Zelle Fraud: How Community Banks Can Respond to This Cautionary Tale

By Tina Giorgio

Sep. 08, 2022

In 2020, nearly 18 million Americans were defrauded via digital wallets and person-to-person (P2P) services, according to Javelin Strategy & Research. With numbers like that, P2P solutions like Zelle have come under fire, and issues are escalating. In fact, Javelin’s 2022 identity fraud study found that scams involving direct contact with victims affected 27 million consumers in the United States, with losses reaching $28 billion.

We can attribute part of this rise to an increase in authorized push payment fraud, or a specific type of attack where the sender is legitimately initiating a transaction, but under false pretenses. Similar to business email compromise, this payment fraud occurs when a legitimate user or account owner is duped into sending a payment, via social engineering, phishing, or other means.

Growth in authorized push payment fraud constitutes a cautionary tale for community banks as they consider P2P services, and this concern stems not simply from the fraud activity acceleration, but also from its aftermath. Since the first quarter of 2022, we have witnessed heightened congressional and regulatory scrutiny, and countless class-action lawsuits against banks. In all scenarios, P2P solutions like Zelle, Venmo, and Cash App have been in the hot seat, spurring debate over customer liability, levels of Reg E protections, and where the line is drawn around payment responsibility.

With such scrutiny, it’s even more imperative that community banks take appropriate actions to both support advanced payments infrastructure and protect their customers, communities, and institutions. Here are four considerations to keep in mind to help guard against fraud:

  1. Offer training on how to detect potential fraud. Educate bank staff and customers about authorized push payment fraud, social engineering scams, and how to identify red flags. The CFPB maintains a list of common scams that can serve as a reference.
  2. Review your payments processes to address potential threats. Think about building in pop-up warnings or a payee name verification process to help account holders more closely scrutinize transactions before sending a payment. Or, require a one-time passcode for a transaction. While this creates a bit of payment friction, it will help protect your customers by adding an additional level of authentication.
  3. Use clear, concise language to warn customers of transaction irrevocability. Many of the recent lawsuits allege that customers weren’t adequately informed about transaction risks. Confirm that as part of your customers’ experience, the irrevocability of the payment is clear, as is the importance of reconfirming the validity of the intended recipient. Consider connecting this language to a pop-up warning to help drive home the message.
  4. Consider restricting payment amounts. Because these authorized push payments come from authenticated account holders, limiting the dollar size of the transaction (for a first- time payee) can provide another layer of security before sending over a large payment.

While the fraud around P2P transactions is cause for consideration, customers will continue to seek out solutions that meet their immediate gratification needs. Community banks provide their customers with the greatest levels of support by offering P2P solutions that keep their payments within the safety and security of their bank. In short, by shoring up defenses around P2P payments, community banks will deepen their customer relationships, offer secure and seamless payments, and protect their banks in the process.