By Forum Staff
State Attorney General Tish James recently sued Early Warning Services, LLC, a company that was tasked with developing and operating the electronic payment platform Zelle, for allegedly failing to protect its users from massive amounts of fraud.
An investigation by the Office of the Attorney General revealed that EWS designed Zelle without critical safety features, allowing scammers to easily target users and steal over $1 billion between 2017 and 2023, James noted. According to the suit, EWS knew from the beginning that key features of the Zelle network made it uniquely susceptible to fraud, and yet it failed to adopt basic safeguards to address these glaring flaws or enforce any meaningful anti-fraud rules on its partner banks.
With this lawsuit, James indicated that her office is seeking restitution and damages for affected New Yorkers, as well as a court order mandating Zelle maintain anti-fraud measures necessary to protect its users.
EWS is a financial technology company owned and controlled by a group of the country’s largest banks, including JPMorgan Chase, Bank of America, Capital One, and Wells Fargo. Those banks tasked EWS with hastily launching an electronic payment platform to compete with payment apps like Venmo, PayPal, and CashApp, which were not controlled by banks. In their rush to launch, EWS prioritized attracting new users through a simple registration process and quick transfers that left consumers vulnerable to scammers.
Beginning in 2017, the year Zelle launched, anyone with a U.S. bank account could enroll in Zelle and send or receive near-instant money transfers through linked email addresses or U.S.-based mobile phone numbers. Scammers could sign up through a quick registration process that lacked important verification steps, allowing them to utilize misleading email addresses such as those associated with trusted businesses or government entities. Zelle’s emphasis on immediate and irreversible transfers means that by the time consumers realize they have been targeted by fraudsters, their money is often already gone.
In one example of a common scam using Zelle, a New York user received a call from an individual impersonating a Con Edison employee advising that the consumer was delinquent on his energy bills and that his “electricity was going to be shut off that day” unless he paid Con Edison via Zelle. The fraudster identified “Coned Billing” as the name associated with the account. The consumer transferred $1,476.89 to a Zelle account named “Coned Billing,” but after realizing the call was a scam, was told by their bank, JPMorgan Chase, that the bank “can’t get [him] that money back.”
The OAG’s investigation revealed that EWS and its partner banks allegedly knew for years that fraud was spreading on Zelle and failed to take meaningful action to stop it. When participating banks received complaints from Zelle users about fraud, EWS allowed banks to report that fraud to EWS long after it occurred, which enabled bad actors to scam additional consumers. In fact, when Zelle launched, EWS did not require participating banks to report scams like the “Coned Billing” scheme in which fraudsters convinced users to send funds under false pretenses. Even when EWS did receive reports of fraud, it failed to promptly remove the fraudsters from the Zelle network or require banks to reimburse consumers for certain scams. EWS developed basic safeguards to address these issues as early as 2019, but failed to adopt them. EWS failed to meaningfully enforce even the limited, inadequate anti-fraud rules that it did have in place against participating banks despite knowing of widespread violations of those rules.
