A new rash of Zelle hacks has left consumers with empty banks accounts and little hope for refunds — but there is hope that federal regulators might finally impose fair rules to protect victims. Anyone who’s lost money through Zelle, or who is currently fighting their financial institution over lost funds, should follow the instructions later on in this story.
I’ve been reporting on Zelle crime for several years. Using various methods and cover stories, criminals hijack victim accounts and send themselves money, leaving a wake of frustrated victims in their path. Consumers — many who never ever realized they had a Zelle account – then call their banks, expecting they’ll be covered by credit-card-like protections, only to face disappointment and in some cases, financial ruin.
In many cases, banks are giving consumers incorrect and self-serving opinions after the thefts. Consumers who suffer unauthorized transactions are entitled to Regulation E protection, and banks are required to refund the stolen money. (This isn’t a controversial opinion, and it was recently affirmed by the CFPB here. If you are reading this story and fighting with your bank, start by providing that link to the financial institution).
But in email after email, I hear from consumers who are denied refunds, with “fraud investigators” at banks telling account holders Zelle transactions are not entitled to any protection. This is incorrect, and I hope one day a regulator forces banks to reexamine all these fraudulent transactions, issue refunds, and other sanctions for repeatedly mistreating consumers.
However, a slightly different variation of the Zelle fraud is now common and it is less clear that Regulation E applies to it. In this scam, consumers are contacted by a criminal posing as a bank official, telling a cover story that the consumer’s account has been hacked. After several convincing verification procedures — often there’s a text message that appears to come from the bank, which includes a toll-free number to call — the criminal convinces the victim to move supposedly at-risk funds to a new Zelle account allegedly created for their protection. In reality, the criminal is manipulating the consumer into moving the money into an account the hacker controls. Here’s just one example from the flood of emails I’ve received recently:
“I was a recent victim of someone pretending to be Bank of America letting me know my account had been hacked. This happened while I was on the way to a dentist appointment after a very stressful day of work,” the writer told me. The victim, distracted by the appointment, followed the instructions the caller laid out, “thinking I was saving myself from being hacked when in reality I was actually being hacked. After I got off of the phone I literally threw up because I realized what happened.”
Said another writer, “I was scammed and thought I was refunding myself through Zelle but really the $1,000 got sent to the scammer.”
Once victims discover the crime, and call their bank looking for help, they are told they’re out of luck. The bank’s opinion is that the consumer initiated the transaction, so it does not fall under the Regulation E “unauthorized transaction” protection. I’d like to say banks are wrong, but Lauren Sanders of the National Consumers Law Center told me they have a point:
“(Protection applies) where the scammer takes information they got from the consumer and the scammer then initiates the payment. It sounds like in your scenario, the consumer actually initiates — sends — the payment,” she said. “Under the (Electronic Funds Transfer Act), the definition of ‘unauthorized transfer’ is one ‘initiated by a person other than the consumer.’ So if the consumer initiates the payment, you can’t challenge it as unauthorized.”
Sorry to deliver that bad news. There is another potential route for consumers hoping their banks will help, however. Sauders said there is a different set of protections that apply to “errors,” and that includes something designated an “incorrect transfer.”
“Arguably a payment that went to a scammer instead of yourself is “incorrect,” but banks are going to claim that it’s not an error,” Saunders said.
So, to repeat: If a criminal initiates a Zelle transfer — even if the criminal manipulates a victim into sharing login credentials — that fraud is covered by Regulation E, and banks should restore the stolen funds. If a consumer initiates the transfer under false pretenses, the case for redress is more weak.
FILE YOUR ZELLE COMPLAINTS HERE
All the more reason anyone who’s suffered at the hands of Zelle and bank indifference should participate in a new effort by federal regulators to investigate newfangled tech-driven payment tools. In October, the CFPB announced it was ordering Amazon, Apple, Facebook, Google, PayPal, and Square to share information about their payment systems. The inquiry will examine the degree to which these firms are protecting consumer rights. The CFPB asked interested parties, including consumers, to offer commentary on the investigation.
“Consumers expect certain assurances when dealing with companies that move their money,” the CFPB said in announcing the probe. “They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law. The orders seek to understand the robustness with which payment platforms prioritize consumer protection.”
There is a deadline however, and it’s soon: December 6. Instructions for contributing comments are available here, but basically – send an email to BigTechPaymentsInquiry@cfpb.gov. Include Docket No. CFPB-2021-0017 in the subject line of the message.
“That is the perfect place for people to express their anger and push for better protections,” Saunders said.
NOTE: The inquiry does not officially mention Zelle and other cash-like apps, but any efforts to extend credit-card-like consumer protections to new payment systems might very well apply to Zelle in the end.
On 11/21/2021@0806, I received 2 text messages on my cell phone claiming to be from Chase Bank Fraud Dept @ 828-528-6513, case # 3693606. First message asked if I had attempted $205.95 at a Walmart Super Center 2021 in Georgia–I did not. Second message asked if I had made a Zelle payment of $2000.00. Both asked me to reply Yes or No. After replying NO @ 0808 I received a call from 415-788-1037 @ 0811 to discuss the remedy for this fraudulent claim. The person I spoke with, Brian Urias, walked me through the “process to remove the scammer”, Jose M, from the Chase Zelle account. He claimed I had to authorize another $2000 transaction to remove this scammer. I followed his instructions for another $2000 and I am now out a total of $4000. Chase claims they have no responsibility to restore my funds even though the scammer used the Zelle transfer pay process to access my account. Incredibly, (B of A, BB&T/Trust, Capitol One, JP Morgan Chase, PNC Bank, USBank and Wells Fargo) all jointly own Zelle but claim it is a third party they have no control over and are not responsible for any of it’s transactions.
ATTACHMENTS
Screenshot_20211123-103843_Messages (1).jpg (209.3 KB)
View full complaint
Can you help me?
I received text messages from Wells Fargo yesterday concerning Zelle transactions I did not make. A fraudster contacted me using what appeared to be Wells Fargo phone number. He sent me access codes and showed me how to send $26,000 to myself. I had never used Zelle before. The money went to the fraudster. I filed a police report yesterday. I also called Wells Fargo to open a claim. I was asked if the third party accessed my computer. He did not. I was induced to follow his directions. I do not know if regulation E will help me be reimbursed by the bank.
Update
I contacted KNBC here in Los Angeles, gave them all my information and after they sent an email to the Chase executive branch, Chase refunded all the money that the fraudsters scammed from me. Bottom line, it pays to go public!
Deborah
Hello, this literally happened to me yesterday! NOT HAPPY AT ALL!!! 4600.00 and Chase Bank won’t help me! I was wondering if you ever got anywhere with this, I am ready and willing to move forward with trying to get my money back , but most importantly helping others not to have to go through this!
Contact any TV station in your area that helps consumers. Mine here in SoCal was KNBC. I went on their website, followed their instructions and long story short–once they got involved and contacted Chase I got my funds restored–every penny! As I said previously it pays to got public!!!
I received text messages from Wells Fargo yesterday concerning Zelle transactions I did not make. A fraudster contacted me using what appeared to be Wells Fargo phone number. He sent me access codes and showed me how to send $26,000 to myself. I had never used Zelle before. The money went to the fraudster. I filed a police report yesterday. I also called Wells Fargo to open a claim. I was asked if the third party accessed my computer. He did not. I was induced to follow his directions. I do not know if regulation E will help me be reimbursed by the bank. I am surprised Wells Fargo allowed this much money to be sent without contacting me first.
Do you (or anyone else) have any more information on this possible approach? You write:
There is another potential route for consumers hoping their banks will help, however. Sauders said there is a different set of protections that apply to “errors,” and that includes something designated an “incorrect transfer.”
“Arguably a payment that went to a scammer instead of yourself is “incorrect,” but banks are going to claim that it’s not an error,” Saunders said.
When Customers Say Their Money Was Stolen on Zelle, Banks Often Refuse to Pay – The New York Times – Oline Earing Tips