When customers say that their money was stolen from Zelle, the banks often refuse to pay
Argely’s Oriach was on his way home from a shopping trip one evening in March when he was robbed with a weapon. The thief demanded his iPhone and password. Mr. Oriach turned them over and fled.
The next morning, Mr. Oriach, who lives in Brooklyn, said he discovered the thief had withdrawn $ 8,294 from his bank accounts at Capital One by using several money transfer apps including Zelle. He contacted Capital One, and fully expected the bank to refund him the stolen cash, as required by federal law. The bank only refunded $ 250, saying it found no evidence that the rest of the money was stolen. Mr. Oriach was stunned.
“I submitted a police report, identified the suspect in a district and even testified before a grand jury,” he said. “But none of that seems to have helped my case.”
After The New York Times asked Capital One about Mr. Oriach’s case, bank officials said they had decided it was a scam and wanted to pay him back. “We contacted the customer to apologize for the additional stress this case has caused,” Capital One said in an email.
In recent years, payment apps such as Zelle, Venmo and Cash App have become the preferred way for millions of customers to transfer money from one person to another. Last year, people sent $ 490 billion to Zelle, the country’s most popular payment app, and $ 230 billion through Venmo, its closest rival.
But the same reasons that have attracted customers to these apps – they are free, fast and convenient – have made them easy targets for scammers and thieves. While banks argue that they should not have to refund customers who inadvertently gave a scammer permission to use their accounts, they have also often been reluctant to refund customers such as Mr. Oriach whose money was stolen. It could be a potential violation of the law.
Under a 1978 federal rule called Regulation E, banks are required to make clients whole if their money is stolen from a consumer account through an electronic payment initiated by another person, as in Mr. Oriach’s case.
Since Reg E was written well before payment apps existed, the Consumer Financial Protection Bureau last year issued guidelines stating that the law covered all person-to-person online payments. The agency emphasized that all unauthorized money transfers online – ie any payment initiated by anyone other than the customer and made without the customer’s permission – were the bank’s responsibility.
“When a consumer notifies a financial institution that money was stolen from the consumer’s account, the burden is on the institution to show that the transfer of funds out of the consumer’s account was approved by the consumer,” said Raul Cisneros, a spokesman. for the agency.
However, despite the updated guidance, banks in many cases refuse to refund customers who claim – often with supporting documentation – that money was stolen from their accounts. Banks rarely give clear explanations for their decisions, which gives victims customers with little recourse.
The Consumer Agency’s updated guidelines “created a lot of anxiety and confusion for the banks,” said Peter Tapling, a payment consultant. “Regulation E was never intended for immediate money-making products.”
In early February, Chuck Ruoff said, a thief transferred his cell phone number to another device through an attack technique called “SIM switching.” The thief then used Mr. Ruoff’s number to access his Bank of America accounts and withdraw $ 3,450 through Zelle. Mr. Ruoff reported the theft as soon as he discovered it, but his claim was denied. The bank said the transaction did not appear to be unauthorized.
Mr. Ruoff sent the bank additional documentation, including a police report and a letter from Verizon describing what happened, requesting that the case be reconsidered. He was asked to wait 45 days for a response. When the deadline expired, he was told to keep waiting. Mr. Ruoff spent hours on the phone, calling every few days to get an update on his claim.
“I said repeatedly, ‘I have never used Zelle.’ I never authorized this, “said Ruoff, who has been a Bank of America customer for 34 years.” I told the lady I spoke to right away, do you think I would go to the police department and file a false report? It’s a crime. . “
After The Times contacted Bank of America, it refunded Mr. Ruoff’s money. The bank has already reconsidered its decision and paid the claim after taking into account additional information provided by Mr. Ruoff, said Bill Halldin, a bank spokesman.
Zelle, the most popular payment app, is owned and operated by Early Warning Services, a company based in Scottsdale, Ariz. Early Warning is owned by seven banks – Bank of America, Capital One, JPMorgan Chase, PNC, Truist, US Bank and Wells Fargo. However, each of the 1,600 banks and credit unions that offer Zelle to its customers uses its own security settings and guidelines.
Neither the banks nor Early Warning publish any data on fraud publicly, so it is difficult to say how widespread fraud and theft is on Zelle. Incidents such as those described by Mr. Oriach and Mr. Ruoff are “rare” and form a small part of the activity on the platform, said Meghan Fintland, a spokeswoman for Early Warning.
In a survey of nearly 1,400 people whose accounts were opened without their consent last year, a quarter said Zelle or other person-to-person payment services were used to make unauthorized money transfers, according to a report by Shirley Inscoe, an advisor at Aite – Novarica Group, a financial services consultant. It was second only to fake credit card transactions.
Bob Sullivan, a journalist and longtime consumer advocate, compared the current wave of fraud and theft – and banks ‘reluctance to absorb losses – to the early days of online banking, when phishing and other tricks to get customers’ login information and passwords were epidemic and banks routinely rejected customer claims. It took an order from the Federal Reserve in 2005 to make it clear to banks that they were expected to cover such cases.
Pure theft is just one aspect of the much bigger problem of Zelle fraud and other payment apps. In March, The Times reported that scammers and other scammers often trick people into paying for it themselves – for example, by pretending to be bank employees or selling scams. In these cases, banks usually refuse to make refunds, claiming that since the customers themselves started the transfer, it is not “unauthorized” according to the law’s definition.
Some lawmakers are beginning to take note.
Asked by the House Financial Services Committee about growing online payment fraud following The Times report, Rohit Chopra, director of the Consumer Agency, said it was high on the agency’s radar. “Fraud is piling up and it’s a big problem,” Mr. Chopra said.
Representative Stephen F. Lynch, a Massachusetts Democrat, raised concerns during the hearing on consumer protection for Zelle transfers. “It’s a principled responsibility on the part of the banks,” Lynch said.
Senator Elizabeth Warren, a Democrat from Massachusetts, recently criticized the major banks that own Zelle. “Reports of widespread fraud affecting consumers on Zelle are deeply worrying, especially as the parent company and the major banks that own it do not take responsibility,” said Warren, who sits on the Senate Banking Committee.
In April, she sent a scathing letter to Early Warning Services along with another Democrat, Senator Bob Menendez of New Jersey, blaming the company and its owners for creating a “confusing and unfair” situation for the victims.
Customers have filed separate lawsuits against Bank of America, Capital One and Wells Fargo, claiming that lenders did not do enough to protect consumers from Zelle fraud. Wells Fargo and Capital One declined to comment. Bank of America said it disagreed with the allegations.
Changes in regulatory guidelines have the potential to change the outcome for victims of theft. In May 2020, Martin Bronson, an 80-year-old retiree in Florham Park, NJ, called from a man who claimed to be an Amazon customer service agent. Mr. Bronson gave the man access to his computer with TeamView, a remote control app. The caller then logged into his Bank of America account and used Zelle to transfer $ 3,316.
Mr. Bronson sent the bank his police report. His claim was denied.
After the Consumer Agency issued guidelines clarifying that Reg E covered all unauthorized person-to-person transfers – and after The Times called Bank of America last month about Mr. Bronson’s case – he received good news. The bank refunded him the money.
“We decided the claim based on the facts and applicable guidelines for Regulation E, as we would for any client,” said Halldin, a spokesman for Bank of America.
In January, Carla Lisio, a therapist in White Plains, NY, discovered that $ 4,750 was missing from her Chase checking account. She said she alerted the bank and found out that the money had been sent through Zelle to a Gmail account she did not recognize. Lisio insists she did not make the transfer.
The bank has repeatedly rejected her refund requests, saying it did not find evidence of fraud. “The device used is consistent with your history, no new devices were added and there were no invalid login attempts,” the bank wrote to her in March.
Lisio said she was shocked that her impeccable 25-year history as a Chase customer seemed to count for nothing. “They call me a liar and they call me a criminal because what they say is that I’m trying to steal $ 4,750 from the bank,” she said. “I really just want to say to them, I can not explain what happened. All I can tell you is that I did not do this. And all you can tell me is that you do not believe me.”
When The Times contacted Chase, it stuck to the decision.
Jack Begg contributed research.
