When customers say their money has been stolen on Zelle, banks often refuse to pay

Argelys Oriach was on his way home from a shopping trip one evening in March when he was robbed at gunpoint. The thief demanded his iPhone and passcode. Mr. Oriach turned them around and fled.

The next morning, Mr. Oriach, who lives in Brooklyn, said he discovered that the thief had debited $8,294 from his bank accounts at Capital One, using multiple money transfer apps, including Zelle. He contacted Capital One, expecting the bank to refund him the stolen money, as required by federal law. The bank refunded only $250 and said it had found no evidence that the rest of the money had been stolen. Mr. Oriach was stunned.

“I have reported it to the police, identified the suspect at a police station and even testified before a grand jury,” he said. “But none of that seems to have helped my case.”

After The New York Times asked Capital One about Mr. Oriach’s case, bank representatives said they had determined the fraud had occurred and would refund him. “We have reached out to the client to apologize for any additional stress this matter has caused,” Capital One said in an emailed statement.

In recent years, payment apps such as Zelle, Venmo and Cash App have become the preferred way for millions of customers to transfer money from one person to another. Last year, people sent $490 billion through Zelle, the country’s most popular payment app, and $230 billion through Venmo, its closest rival.

But the same reasons that have drawn customers to these apps — they’re free, fast, and convenient — have made them easy targets for scammers and thieves. While banks claim they shouldn’t refund customers who have inadvertently authorized a scammer to use their accounts, they’re also often reluctant to let customers like Mr. Oriach whose money has been stolen, to be repaid. That could be a possible violation of the law.

Under a 1978 federal rule called Regulation E, banks are required to recover customers if their money is stolen from a consumer account through an electronic payment initiated by another person, as in the case of Mr. Oriach.

Since Reg E was written long before payment apps existed, the Consumer Financial Protection Bureau guidelines issued last year say the law covered all person-to-person online payments. The agency clarified that all unauthorized online money transfers — meaning any payment initiated by anyone other than the customer and without the customer’s consent — was the bank’s liability.

“When a consumer notifies a financial institution that money has been stolen from the consumer’s account, it is up to the institution to demonstrate that the transfer of money from the consumer’s account has been authorized by the consumer.” said Raul Cisneros, a spokesman. in front of the desk.

But despite the updated guidelines, in many cases, banks are refusing to refund customers who claim — often with supporting documentation — that money has been stolen from their accounts. The banks rarely give clear explanations for their decisions, so that customers who have been duped have little recourse.

The updated guidelines from the consumer agency “caused a lot of fear and confusion among banks,” said Peter Tapling, a payments consultant. “Regulation E was never intended for direct money transfer products.”

In early February, Chuck Ruoff said a thief had transferred his cell phone number to another device via… an attack technique called ‘SIM swapping’. The thief then used Mr. Ruoff to get into his accounts at Bank of America and withdraw $3,450 through Zelle. Mr. Ruoff reported the theft as soon as he discovered it, but his claim was denied. The bank said the transaction did not appear to be unauthorized.

Mr. Ruoff sent the bank additional documentation, including a police report and a letter from Verizon describing what had happened, and requesting that the matter be reconsidered. He was told to wait 45 days for a response. When that deadline passed, he was told to keep waiting. Mr. Ruoff spent hours on the phone and called every few days for an update on his claim.

“I’ve said repeatedly, ‘I’ve never used Zelle. I never authorized this,” said Mr. Ruoff, who has been a Bank of America customer for 34 years. ‘I said to the lady I spoke to once, do you think I would go to the police and make a false report? That’s a crime.”

After The Times contacted Bank of America, Mr. Ruoff’s money was refunded. The bank was already reconsidering its decision and paid the claim after considering additional information from Mr Ruoff, said Bill Halldin, a bank spokesperson.

Zelle, the most popular payment app, is owned and operated by Early Warning Services, a company based in Scottsdale, Ariz. Early Warning is owned by seven banks: Bank of America, Capital One, JPMorgan Chase, PNC, Truist, US Bank and Wells Fargo. But each of the 1,600 banks and credit unions that offer Zelle to their customers uses its own security settings and policies.

Neither the banks nor Early Warning are releasing fraud data publicly, so it’s hard to say how common scams and thefts are on Zelle. Incidents like those described by Mr. Oriach and Mr. Ruoff are “rare” and are a small part of the activity on the platform, said Meghan Fintland, an Early Warning spokeswoman.

In a survey of nearly 1,400 people whose accounts were accessed without their consent last year, a quarter said Zelle or other personal payment services were being used to conduct unauthorized money transfers, according to a report by Shirley Inscoe, a consultant at Aite. – Novarica Group, a financial services company. That was second only to fraudulent credit card transactions.

Bob Sullivan, a journalist and long-time consumer advocate, compared the current wave of scams and theft — and the banks’ reluctance to absorb the losses on them — to the early days of online banking, when phishing and other tricks to get hold of customers’ credentials and passwords were epidemic and banks routinely made claims from customers denied. It took a order from the Federal Reserve in 2005 to make it clear to the banks that they were expected to cover such cases.

Overt theft is just one aspect of the much bigger problem of fraud on Zelle and other payment apps. In March, The Times reported that scammers and other scammers often fool people to make payments themselves, for example by posing as bank employees or by selling fraudulent goods. In those cases, banks usually refuse to issue refunds, arguing that since customers initiated the transfer themselves, it is not “unauthorized” by the law’s definition.

Some lawmakers are starting to take note.

Asked by the House Financial Services Committee about the rising online payment scam in response to the The Times report, Rohit Chopra, the director of the consumer agency, said it was high on the agency’s radar. “The fraud is piling up and it’s a big problem,” said Mr Chopra.

Representative Stephen F. Lynch, a Democrat from Massachusetts, expressed concern about consumer protections for Zelle transfers at that hearing. “Basically, the banks have a responsibility,” said Mr. Lynch.

Massachusetts Democrat Senator Elizabeth Warren recently criticized Zelle’s large banks. “Reports of widespread fraud harming consumers on Zelle are deeply troubling, especially since the parent company and the major banks that own it are not taking responsibility,” said Ms Warren, who sits on the Senate Banking Committee.

In April she sent a damning letter to Early Warning Services with another Democrat, Senator Bob Menendez of New Jersey, who berates the company and its owners for creating a “confusing and unfair” situation for victims.

Customers have filed separate class-action lawsuits against Bank of America, Capital One and Wells Fargo, alleging that the lenders have not done enough to protect consumers from fraud that has taken place on Zelle. Wells Fargo and Capital One declined to comment. Bank of America said it disagrees with the allegations.

Changing legal guidelines may change the outcome for victims of theft. In May 2020, Martin Bronson, an 80-year-old retiree in Florham Park, NJ, received a call from a man claiming to be an Amazon customer service representative. Mr. Bronson gave the man access to his computer with TeamView, a remote control app. The caller then went to his Bank of America account and used Zelle to transfer $3,316.

mr. Bronson sent the bank his police report. His claim was rejected.

After the consumer agency issued guidelines clarifying that Reg E covered all unauthorized person-to-person transfers — and after The Times called Bank of America last month about Mr. Bronson’s case — he got some good news. The bank refunded him the money.

“We have decided the claim based on the facts and current Regulation E guidelines, as we would with any customer request,” said Bank of America spokesman Halldin.

In January, Carla Lisio, a therapist in White Plains, NY, found $4,750 missing from her bank account at Chase. She said she notified the bank and found that the money had been sent through Zelle to a Gmail account that she did not recognize. Ms. Lisio insists she didn’t make the transfer.

The bank has repeatedly rejected its refund requests, saying it had found no evidence of fraud. “The device used matches your history, no new devices were added and there were no invalid login attempts,” the bank wrote to her in March.

Ms. Lisio said she was shocked that her flawless 25-year history as a Chase customer seemed to count for nothing. “They call me a liar and they call me a criminal because what they’re saying is, I’m trying to steal $4,750 from the bank,” she said. “I really just want to tell them, I can’t explain what happened. I can only tell you that I didn’t do this. And all you can tell me is you don’t believe me.’

When The Times contacted Chase, it stuck with his decision.

Jack Begg research contributed.

Leave a Comment

Your email address will not be published.