The Consumer Financial Protection Bureau sued JPMorgan Chase, Bank of America and Wells Fargo on Friday, along with Early Warning Services, the operator of peer-to-peer payments platform Zelle, alleging the companies failed to protect consumers from fraud.
Customers of the three banks have lost more than $870 million over Zelle in the past seven years, the CFPB asserted, alleging that Early Warning Services rushed the platform to market to compete with the likes of Venmo and Cash App but without effective safeguards.
“The nation’s largest banks felt threatened by competing payment apps, so they rushed to put out Zelle,” CFPB Director Rohit Chopra said in a statement Friday. “By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves.”
JPMorgan, Bank of America and Wells Fargo are among the seven banks that own Zelle, along with PNC, U.S. Bank, Truist and Capital One, which do not appear to be mentioned in the suit.
The four latter banks were also not probed by the Senate Permanent Subcommittee on Investigations earlier this year. The PSI released a report in July on EWS, JPMorgan, Wells and BofA’s alleged failure to protect consumers from fraud. The report found that JPMorgan reimbursed just three transactions out of 41,390 scam disputes in 2020, while Wells didn’t reimburse any of 25,061 scam disputes and Bank of America didn’t track scam data as its own dispute category until the latter half of 2020.
In 2023, the three banks reimbursed scam victims just 12% of the time, the PSI found.
Bank of America disclosed in October that it was responding to a CFPB inquiry related to the bank’s processing of electronic payments through Zelle that it warned at the time may result in litigation.
JPMorgan warned in August that it may sue the CFPB if the agency were to issue an enforcement action against the bank over transfers of funds through Zelle.
Banks ‘abandoned’ victims, Chopra says
The CFPB seeks to hold the three big banks accountable “for their role in enabling systemic fraud and then playing dumb when consumers were exploited,” Chopra said during a media call Friday.
The bureau launched its investigation in 2021, and the lawsuit stemming from it details how the banks, in 2017, rushed to launch a payment system without implementing basic protections for their customers, the CFPB director said.
“Nearly a decade ago, banks realized that their lack of investment in customer service and consumer friendly technologies was coming back to bite them,” Chopra said.
Banks knew their customers’ money was being stolen, but since they weren’t the ones bearing the brunt of the losses, “they dragged their feet on fixing the problems,” Chopra said.
Lenders “didn’t track or stop suspicious activity across banks, so when one bank detected fraud and closed an account, nothing stopped the criminal from hopping to another bank and starting fresh,” Chopra asserted.
The CFPB’s investigation uncovered two major patterns of account takeover fraud that banks failed to address, Chopra noted. Some criminals would obtain one-time passcodes to take over accounts and send funds, while others would steal phones and quickly make unauthorized transfers.
“In case after case, banks routinely denied requests for help, turning a blind eye even when customers provided clear evidence that criminals had taken over their accounts and that the transactions were unauthorized,” Chopra said.
Banks dismissed these claims based on “faulty logic,” such as saying because a phone had been used for legitimate transfers, all future transfers made with that device had to be legitimate.
“Instead of providing legally required assistance, banks often abandoned these victims, sometimes even telling them to contact the criminals themselves and request their money back,” Chopra said. “This is not just about convenience or technological innovation. This is about financial institutions fulfilling their basic obligations to protect customers’ money and help fraud victims recover their losses.
“These banks broke the law by running a payment system that made fraud easy and then refusing to help the victims,” Chopra said.
EWS calls suit ‘meritless’
Zelle owner Early Warning Services called the CFPB’s lawsuit “meritless” and said it will harm consumers, small business and community banks while empowering fraudsters.
“The CFPB’s attacks on Zelle are legally and factually flawed, and the timing of this lawsuit appears to be driven by political factors unrelated to Zelle,” Zelle spokesperson Jane Khodos said in a statement Friday.
“Zelle leads the fight against scams and fraud and has industry-leading reimbursement policies that go above and beyond the law,” Khodos added. “The CFPB’s misguided attacks will embolden criminals, cost consumers more in fees, stifle small businesses and make it harder for thousands of community banks and credit unions to compete.”
Early Warning is “fully prepared to defend” against the lawsuit, Khodos said in the statement.
A JPMorgan spokesperson also blasted the CFPB for its “last ditch effort” in pursuit of a “political agenda.”
“The CFPB is now overreaching its authority by making banks accountable for criminals, even including romance scammers,” JPMorgan spokesperson Trish Wexler said in a statement. “It’s a stunning demonstration of regulation by enforcement, skirting the required rulemaking process. Rather than going after criminals, the CFPB is jeopardizing the value and free nature of Zelle, a trusted payments service beloved by our customers.”
A Bank of America spokesperson said more than 99.95% of transactions across the Zelle network “go through without incident,” and the bank works directly with clients that encounter issues. “We strongly disagree with the CFPB’s effort to impose huge new costs on the 2,200 banks and credit unions that offer the free Zelle service to clients,” the spokesperson said.
A Wells Fargo spokesperson declined to comment.
The National Consumer Law Center, however, praised the CFPB’s action, calling it a crucial step in holding system operators accountable for enabling fraudulent and unauthorized payments.
“The CFPB is standing up for people who weren’t able to get the big banks to take their claims of fraud seriously and return their hard-earned money,” Carla Sanchez-Adams, senior attorney at the NCLC, said in a statement.
The banks that own Zelle reimbursed less than half of the amount customers reported in fraud through the peer-to-peer platform in 2021 and the first half of 2022, according to a 2022 report from Sen. Elizabeth Warren, D-Mass. Warren, the incoming ranking member of the Senate Banking Committee, has urged the CFPB to bolster and clarify Regulation E, which governs when banks must repay harmed customers.
The CFPB alleges the three banks and EWS violated the Consumer Financial Protection Act’s prohibition on unfair acts or practices, and that the banks violated the Electronic Fund Transfer Act and Regulation E “for failing to conduct reasonable investigations of notices of errors submitted by consumers regarding Zelle transactions; and failing to properly treat incorrect and unauthorized Zelle transfers as errors under the law,” the CFPB said.
Chopra likely has about a month left in his tenure as the head of the CFPB, as he is widely expected to be replaced once President-elect Donald Trump takes office in January. When asked about how that may affect potential litigation, a CFPB senior official noted the investigation has been underway for years.
“Where we see violations of law, we’re going to take action,” the official said.
