New York Sues Zelle Over Security Lapses

New York Sues Zelle Over Security Lapses

NEW YORK — In a significant development, the New York Attorney General's office has sued Zelle, the popular electronic payment platform, alleging that security lapses enabled fraudsters to steal over $1 billion from consumers. The lawsuit, filed in a New York state court in Manhattan, follows the U.S. Consumer Financial Protection Bureau's decision in March to drop a similar case.

Zelle was launched in 2017 and competes with apps such as PayPal's Venmo and Block's Cash App. Its parent, Early Warning Services, is owned by seven large U.S. banks: Bank of America, Capital One, JPMorgan Chase, PNC, Truist, US Bank, and Wells Fargo.

New York Attorney General Letitia James said that Zelle's parent and the banks knew for years that the platform was vulnerable to fraudsters but resisted basic safeguards. This resistance led to "rampant" fraud that Zelle sometimes refused to address despite its assurances that it was a safe alternative to cash and checks.

"No one should be left to fend for themselves after falling victim to a scam," James said in a statement. The lawsuit seeks to require Zelle to beef up anti-fraud protections and pay restitution and damages to defrauded New Yorkers.

James sued Capital One in May for allegedly cheating savings depositors out of millions of dollars in interest, and in June settled claims against MoneyGram over remittance transfer lapses. The CFPB abandoned similar cases earlier in the year.

Zelle responded to the lawsuit by saying that scams start when criminals trick people into sending money, rather than on the platform itself, and holding it liable could lead to higher fees for consumers.

"This lawsuit is a political stunt to generate press, not progress," Zelle said. "The Attorney General should focus on the hard facts, stopping criminal activity and adherence to the law, not overreach and meritless claims."

Zelle also said that more than 99.95 per cent of transactions it handles are completed without reported fraud, leading the industry.

The seven banks that own Early Warning Services were not named as defendants in the lawsuit. James said typical scams involved hacking into users' accounts and making unauthorized transfers, convincing users to send money for nonexistent goods and services, and impersonating banks, government offices, and utilities.

One victim was told his electricity would be shut off unless he paid Con Edison $1,477 via Zelle, to an account named "Coned Billing." Another victim said Chase and Zelle wouldn't help him after he sent $2,600 in two installments via Zelle to buy a puppy, and realized he had been scammed when the purported seller demanded more money.

James said it wasn't until 2023, after the CFPB and several members of Congress began probes, that Zelle adopted "basic" safeguards it had proposed four years earlier. While reported fraud losses plummeted, the safeguards were "too little too late" for consumers who had lost money, and despite those safeguards Zelle still facilitates "substantial fraudulent activity,"

Stay updated with notifications for breaking news and our best stories Join our channel for the top reads for the day on your preferred chat app