Rohit Chopra, director of the CFPB, testifies during the Senate Banking, Housing and Urban Affairs Committee hearing titled “The Consumer Financial Protection Bureau’s Semi-Annual Report to Congress,” in the Dirksen Building on Nov. 30, 2023.
Tom Williams | Cq-roll Call, Inc. | Getty Images
The Consumer Financial Protection Bureau on Friday sued the operator of the Zelle payments network and the three U.S. banks that dominate transactions on it, alleging that the firms failed to properly investigate fraud complaints or give victims reimbursement.
The CFPB said customers of the three banks — JPMorgan Chase, Bank of America and Wells Fargo — have lost more than $870 million since the launch of Zelle in 2017.
Zelle, a peer-to-peer payments network run by bank-owned fintech firm Early Warning Services, allows for instant payments to other consumers and businesses and has quickly surged to become the biggest such service in the country. At the same time, Democrat lawmakers have stepped up criticism of banks in recent years over the financial crimes happening on Zelle.
“The nation’s largest banks felt threatened by competing payment apps, so they rushed to put out Zelle,” CFPB Director Rohit Chopra said in a statement. “By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves.”
The suit is the latest move by the CFPB in the waning days of the Biden administration. Many of the actions it has taken, including steps to limit credit card late fees and overdraft charges, have been met with stiff opposition from banks and their trade groups. Corporations have had success pushing back against regulators by choosing legal venues known as friendly to suits challenging federal oversight.
In fact, JPMorgan said in August that it was considering litigation against the CFPB if the regulator sought to punish the bank for its role in the Zelle network.
The CFPB wants to force banks to stop their allegedly unlawful practices around Zelle and to pay an unspecified amount in penalties, it said.
‘Glaring flaws’
The vast majority of Zelle activity is uneventful. Of the $806 billion that flowed across the network last year, only $166 million in transactions was disputed as fraud by customers of JPMorgan, Bank of America and Wells Fargo, the three biggest players on the platform.
But the three banks collectively reimbursed just 38% of those claims, according to a July Senate report that looked at disputed unauthorized transactions.
Banks say they investigate each fraud claim, but they often find that what customers say was fraud was technically a scam where customers authorized payments. In those cases, banks aren’t usually required to make customers whole.
The CFPB claimed that Zelle’s “limited identity verification methods” have allowed criminals to infiltrate the network, enabling them to divert payments and move between member banks that didn’t share information among institutions.
The Zelle online banking logo is displayed on a smartphone with the Zelle web page visible in the background in this photo in Brussels, Belgium, on Dec. 10, 2023.
Jonathan Raa | Nurphoto | Getty Images
The agency also said banks failed to properly investigate complaints about Zelle activity and didn’t consistently report fraud activity.
“The banks failed to fix glaring flaws in their systems even as hundreds of thousands of customers filed complaints about fraud,” Chopra told reporters during a call on Friday. “The banks knew their customers were having their money stolen, but since they weren’t bearing the cost of these losses themselves, they dragged their feet on fixing the problems.”
Zelle is the preferred way for cyber criminals to extract funds because it is faster than other remittance options, according to Tom Peacock, director of global fraud intelligence for cybersecurity firm BioCatch.
‘Meritless’ and misleading
Early Warning Services said in a statement Friday that it was prepared to defend itself against this “meritless lawsuit.”
“Zelle leads the fight against scams and fraud and has industry-leading reimbursement policies that go above and beyond the law,” said Jane Khodos, an Early Warning Services spokeswoman. “The CFPB’s misguided attacks will embolden criminals, cost consumers more in fees, stifle small businesses and make it harder for thousands of community banks and credit unions to compete.”
Furthermore, the $870 million figure cited by the CFPB for fraud losses is misleading because it includes incidents where the bank found that cases didn’t involve fraud, but errors or false claims, according to Early Warning Services.
Early Warning Services has said that while transaction volumes rose in 2023, reports of scams and fraud fell almost 50%, and that only a tiny fraction of payment volumes are disputed as fraud.
This article was originally published on CNBC