Peer-to-peer (P2P) payment service Zelle is used by many people to quickly and conveniently send money electronically from their credit card or bank account. To send money via Zelle, all you need to do is enter the recipient’s phone number or email address. Zelle is an app from Early Warning Services (EWS), which is owned by seven of the largest banks in the United States, including Bank of America and Capital One. Currently, 2,400 banks and credit unions offer Zelle as a service.

Unfortunately, Zelle has been shown to be easily exploited by scammers, and unlike scams that directly target your credit cards, you may not have as much legal protection to get your money back if you get scammed. In addition to luring their victims into paying for worthless items through Zelle, scammers also send phishing emails and text messages tricking their victims into revealing their Zelle usernames, passwords, and PINs, thereby allowing the scammers to break the bank their victims can take over accounts through their Zelle accounts. Ironically, while you are legally protected if your Zelle account is hacked, if a scammer tricks you into sending a Zelle payment, you have little protection

Under pressure from Senators Elizabeth Warren, Sherrod Brown and Jack Reed, the banks that own Zelle agreed to reimburse some people who were victims of Zelle scams for their losses. It appears that Zelle banks and credit unions are compensating customers who are victims of skilled scams in which the fraudster impersonates a bank to trick the customer into sending them money through Zelle.

According to Senator Richard Blumenthal, in 2023, JP Morgan, Wells Fargo and Bank of America refunded 38% of their customers who reported unauthorized transactions, while in 2019 the banks refunded 62% of their customers who reported unauthorized transactions.

After an intensive investigation, the Consumer Financial Protection Bureau (CFPB) has now sued Bank of America, JP Morgan Chase and Wells Fargo for failing to implement effective safeguards to protect their Zelle users from fraud. According to the CFPB, in the seven years that Zelle operated, consumers lost more than $870 million because banks failed to put appropriate procedures in place to protect their customers from fraud.

Consumer Financial Protection BureauEarly Warning Services, LLC; Bank of America, NA; JPMorgan Chase Bank, NA; Wells Fargo Bank, NA | Consumer Financial Protection Bureau

The critical errors the CFPB accuses banks of include:

1. Limited identity verification methods that allow fraudsters to quickly create accounts and target Zelle users, making it easy for a fraudster to steal a victim’s token, which is an email address or cell phone number , to be linked to the fraudster’s deposit account.

2. Allowing repeat offenders to easily move from bank to bank, exploiting multiple accounts across the Zelle network, by failing to detect fraudsters and failing to share information about fraudsters with other banks that make up the Zelle network.

3. Most significantly, the CFPB is accusing banks of ignoring hundreds of thousands of fraud complaints instead of using that data to detect and prevent further fraud.

4. Failure to comply with its obligations under the Electronic Fund Transfer Act and Regulation E to properly investigate complaints from defrauded Zelle customers and take appropriate action to reimburse them for their losses.

What can you do as a Zelle user to protect yourself?

Before you sign up with a cell, you should familiarize yourself with their fraud protection rules. In the fine print, you may find that you have little to no protection if you use the account to purchase something that ends up being a scam. Consumers should be aware that Zelle should not be used for commercial transactions, but only for transferring small amounts of money to people you know.

To protect your account from hacking and being taken over by a fraudster who could access your credit card or bank account, you should use a PIN or other two-factor authentication for your Zelle account.

To prevent your Zelle account and other accounts from being taken over by fraudsters, never provide your username, password, or PIN in response to emails, text messages, or phone calls unless you have absolutely confirmed that the request for this information is legitimate. It never is. You can confirm this by contacting your bank at a phone number you know is correct. Even if you receive a call that appears to be from your bank or another company you do business with, your caller ID can be tricked through a technique called spoofing to make the call appear legitimate even though it is not is.