Why Are Banks Denying Customers Refunds for Zelle Fraud?
This is a case of technology getting ahead of the law.
There are existing federal laws that cover credit card fraud, debit card fraud and check fraud.
These are all different laws with slightly different rules, but, for the most part, the law says that if you report the fraud quickly enough (the time varies a bit, but in the 30-60 day range), the bank is required to give you back your money.
Note that this does not apply to businesses. They are supposed to be more sophisticated than consumers, even though the evidence doesn’t always support this theory.
Zelle is considered a peer to peer network and Zelle is a private company, Early Warning Services, which is in turn, owned by big banks like Bank of America and Capital One, among others.
Peer to peer transfers are relatively new and the law has not caught up. Maybe it will, but don’t hold your breath.
Zelle fraud falls into two distinct categories:
(a) someone breaks into your account and sends money by Zelle.
(b) you get conned into voluntarily sending a stranger a gift.
Guess which type of fraud the banks are sympathetic to (not because they are nice, but because the law is on your side).
Zelle members PNC, Truist and US Bank sent information to a Senate investigation. Other banks did not (note to those banks: that is how you get more regulation). Of 35,000 or so cases of fraud reported in 2021 and the first half of 2022, these three banks only refunded money in about 3,500 cases.
Said differently, of the $25 million in fraud, they refunded $2.9 million, or about 10 percent.
Unfortunately, the only ones who got refunds are the ones who had their bank accounts hacked.
This means that consumers need to get smarter.
If someone asks you for money and you don’t know them or you think you know them but you don’t understand why they are asking, DON’T SEND THE MONEY. It is as simple as that.
The scams are as old as dirt. Simple social engineering. Not any better than the Nigerian Prince who wants to give you millions of dollars.
Banks are obligated to pay a request if they think it came from an authorized user and it seems commercially reasonable. Commercially reasonable is pretty hard to define, never mind to implement. If they really wanted to stop fraudulent transactions they would also stop a lot of legitimate ones – and they won’t do that without being forced to by law.
What this means is that consumers need to become a lot smarter – to the tune of $25 million smarter.
My guess is that this number will likely increase long before it goes under control.
At this point, $25 million is a small number, believe it or not, so the banks and even the feds probably won’t be pushed to do anything radical. Global credit card fraud was $25 billion in 2020. Credit: Brian Krebs
If you are interested in user training in preventing social engineering scams, please contact us.