, including requiring users to confirm a phone number or email address paired with an account. The response heightened our concerns about fraud on Zelle, and the company's ongoing failure to appropriately address it.

EWS claims that the company "has gone beyond what is required under Regulation E and adopted a "zero-liability' approach for any transaction through a Participant Institution on the Zelle Network determined to be unauthorized" and that "the Zelle Rules require each Participant Institution to provide full refunds for Zelle transactions determined to be unauthorized within the meaning of the [Electronic Fund Transfer Act] (EFTA) and Regulation E." But only a narrow set of transactions are clearly unauthorized within the meaning of the EFTA and Regulation E. According to EWS, the company "uses the term "fraud' … to refer to unauthorized transactions, meaning transactions that a consumer does not themself authorize and initiate (e.g., where a third party obtains the consumer's access credentials)." That definition excludes the scams that have been extensively documented in the press and by Consumer Financial Protection Bureau guidance, which EWS describes in the response as transactions that are "authorized and initiated by a consumer (and thus not unauthorized) but that were induced through deception (e.g., where a third party convinces the consumer to transfer money based on a false pretext, such as an offer to sell nonexistent goods). In the case of scams, EWS indicated only that "Participant Institutions may nevertheless reimburse consumers affected by scams."

Furthermore, the response seeks to minimize the extent of frauds and scams on Zelle by reporting that "the proportion of transactions determined to be fraud or scams has steadily decreased, with the value of these transactions representing less than 0.09% of total value processed since 2017." But given that consumers sent $490 billion through Zelle in 2021, this implies that the value of frauds and scams perpetrated on Zelle was approximately $440 million in just one year -- a figure that is too high. Moreover, EWS did not provide any information about who "determined" whether a transaction is fraudulent or a scam" for purposes of calculating this statistic. The lack of context around the inputs and assumptions behind the 0.09% statistic leads us to question its utility as a measuring stick for fraud or scams. Finally, EWS did not provide information about whether this statistic includes only transactions that are treated as an "unauthorized electronic fund transfer" within the narrow definition in Regulation E or whether this statistic also includes the scams that were detailed in press reports and that EWS contends are not covered by Regulation E.

The distinction EWS draws between fraud (transactions not authorized by the account owner) and scams (transactions authorized by the account owner, but induced through deception) ignores how consumers actually suffer financial loss on Zelle. From the consumer perspective, there is no practical reason why they should be protected if a fraudster convinces them to hand over account and routing numbers, but should be on the hook if the same fraudster convinces them to send funds directly.

While several banks have made the argument that they should not be held responsible for such scams, we believe that you need to do more to protect your customers. Bank of America, Truist, Capital One, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo directed EWS, which they collectively own, to develop Zelle. Given the sheer numbers of consumers using online payments services such as Zelle and the amount of money at risk, the absence of protective measures is unacceptable. In order to understand the steps you are currently taking to address this growing problem in the money transfer application you jointly own, we ask that you provide answers to the following questions by August 8, 2022:

1. Do you agree with EWS's distinction between fraud and scams for purposes of Regulation E under the EFTA?

a. Does your bank consider transactions where consumers are fraudulently induced into authorizing a transfer to be covered by Regulation E?

2. What are your bank's current policies and procedures for detecting and eliminating fraud and scams that target your account holders on the online platform Zelle, and how has your bank bolstered those policies and procedures in light of "rampant […] organized crime" on the platform?

3. What are your bank's policies and procedures for determining which consumers receive refunds for (a) transactions that are unauthorized within the meaning of Regulation E (i.e., where a customer does not initiate a transfer) and (b) transactions that involve scams (i.e., where a customer is fraudulently induced to transfer funds) and that may not be clearly treated as unauthorized by Regulation E?

a. Is this determination made through a joint process with EWS?

b. Are there any standardized policies and procedures among all participating institutions in Zelle?

4. How many reports of unauthorized electronic fund transfers (i.e., fraud)-- as defined by Regulation E -- has your bank received from consumers using the Zelle platform for each of the last five full calendar years, and from January 1, 2022, to the present? For each year, and for the period from January 1, 2022, to the present, please provide:

a. The total number of reported cases of fraud from your customers using Zelle.

b. The total dollar value of reported fraud.

c. The number of cases where your bank provided refunds to customers.

d. The total value of these refunds.

e. The number of cases where your bank referred fraud to law enforcement or to federal or state bank regulators.

5. How many reports of transactions initiated by a consumer that were induced through deception (i.e., scams) has your bank received from consumers using the Zelle platform for each of the last five full calendar years, and from January 1, 2022, to the present? For each year, and for the period from January 1, 2022, to the present, please provide:

a. The total number of reported cases of scams from your customers using Zelle.

b. The total dollar value of reported scams.

c. The number of these scams where your bank provided refunds to customers.

d. The total value of these refunds.

e. The number of these scams cases where your bank referred the incident to law enforcement or to federal or state bank regulators,

Sincerely,


Source
arrow_upward