Zelle, a favorite tool for online criminals, *might* begin protecting users from scams soon. Victims who report they’ve been “robbed” by thieves on the service have long been denied dispute rights we take for granted with other kinds of electronic transactions. On Monday, banks leaked a plan to the Wall Street Journal that would reverse this position. According to the story, banks that give an account to a criminal and receive stolen funds would be forced to refund the victim’s bank, which would then refund the victim. This is great news. It would bring P2P payments out of the dark ages. It would let Zelle thrive the way zero-liability policies turbocharged the credit/debit card market. More important, it would force banks to invest much more time and money into spotting and stopping criminals, since they’d be on the hook for losses.
For now, it’s just a story in the Wall Street Journal — and The New York Times, which really deserves credit for dragging Sen. Elizabeth Warren and her hearing-shaming tactics into this fight. There’s always the chance this is a stalling tactic. The Consumer Financial Protection Bureau is currently weighing rules that would impose this kind of liability on Zelle-member banks, and it’s long been theorized that banking regulators are weighing a make-an-point lawsuit against Zelle. So don’t count your chickens yet. But critically, if you are one of the thousands of Zelle victims who’ve reached out to me through the years, keep those records handy. I doubt banks would make this new policy retroactive on day one, but there may very well be legal opportunities to force their hand.
Don’t expect banks to give up this issue without a fight, however. Zelle is a consortium of the world’s largest banks, and it has been resisting this obvious step for years. The first time I met with a Zelle representative was in 2018, around the time I’d done a series of stories with devastating examples of Zelle victims. Creating credit-card-like consumer protections sounded off the table then. And as recently as October, the American Bankers Association drafted a letter to the CFPB opposing any new regulation, claiming it would effectively kill Zelle’s business model. It’s a manifesto that could apply to any attempt at making banks behave better. Here are some greatest hits from that letter with my notes.
- In a section arguing why irreversibility — criminals’ favorite feature — is essential to Zelle, the ABA says: “Consumers value the fact that P2P payments are made quickly—and importantly—cannot be reversed. … The finality of payment means recipients can confidently use the money as soon as it is received.” But one paragraph earlier, the ABA writes that Zelle should be used “to pay the babysitter, lawn mower, or handyman, to send money to a college student, or to repay a friend for dinner or concert tickets.” Maybe bankers have bad friends and scheming babysitters, but I don’t worry too much about my friends reversing my $40 Zelle payments after lunch.
- “Banks may also have to consider placing “holds” on money sent by P2P, which would fundamentally alter the value and appeal of the “faster payment” product that consumers have overwhelmingly indicated they want.” I’d like to see research on that. People want banks that are safe, first and foremost. But more to the point, I’d love to examine Zelle’s transaction data, because I have a sneaking suspicion that the vast majority of funds never leave Zelle’s ecosystem. That is — the $45 you pay a buddy for dinner stays in her Zelle account until she pays $30 to her friend for happy hour next Tuesday. Speed is not of the essence in those transactions. This is mere pixel placeholding. I’ve long advocated for a delay when transactions exceed a reasonable threshold — say $200? — or maybe anything that’s 500% more than your typical transactions. Such a threshold would CLEARLY communicate what banks obliquely say in their disclaimers, that Zelle should only be used for friends, family, etc.
At any rate, there *is* often a delay when consumers try to actually get their money out of P2P apps. It costs up to $25 to get an ‘instant’ transfer from Venmo, otherwise there’s a 1-3 day delay.
- Banks curiously argue that increasing consumer rights will lead to more fraud. “Shifting liability to banks for authorized but fraudulently induced transactions also will increase scams and embolden scammers. Armed with a written federal government policy stating that consumers are entitled to a return of money sent to scammers, scammers will be better able to induce consumers to send money. They will assure them that there is no downside or risk in sending the money because the bank will reimburse them.”
This is akin to the Sam Pelzman-like argument that seat belts actually make people less safe because they drive more dangerously. The grain of truth in this argument is swallowed up for real-world data and experience showing that banking professionals are in a far better place to stop fraud than amateur consumers just trying to give each other IOUs and have another drink.
- This argument shows there are no limits to the strained logic banks are willing to attempt in defense of their scam-infested software. If higher fraud controls were in place, there would be false positives, and banks would wrongly deny some legitimate transactions. True. But the ABA warns of dire consequences: “For example, a bank might face liability based on the consumer’s claim that the failure to send money caused the consumer to miss out on a profitable investment or purchase opportunity.” If banks are ready to admit their liability for causing lost time and opportunity, I’d think consumers who were wrongly denied loans would get the first number in that massive lawsuit.
You can see why Ed Mierzwinski of the Public Interest Research Group dismissed the ABA’s position as farcical in a recent blog post. “Fire, brimstone, higher costs and other signs of the apocalypse are standard fodder for any industry screed against needed regulation, so I’m not surprised,” he wrote this week.
Specious arguments aside, I’d like to focus on what the ABA says quite plainly in its manifesto against fixing Zell. Fraud on the service is “de minimus.” As in, “too trivial to merit consideration.” Yup. That’s you, bank customers. Too trivial to merit consideration. I’ve written about an elderly woman who didn’t even know she had a Zelle account and had $23,000 stolen from her — about a widow who had every penny of her small business loan stolen via Zelle — about a woman who donated to a friend who needed a kidney transplant, had her account drained, and was forced to make a ‘hostage video.’ In each case, and in hundreds more, banks denied legitimate fraud claims. Claims that devastate real human beings. They are all “de minimus.” Google “Zelle fraud” now, or search Twitter. You won’t be able to read all the results you get.
All those victims are “de minimus.” Too trivial to merit consideration.
And so, dear reader, are you. That’s what passes for a business model in the age of Gotcha Capitalism. Become as large as possible as fast as possible, and dismiss the collateral damage as de minimus.
I’m belaboring the point because I’ll say to anyone who will listen nowadays — poor customer service is our greatest security vulnerability. Mistreated consumers have become a favorite vector for criminals. People pay hackers to get their hijacked Instagram accounts back. They pay bots to get a spot on the IRS telephone helpline. And criminals use this frustration as an easy way to hack corporate networks. Why guess usernames and passwords when you can simply enlist disgruntled consumers to steal for you? The ABA basically admits this.
“It is difficult to persuade customers not to send the money because criminals have coached them not to contact or trust the bank,” the AMA writes. Exactly. Consumers trust random callers rather than their banks when faced with a critical choice. Maybe that sounds absurd until you read the story of a woman who was in the middle of a Zelle scam, walked into a bank, and couldn’t even get help when she put the criminal on speakerphone in the bank lobby.
That’s what a “de minimus” world gets you. We live in a world where most businesses are Too Big to Scale. They just can’t reasonably service their customers. They use technology to feign a token effort (“Try our self-service app”) but when anything really goes wrong, you’re screwed. And, you’re de minimus. That is, digital roadkill. There’s no human who can make a reasonable good-faith judgment on your issue; there’s only a software-driven infinite loop saying NO. Professionalism, morality, the natural human urge to intervene when human suffering lands at your door — these have all been downsized out of the system. “Sorry, grandma, your life savings is gone and we can’t do anything. Now, how would you rate this customer service interaction? 5 stars? Would you like to apply for an auto loan?”
Too Big to Scale is a problem I will be writing about more in the coming weeks and months. For now, delight in small victories. The Zelle network might do the right thing. That’s very good news. Thank a journalist like Stacey Cowley if you get the chance.