The US Consumer Financial Protection Bureau (CFPB) has filed a lawsuit against Early Warning Services, the operator of the Zelle payment platform, as well as three major banks, JPMorgan Chase, Bank of America, and Wells Fargo.  

The lawsuit accuses the parties of failing to implement effective fraud prevention measures, leaving consumers vulnerable to significant financial losses on the peer-to-peer payment network. According to the CFPB, these failures have resulted in consumer losses exceeding $870m since Zelle’s launch in 2017. 

The CFPB alleges that Zelle was introduced to the market to compete with platforms such as Venmo and CashApp but lacked the necessary safeguards to protect users. The complaint highlights that hundreds of thousands of fraud reports were submitted by affected consumers.  

Many of these complaints were allegedly mishandled, with some consumers reportedly advised to contact the perpetrators directly to recover their funds. The CFPB further claims that the banks did not comply with federal laws requiring investigation of fraud claims and reimbursement for unauthorised transactions. 

CFPB Director Rohit Chopra said: “The nation’s largest banks felt threatened by competing payment apps, so they rushed to put out Zelle.  

“By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves.” 

Zelle allows users to transfer funds electronically by linking accounts to email addresses or mobile numbers, referred to as tokens. Users can create multiple tokens and move them between banks, a feature the CFPB alleges has been exploited by fraudsters.  

The agency claims that scammers have been able to reroute payments and repeatedly target victims due to weaknesses in Zelle’s design and insufficient fraud prevention measures by its operator and the defendant banks. 

The lawsuit outlines several alleged failures. It claims Zelle’s identity verification processes were inadequate, allowing fraudsters to link victims’ tokens to their own accounts and divert payments.  

The CFPB also asserts that the defendants did not share information about fraudulent activities across the network, enabling repeat offenders to exploit multiple banks before detection. The complaint alleges that despite receiving large volumes of fraud reports, the banks failed to strengthen their systems or prevent recurring incidents.  

Furthermore, the lawsuit states that the banks did not meet their obligations under the Electronic Fund Transfer Act, which includes investigating fraud complaints and reimbursing customers for unauthorised transactions.