Letter to Rohit Chopra, Director of the Consumer Financial Protection Bureau - Menendez, Reed, Warren, Brown, Cortez Masto, Warnock Urge Cfpb to Hold Banks That Own Zelle Accountable for Facilitating Fraudulent Payments to Crooks

Letter

Dear Director Chopra:

We write to urge the Consumer Financial Protection Bureau (CFPB) to protect consumers from frauds and scams on instant payment apps.

Instant payment apps, such as Zelle, provide users with the ability to transfer funds in real time to family, friends, businesses, and strangers. The benefit of speed comes with a hidden cost. Fraudsters and scammers are drawn to these platforms because it is all too easy for them to convince a consumer to use her phone to send money, which they will receive nearly instantly. Operators and owners of these apps, while touting their convenience, have not worked sufficiently to safeguard consumers and have instead sought to avoid providing reimbursement when their customers are defrauded or scammed.

In these circumstances, consumers are often on the hook because existing rules do not reflect new technological developments. Under the Electronic Fund Transfer Act (EFTA) and the CFPB's Regulation E, a consumer is protected if they are tricked into handing over account information to a fraudster who then initiates a transfer. But a consumer is not protected if they are tricked into opening an application to transfer funds directly to the fraudster. Consumers should be protected in both circumstances.

Determining liability based on whether a consumer or a fraudster physically initiates a transaction is antiquated. This approach developed when consumers transferred money electronically by providing their own bank with the recipient's account number and routing number, and then waiting days for accounts to be credited and debited. It is not suited for the current system, where consumers need only a cell phone number or username to send peer to peer payments from a mobile device with nearly instantaneous credits and debits. Our nation's consumer protection rules must evolve to keep pace with the growth of instant payment apps like Zelle.

Following an investigation into reports of widespread fraud on Zelle, we wrote to Zelle's parent company, Early Warning Services, LLC (EWS) in April 2022, and to the seven banks that own EWS in June 2022. Although EWS failed to answer many of our questions, the response letter confirmed that an existing gap in regulatory authority allowed both EWS and the financial institutions on the platform to avoid liability and deny consumers recourse for fraud, which cost consumers hundreds of millions of dollars. Given the sheer numbers of consumers using instant payment apps such as Zelle and the hundreds of billions transferred through these platforms each year, the inadequacy of current consumer protections is unacceptable.

We are pleased by recent reports that the agency is considering strengthening Regulation E and expanding liability for operators and owners of these platforms. Indeed, the CFPB has options under its existing authority to protect consumers from the common frauds and scams that occur on these apps. The CFPB could clarify that, in certain circumstances, a payment is an "error" when a consumer is defrauded into initiating a transfer to a scammer. Indeed, the EFTA already provides the CFPB with authority to prescribe additional categories of "error" transactions that the financial institution--rather than the consumer--should be responsible for correcting. Or the CFPB could issue guidance that a fraudulently induced transaction is an "unauthorized electronic fund transfer" under the EFTA, which could also end up shifting liability from consumers to financial institutions.

These kinds of approaches would provide more consistent and fairer outcomes than the current rules, which offer no protections against the common scams and frauds that have proliferated on instant payment apps like Zelle. To be made whole, consumers now must rely on the munificence of their scammers to return their or money, or they must seek voluntary reimbursement from their bank. Neither alternative holds much certainty. According to press reports, one of the nation's largest banks (which co owns Zelle) has denied reimbursement requests even by customers with a "spotless 25-year history" with the bank. The CFPB should send a strong signal that the agency expects banks under its supervision to bear more responsibility for letting scammers and fraudsters onto apps that they developed and that they currently market as safe platforms to send and receive money.

Raising the bar on banks' liability would create powerful incentives for Zelle and other instant payment apps to invest more in fraud prevention. Current industry efforts are limited to boilerplate pop-up warnings and FAQs that customers should send money only to people they know and that using Zelle is akin to using cash. But these low tech methods are not suited for today's sophisticated apps. The rampant fraud and abuse on Zelle demonstrate that a simple "buyer beware" approach has not worked. And the face-to-face interaction inherent in cash transactions provides a layer of fraud prevention that cannot be replicated online or through a mobile device. A more effective approach would be for the CFPB to expand banks' liability to encompass a far greater set of fraudulent transactions. If a bank permits a scammer or fraudster onto the platform, then that bank should naturally bear some responsibility when its own customer uses a bank-provided payment service to rip off others--rather than telling customers that is their fault for being victimized.

An industry representative was recently quoted in the press to say that these approaches run the risk of inviting so-called "friendly fraud, where consumers abuse the new liability rules" and that "[t]here's potential for abuse" with the bank as the victim. But the EFTA already protects banks against "transfers initiated with fraudulent intent by the consumer." All we are asking is for the CFPB to similarly protect banks' customers against transfers with "fraudulent intent" involving other consumers on payment apps that banks themselves own, operate, and control. Because even one instance of fraud can wipe out a consumer's personal finances, the CFPB should strike a more appropriate balance between preserving the benefits of faster payment options with curtailing consumer harm.

Given the growing marketing and use of these apps, we believe it is essential that the CFPB intervene to protect consumers by more vigorously applying its existing authority under the EFTA and Regulation E, and we are pleased by reports that the agency is considering some of these actions. We appreciate your attention to this critical matter, and look forward to your prompt reply.

Sincerely,