Prepared Press Call Remarks of CFPB Director Rohit Chopra on the Zelle Lawsuit Announcement
Over the past seven years, countless American families have fallen victim to fraud on Zelle, the payment network owned and operated by the nation's largest banks. At just three banks, Americans have lost over $800 million. Behind that number are real people who trusted their banks to protect their money, and instead were left fending for themselves when criminals struck.
Today, the Consumer Financial Protection Bureau is suing Bank of America, JPMorgan Chase, and Wells Fargo for their role in enabling systemic fraud and then playing dumb when consumers were exploited. We’re also suing a company called Early Warning Services, which operates Zelle, and is controlled by the nation’s largest banks.
After a lengthy investigation launched in 2021, the CFPB’s lawsuit details how these institutions rushed to launch a payment system without implementing basic protections for their customers.
Nearly a decade ago, banks realized that their lack of investment in customer service and consumer-friendly technologies was coming back to bite them. New digital payment apps like Venmo, CashApp and PayPal, offered something new: free, instant transfers between users, with interfaces that appealed especially to younger consumers. These apps were also harvesting valuable data about consumers’ spending patterns and social connections. By 2015, Venmo alone was processing over $7 billion in annual payments.
This competitive threat triggered fear in the boardrooms of big banks. In response, they created Zelle, a digital payment service embedded directly in banking apps and websites. Because big banks dominate consumer deposit accounts, they knew smaller banks and credit unions would feel they had no choice but to sign up to join the platform. Zelle was marketed as “safe” and “secure” to customers who naturally trusted their banks, but the banks failed to fix glaring flaws in their systems even as hundreds of thousands of customers filed complaints about fraud. The banks knew their customers were having their money stolen, but since they weren’t bearing the cost of these losses themselves, they dragged their feet on fixing the problems.
Our investigation revealed that the banks’ chaotic rush to market led to serious failures in fraud prevention and customer protection. What they built became a goldmine for criminals: a system that made it easy for fraudsters to move money quickly, while making it nearly impossible for victims to get their money back. They didn't track or stop suspicious activity across banks, so when one bank detected fraud and closed an account, nothing stopped the criminal from hopping to another bank and starting fresh.
When fraud occurred – and it did, on a massive scale – the banks systematically failed their customers. For example, our investigation uncovered two major patterns of account takeover fraud that banks failed to address. Some criminals would obtain one-time passcodes, then use these to take over accounts and drain funds. Others would physically steal phones or devices with banking apps installed, then immediately make unauthorized transfers.
In case after case, banks routinely denied requests for help, turning a blind eye even when customers provided clear evidence that criminals had taken over their accounts and that the transactions were unauthorized -- including police reports documenting the crimes. The banks dismissed these claims based on faulty logic, for instance claiming that because a stolen phone had been used for legitimate transfers in the past, all future transfers must also be legitimate. Instead of providing legally required assistance, banks often abandoned these victims, sometimes even telling them to contact the criminals themselves and request their money back.
This is not just about convenience or technological innovation. This is about financial institutions fulfilling their basic obligations to protect customers’ money and help fraud victims recover their losses. These banks broke the law by running a payment system that made fraud easy and then refusing to help the victims. Consumers couldn't protect themselves - they couldn't control how the banks ran Zelle, couldn't reverse unauthorized transfers once they were sent, and had nowhere to turn when the banks denied their fraud claims.
Since 2021, the CFPB has been carefully assessing consumer payment networks. As more money is moved through different payment rails, banks have urged the CFPB to ensure that large technology companies offering payment services are living up to their obligations. We’ve put into place new rules to enhance oversight of these nonbank companies, and we’ve issued nationwide consumer advisories about how funds stored in certain apps may not be covered by deposit insurance. We’ve highlighted how Apple’s regulations have blocked banks from offering tap-to-pay functionalities. But we haven’t been giving banks a free pass.
Americans deserve payment systems that are fast and secure. Some of America’s largest banks promised Zelle would be both, but it wasn’t. The CFPB’s lawsuit seeks to hold these banks accountable and ensure that American families can trust their money is protected when they send payments.
The Consumer Financial Protection Bureau is a 21st century agency that implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive. For more information, visit www.consumerfinance.gov.