On December 20, 2024, the Consumer Financial Protection Bureau (CFPB) filed a lawsuit against three major US banks and Early Warning Services (EWS), the operator of Zelle. The CFPB said they filed the lawsuit against the three banks and EWS “for failing to protect consumers from widespread fraud”…”without implementing effective consumer safeguards”. The CFPB went on to say “Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven year existence due to these failures.”
What the CFPB failed to say:
• “The Zelle platform processed over $806 billion in transactions across 2.9 billion individual transfers in 2023. More than 99.95% of these transactions were completed without any reports of fraud or scams, according to Zelle data.” (From the Bank Policy Institute on December 20)
• The CFPB has not commented on other non-bank P2P services such as PayPal, Venmo and CashApp, which according to the Bank Policy Institute (BPI) have more disputed transactions. See Chart 1 from the Bank Policy Institute.
Source: Bank Policy Institute, “CFPB’s Allegations Against Zelle Have No Basis in Law”, December 20, 2024
Zelle has some of the lowest fraud/scam losses for a P2P service. In 2023, with $806 billion in transaction amounts, the fraud and scam losses totaled an estimated $400 million. Assume there is a 50/50 split between fraud (unauthorized transactions) and scams (e.g. impersonation authorized transactions). Then approximately $200 is fraud and typically reimbursed under Regulation E and the other $200 million in scam transactions is mostly non-reimbursed (except for impersonation scams, which are reimbursed).
A Wall Street Journal article had several additional key points:
• “The CFPB’s attacks on Zelle are legally and factually flawed, and the timing of this lawsuit appears to be driven by political factors unrelated to Zelle,” a Zelle spokeswoman said in a statement.
• Trump hasn’t yet named a nominee to lead the agency, and it is possible that a future director would decide to abandon the action against Zelle and its operators.
So, given there will be a new administration in the US in less than 30 days, it is not clear if this lawsuit will move forward and why it was filed so close to the start of a new administration. The Financial Times went even further. Jared Seiberg, a financial research analyst at TD Cowen wrote in research which “said the banks have a strong defense in the case ‘as much of the fight is over authorized transactions’.” There are no current regulations around reimbursement for authorized transactions.
What Should the CFPB Focus Be?
While CFPB has spent most of the last half of 2024 on preparing for the Zelle lawsuit, the bigger issue of consumer financial scams in the US, estimated by the FTC at $158 billion in 2023, was ignored by the CFPB. Now, $200 million in Zelle scam losses per year is not small and should not be ignored. And if there are weak controls in Zelle, identified by the CFPB, they should be fixed. But $158 billion in estimated consumer scam losses for one year is where the CFPB should be focused. Zelle scams are 0.13% of the US consumer scams problem.
Where the CFPB should be focused is creating a US government response to this massive consumer financial scam problem. To address this problem, the CFPB needs to bring together other government agencies (Federal Trade Commission, Federal Communications Commission and even the White House), telecom providers, digital platforms and financial institutions.
The government needs to be involved because these scams are initiated and controlled by transnational criminal organizations and by nation states. It is no longer the one or two individual scammers. There are scam compounds in Asia with hundreds of thousands of people, often coerced themselves, being used to scam Americans, Canadians, Australians, Brits, Europeans and more. This is massive crime.
Most of these scams start with a telephone call, a text message (on your mobile phone or WhatsApp/Instagram), or from bogus ads on Facebook or Google/Bing search platforms. The UK’s Payment Systems Regulator (PSR) released a report in December 2024 that shows how scammers initiate contact with victims in the UK. Figure 1 shows how scammers initiate contact based on volume of contacts and based on value of losses. You can see Facebook entities (54%) has the largest volume of contacts, but telecommunication (31%) has the largest value of loss.
Figure 1. How Scammers Contact Victims To start a Scam
Source: PSR Report, Unmasking how fraudsters target UK consumers in the digital age, page 12, December 2024.
And once the customers get pulled into the scam, they use their bank/credit union/neobank to send funds to the scammer (via P2P payments, wires, cash withdrawals, money to crypto exchanges, etc.)
In Australia and the UK, the governments have taken leadership to address the financial scams that attack their consumers. Australia has created Scam Prevention Framework legislation that, once approved, will require banks, telco providers and digital platforms to have controls in place to help prevent consumer financial scams. And the Australian Banking Association and the Customer Owned Banking Association created the Scam-Safe Accord in 2023 which committed Australian banks to adding controls to help reduce scams. With banks, telcos, digital platforms, government regulators and the Australian National Anti-Scam Centre coming together, Australia is already seeing a drop in financial scam losses. The National Anti-Scam Centre reported: “Losses reported by the public to Scamwatch decreased by 41.0% from $559.9 million between 1 July 2022 and 30 June 2023 to $330.0 million between 1 July 2023 and 30 June 2024.”
The UK regulators require banks and Payment Services Providers (PSPs) to have scam controls and money mule management controls in place. Plus, there is mandatory reimbursement for scam losses up to £85,000. The UK also has the Online Safety Act which requires digital platforms to protect consumers from fraud, with serious penalties for failure to comply.
Australia and the UK are much smaller than the US, so it will be more difficult for the US to develop similar solutions. To help in the US, in July 2024, the Aspen Institute Financial Security Program launched a National Task Force for Fraud & Scam Prevention. This will involve government agencies, financial institutions, telcos and digital platforms. This is a good start, but for it to be effective there will need to be regulations for banks, telcos and digital platforms to add controls to help stop scams, along with penalties for failure to perform.
In Australia, it is the upcoming legislation, with penalties for non-performance and possible reimbursement that has captured the key participants attention and been the catalyst for action. And yes, there is also a recognition by these entities that they have a responsibility to help protect consumers from scams. But regulation does help get the funding for these control projects.
Here are the some of the key actions that need to occur in the US to help stop these scams.
• Financial institutions- US regulators need to require scam strategies to include tracking customer scam incidents, implementing scam controls and money mule management (including sound branch and online new account opening controls), training for staff to effectively interact with scam victims as suspicious transactions/cash withdrawals are identified, and education for customers on scams.
• Digital platforms- Regulators need to require digital platforms identify and remove bogus ads in search, bogus financial ads on platforms and better vet customers on social media sites. In February 2025 in Australia, Meta will start to validate sponsors of financial ads on its platforms.
• Telcos- be required reduce scam calls and text messages. The FCC already has some requirements in place and telcos have initiated several changes such as the US Telecom|The Broadband Association’s Industry Traceback Group, but it is not enough. Plus, the vendors who deliver text messages to the telcos must do a better job to control text messaging.
• Government- There needs to be government leadership involving the regulators and law enforcement. And there needs to be funding to help local law enforcement help customers try to get recovery of funds (e.g. crypto).
Let’s be realistic and follow the best parts of what is working in Australia and the UK—better controls by banks, telcos and digital platforms- to help reduce consumer financial scams. Along with a dose of regulation and government oversight to keep the focus. And strong law enforcement at the national and local level. There have been some significant arrests involving the FBI, Secret Service and international police organizations. And that must also continue.