When customers say their money was stolen on Zelle, banks often refuse to pay

Argelys Oriach was on his way home from a shopping trip one night in March when he was robbed at gunpoint. The thief demanded your iPhone and password. Mr. Oriach gave them up and fled.

The next morning, Oriach, who lives in Brooklyn, said he discovered that the thief had drained $8,294 from his Capital One bank accounts using various money transfer apps, including Zelle. He contacted Capital One, hoping the bank would return the stolen money to him, as required by federal law. The bank returned just $250, saying it found no evidence that the rest of the money was stolen. Mr. Oriach was stunned.

“I filed a police report, identified the suspect at a police station and even testified before a grand jury,” he said. “But none of that seems to have helped in my case.”

After the New York Times asked Capital One about Oriach’s case, representatives at the bank said they had determined there was fraud and would reimburse him. “We have reached out to the customer to apologize for any additional stress this matter has caused,” Capital One said in an emailed statement.

In recent years, payment apps like Zelle, Venmo and Cash App have become the preferred way for millions of customers to transfer money from one person to another. Last year, people sent $490 billion through Zelle, the country’s most popular payments app, and $230 billion through Venmo, its closest rival.

But the same reasons that drew customers to these apps – they are free, fast and convenient – ​​have made them easy targets for scammers and thieves. While banks argue that they shouldn’t have to refund customers who have inadvertently given a scammer permission to use their accounts, they are also often reluctant to refund customers like Oriach, whose money was stolen. This could be a possible violation of the law.

Under a 1978 federal rule called Regulation E, banks are required to make customers whole if their money is stolen from a consumer account through an electronic payment initiated by someone else, as in the case of Oriach.

Because Reg E was written well before payment apps existed, the Consumer Financial Protection Bureau last year issued guidelines saying the law covered all person-to-person online payments. The agency clarified that all unauthorized online money transfers — that is, any payment initiated by someone other than the customer and made without the customer’s permission — were the bank’s responsibility.

“When a consumer advises a financial institution that money has been stolen from the consumer’s account, the onus is on the institution to show that the transfer of funds from the consumer’s account was authorized by the consumer,” said Raul Cisneros, a spokesperson. to the office.

But despite updated guidance, banks in many cases refuse to refund customers who claim – often with supporting documentation – that money was stolen from their accounts. Banks rarely provide clear explanations for their decisions, leaving victimized customers with little recourse.

The consumer agency’s updated guidelines “caused a lot of distress and confusion for banks,” said Peter Tapling, a payments consultant. “Regulation E was never intended for instant money movement products.”

In early February, Chuck Ruoff said, a thief transferred his cell phone number to another device through an attack technique called “SIM swapping.” The thief then used Mr. Ruoff to log into his Bank of America accounts and extract $3,450 through Zelle. Mr. Ruoff reported the theft as soon as he discovered it, but his request was denied. The bank said the transaction does not appear to be unauthorized.

Mr. Ruoff sent the bank additional documentation, including a police report and a letter from Verizon describing what happened, and asked that the case be reconsidered. He was instructed to wait 45 days for a response. When that deadline passed, he was instructed to keep waiting. Mr. Ruoff spent hours on the phone, calling every few days for an update on his claim.

“I repeatedly said, ‘I’ve never used Zelle. I never authorized it,’” said Ruoff, who has been a Bank of America customer for 34 years. “I said to the lady I spoke to once, do you think I would go to the police department and file a false report? This is a crime.”

After the Times contacted Bank of America, he returned Mr. Ruoff. The bank was already reconsidering its decision and paid the damages after taking into account additional information provided by Ruoff, said Bill Halldin, a spokesman for the bank.

Zelle, the most popular payments app, is owned and operated by Early Warning Services, a company based in Scottsdale, Arizona. Early Warning is owned by seven banks – Bank of America, Capital One, JPMorgan Chase, PNC, Truist, US Bank and Wells Fargo. But each of the 1,600 banks and credit unions that offer Zelle to their customers uses its own security settings and policies.

Neither the banks nor Early Warning publicly release any data on fraud, so it’s hard to say how prevalent Zelle scams and robberies are. Incidents like those described by Oriach and Ruoff are “rare” and represent a small part of the activity on the platform, said Meghan Fintland, a spokeswoman for Early Warning.

In a survey of nearly 1,400 people whose accounts were accessed without their consent last year, a quarter said that Zelle or other peer-to-peer payment services were used to make unauthorized money transfers, according to a report. by Shirley Inscoe, a consultant for Aite. -Novarica Group, financial services consultant. This was second only to fraudulent credit card transactions.

Bob Sullivan, a longtime journalist and consumer advocate, likened the current spate of scams and robberies – and the reluctance of banks to absorb their losses – to the early days of online banking, when phishing and other tricks to obtain Customer logins and passwords were epidemic and banks routinely denied customer claims. It took a Federal Reserve order in 2005 to make it clear to banks that they should cover such cases.

Outright theft is just one aspect of the much larger fraud problem in Zelle and other payment apps. In March, The Times reported that crooks and other scammers often trick people into making payments themselves — such as posing as bank clerks or selling fraudulent goods. In such cases, banks often refuse to issue refunds, arguing that since the customers themselves initiated the transfer, it is not “unauthorized” by the definition of the law.

Some lawmakers are starting to take notice.

Asked by the House Financial Services Committee about the emergence of online payment scams following The Times report, Rohit Chopra, director of the consumer department, said he was on the department’s radar. “Fraud is piling up and it’s a big problem,” Chopra said.

Representative Stephen F. Lynch, Democrat from Massachusetts, raised concerns at this hearing about consumer protections for Zelle’s transfers. “There’s a responsibility in principle on the part of banks,” Lynch said.

Senator Elizabeth Warren, a Democrat from Massachusetts, recently criticized the big banks that own Zelle. “Reports of widespread fraud harming consumers on Zelle are deeply concerning, especially as its parent and the large banks that own it fail to take responsibility,” said Warren, who sits on the Senate Banking Committee.

In April, she sent a scathing letter to Early Warning Services with another Democrat, Senator Bob Menendez of New Jersey, criticizing the company and its owners for creating a “confusing and unfair” situation for victims.

Customers have filed separate lawsuits against Bank of America, Capital One and Wells Fargo, alleging that the creditors did not do enough to protect consumers from fraud that took place on Zelle. Wells Fargo and Capital One declined to comment. Bank of America said it disagreed with the allegations.

Changing regulatory guidelines has the potential to change the outcome for victims of theft. In May 2020, Martin Bronson, an 80-year-old retiree in Florham Park, NJ, received a call from a man who claimed to be an Amazon customer service agent. Mr. Bronson gave the man access to his computer with TeamView, a remote control application. The caller then logged into his Bank of America account and used Zelle to transfer $3,316.

Mr. Bronson sent the bank his police report. His claim was denied.

After the consumer agency issued guidelines clarifying that Reg E covered all unauthorized person-to-person transfers — and after the Times called Bank of America last month about the Bronson case — he received good news. The bank returned the money.

“We decided the complaint based on the facts and current Regulation E guidelines, as we would any customer request,” said Halldin, a Bank of America spokesperson.

In January, Carla Lisio, a therapist in White Plains, NY, discovered $4,750 missing from her Chase checking account. She said she notified the bank and found the money had been sent through Zelle to a Gmail account she didn’t recognize. Mrs. Lisio insists she didn’t make the transfer.

The bank repeatedly rejected his refund requests, saying it found no evidence of fraud. “The device used is consistent with its history, there were no new devices added and there were no invalid login attempts,” the bank wrote to her in March.

Mrs. Lisio said she was shocked that her impeccable 25-year history as a Chase client seemed to count for nothing. “They’re calling me a liar and they’re calling me a criminal because what they’re saying is I’m trying to steal $4,750 from the bank,” she said. “I really just want to tell them, I can’t explain what happened. All I can say is that I didn’t. And all you can tell me is that you don’t believe me.

When the Times contacted Chase, it stood by its decision.

Jack Begg contributed research.

Leave a Reply

%d bloggers like this: