Peer to Peer Payment Payment Service (P2P) Zelle is used by many people to quickly and conveniently send money electronically from their credit card or bank account. Sending money through Zelle only requires you to enter the recipient’s phone number or email address. Zelle is an app created by the company Early Warning Services (EWS) which is owned by seven of the biggest banks in the United States including Bank of America and Capital One. Presently 2,400 banks and credit unions offer Zelle as a service.
Unfortunately, Zelle has proven to be easily exploited by scammers and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed. In addition to scammers luring their victims to pay for worthless items through Zelle, scammers are also sending phishing emails and text messages in which they lure their victims into providing their Zelle usernames, passwords and PINs thereby enabling the scammers to take over their victims’ bank accounts through their Zelle accounts. Ironically, if your Zelle account is hacked, you are protected by law, but if you are tricked by a scammer into sending a Zelle payment, you have little protection
After pressure from Senators Elizabeth Warren, Sherrod Brown and Jack Reed the banks that own Zelle agreed to reimburse some people who became victims of Zelle scams for their losses. It appears that Zelle banks and credit unions will reimburse customers who are victims of qualifying imposter scams where the scammer poses as a bank to trick the customer into sending them money through Zelle.
According to Senator Richard Blumenthal, JP Morgan, Wells Fargo and Bank of America reimbursed 38% of their customers reporting unauthorized transactions in 2023 while in 2019 the banks reimbursed 62% of their customers reporting unauthorized transactions.
Now after an intensive investigation, the Consumer Financial Protection Bureau (CFPB) has sued Bank of America, JP Morgan Chase and Wells Fargo for not providing effective safeguards to protect its Zelle users from being scammed. According to the CFPB, in the 7 years that Zelle has been in operation, consumers lost more than $870 million due to the banks’ failure to implement proper procedures to protect their customers from being scammed.
Some of the critical failures which the CFPB accuses the banks of committing include:
1. Limited identity verification methods that enable scammers to quickly create accounts and target Zelle users, making it easy for a scammer to link a victim’s token which is an email address or a cell phone number to the scammer’s deposit account.
2. Allowing repeat offenders to easily move from bank to bank exploiting multiple accounts across the Zelle network by failing to track scammers and share information about scammers with other banks that make up the Zelle network.
3. Most significantly, the CFPB alleges that the banks ignored hundreds of thousands of fraud complaints instead of using that data to help recognize and prevent further scams.
4. Ignoring their obligations under the Electronic Fund Transfer Act and Regulation E to properly investigate complaints of Zelle customers who were scammed and take appropriate action to reimburse them for their losses.
Meanwhile if you are a Zelle user what can you do to protect yourself?
Before signing up for any Zelle you should familiarize yourself with their fraud protection rules. In the fine print you may find that you have little, if any, protection if you use the account to purchase something that ends up being a scam. Consumers should recognize that Zelle should not be used for commercial transactions, but only to transfer small amounts of money to people you know.
In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication for your Zelle account.
To avoid having your Zelle account and other accounts from being taken over by scammers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank by calling them at a telephone number you know is accurate. Even if you get a call that appears to come from your bank or other company with which you do business, your Caller ID can be tricked by a technique called spoofing to make the call appear legitimate when it is not.
Read the full article here