Large banks that own the payment platform Zelle on average are reimbursing less than 50% of fraud claims reported by consumers who say money was stolen from their accounts by fraudsters, and that practice could violate federal law, according to a major critic of the industry on Capitol HIll.
A 14-page report about fraud on Zelle released Monday by Sen. Elizabeth Warren, D-Mass., found that large banks that own Zelle’s parent company, Early Warning Services, are reimbursing anywhere from 14% to 82% of fraud claims reported by consumers, raising more questions about the wide disparities in bank reimbursements.
The numbers, if verified, point to the potential for massive regulatory enforcement actions against banks by the Consumer Financial Protection Bureau. Alternatively, because banks are required by the Electronic Fund Transfer Act to investigate when a consumer alleges fraud, the data may also indicate that consumers are attempting to game the system or that a large percentage of fraud claims simply cannot be verified by banks.
Only four of the seven banks that own Zelle submitted data to lawmakers. Of those, Bank of America, PNC Financial Services Group, Truist Financial and U.S. Bancorp reimbursed consumers anywhere from 14% to 82% for fraud claims that were not authorized by their customers. It remains unclear why banks are not reimbursing consumers for such a large number of unauthorized transactions that are purportedly due to fraud and why the discrepancies in reimbursements among banks is so large, experts said.
“These data are deeply troubling,” the report stated. “They not only reveal that banks are breaking their word about repaying victims harmed by Zelle — they also indicate that the banks may be violating the CFPB’s Regulation E rules, which require banks to make consumers whole after an unauthorized fraudulent transaction.” (Reg E spells out the requirements of the EFTA.)
In April, Warren and other Democratic lawmakers opened an investigation into Zelle and requested fraud information from its parent, Early Warning Services, of Scottsdale, Ariz., and of the seven banks that own the company. Both Jamie Dimon, the chairman and CEO of JPMorgan Chase, and Charlie Scharf, the president and CEO of Wells Fargo, promised the lawmakers under oath two weeks ago that they would provide the data. JPMorgan did not provide the information, and Wells provided “only incomplete and confidential data,” the report said. Capital One Financial also did not respond to lawmakers’ requests, the report said.
The report, titled “Facilitating Fraud: How Consumers Defrauded on Zelle are Left High and Dry by the Banks that Created It,” includes data not previously made public. The report claims that Early Warning has estimated that $440 million in electronic payments through Zelle were lost to fraud and scams in 2021. But that figure includes both unauthorized transactions reported by consumers as fraud as well as authorized transactions where a consumer makes a payment and later claims it was induced by a scammer or criminal.
Zelle is used by more than 1,700 banks and credit unions that processed 1.8 billion in real-time payments last year. Zelle currently is processing payments at a rate of about $1.6 billion a day, or $1 million a minute, according to Early Warning Systems.
Banks are required by law to investigate fraud claims by customers, and if fraud occurred, to repay the consumer if a criminal has illegally gained access to their account and makes payments without authorization. The report found that the four banks are on pace to receive fraud claims of $255 million this year, up from $90 million in 2020.
Truist, in Charlotte, N.C., had the best track record among the four reporting banks of reimbursing customers who alleged fraud through unauthorized transactions last year and in the first six months of 2022. Truist repaid 82% of fraud claims, reimbursing $20.8 million to 20,349 consumers during the 18-month period. By comparison, Bank of America, also based in Charlotte, paid back less than 45% of claims, refunding a total of $56.1 million during the 18-month period. U.S. Bank in Minneapolis refunded roughly 30% of claims, repaying less than $4.7 million to roughly 8,242 consumers. Last on the list was Pittsburgh-based PNC, which paid out 14% of fraud claims, reimbursing $1.5 million to roughly 1,500 customers.
When consumers report fraud on their account, the banks refunded 47% of customers on average, the report found.
“The data provided by the banks reveals that they are not repaying a significant portion of fraud claims,” the report found. “Banks are refusing to reveal the true scope of fraud and theft, and the extent to which they are repaying defrauded customers.”
The CFPB is looking into making changes to Reg E, though doing so would require a yearslong rulemaking process. The EFTA does not provide the same consumer protections to real-time payments and digital wallets that currently exist for credit cards under the Card Act, an issue that has left many consumers on the hook for fraud that they have no control over.
The CFPB may provide guidance to financial institutions about payments that are made in “error,” by consumers in an effort to get banks to improve their fraud controls. But it is unclear if banks would be required to abide by mere “guidance,” and any major change could require a public notice-and-comment period. The CFPB has clear authority to interpret the EFTA and could clarify that, in certain circumstances, a payment is an “error” when a consumer is defrauded into initiating an electronic transfer to a fraudster. The bureau also could add a new category of error for fraudulently-induced payment and may also clarify that the EFTA applies to all electronic payments.
The report concluded by urging the CFPB to clarify and strengthen Reg E, by including fraud in the law’s “error resolution purview.”
“The banks that created and profit off of Zelle should be pushed to protect their consumers from bad actors on their platform, and regulators should step in to ensure a fair and consistent process for everyone,” the report stated.