The seven banks that own the payments network Zelle are preparing a major rule change early next year that will require the network’s member banks to compensate customers who fall victim to certain kinds of scams, according to two people familiar with the plans.
The shift would reverse the network’s current policy, which typically sticks customers with the losses on any Zelle transactions that the customers physically initiated themselves — even if they were tricked into sending their cash to a thief. A growing number of scams using Zelle has angered lawmakers and regulators, who have pressured banks to better protect — or indemnify — their customers.
Many details of the new policy are still being worked out, said the people, who requested anonymity to describe private discussions. The approach would, for the first time, require banks to assume liability for certain transactions made on the Zelle network. The plan was reported earlier by The Wall Street Journal.
Zelle has become the nation’s most popular peer-to-peer payments platform; last year, customers used it for 1.8 billion cash transfers totaling $490 billion. The network lets customers move money instantly to others across any of Zelle’s 1,700 member banks and credit unions.
That speed is the network’s biggest selling point but also its biggest vulnerability: Under the network’s current rules, all payments are irrevocable once made. That means that even when a transaction turns out to be fraudulent, neither the customer who sent the money nor the customer’s bank has any recourse for retrieving it.
The issue was thrust into the spotlight this year after a New York Times investigation found that scammers, often posing as bank representatives, were using a sophisticated combination of technical trickery and psychological manipulation to defraud customers. Victims frequently lost hundreds, or even thousands, of dollars in just minutes.
Under the planned rules, if the banks determined that a customer had been deceived into sending money, the recipient bank — the one holding the thief’s bank account — would be responsible for returning the money to the victim’s bank. That bank would then refund its defrauded customer.
The change would apply only to frauds in which a customer was misled — by, for example, someone posing as a bank employee — into sending cash that they did not otherwise intend to transfer. It would not apply to other common frauds, like romance scams or sellers advertising false goods for sale, like purebred puppies or concert tickets.
Thieves typically yank their stolen money out of the bank accounts very quickly, before the bank has time to freeze the funds. That means banks will often be on the hook for repaying customers, the people familiar with the plan said — a move that could prompt some of Zelle’s members to leave the network.
A representative of Early Warning Services, the Scottsdale, Ariz., company that operates the Zelle network, declined to comment on the planned changes. “Part of our work includes collaborating with our financial institution participants to evolve and enhance our network-wide rules,” the company said in a written statement.
Early Warning Services is owned by Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank and Wells Fargo. Those banks agreed in recent weeks to make the policy change, the people with knowledge of the plan said. It is expected to take effect early next year.
While the banks work on the voluntary change, the Consumer Financial Protection Bureau, one of their major regulators, is considering issuing guidance that could require banks to bear more liability for their customers’ losses on fraudulent peer-to-peer transactions.
“Fraud and scams are a growing problem on peer-to-peer payment apps,” a spokesman for the bureau said. “The C.F.P.B. will look closely at the changes any platform proposes to combat this pervasive issue.”
Senator Elizabeth Warren, a Massachusetts Democrat on the Senate Banking Committee, turned the issue into a crusade. At a hearing in September, she blasted the chief executives of several large banks for taking a hands-off approach to what she called “alarming” theft levels on Zelle: “When someone is defrauded, you claim that’s the customer’s problem.”
A handful of banks had already quietly decided to reimburse their customers for certain losses. JPMorgan Chase, for example, said in a letter to senators shortly after the hearing that it reimburses victims of one prevalent attack, known as the “me-to-me” scam, in which someone posing as a bank official directs a customer to send cash through Zelle to his or her own email address or phone number. Without the customer’s knowledge, the thief has intercepted the victim’s email or phone and attached it, using Zelle, to the thief’s own bank account.
Bank of America has also been refunding customers for “me-to-me” fraud cases, a bank spokesman said.