Why Regulators Can't Go as Far as They'd Like to Stop Zelle Scams

Source: American Banker

The Consumer Financial Protection Bureau under the direction of Rohit Chopra thinks something is fishy about consumers being made whole in cases of credit card fraud but being out-of-luck in cases of P2P fraud and is gearing up for a fight with banks — the owners of Zelle's parent company, the weirdly-named Early Warning Services, LLC — over who exactly is liable for P2P fraud. But while Chopra may want to stick banks with the bill as it reworks its Regulation E — the implementing regulation for the Electronic Fund Transfer Act — the letter of the law will make that exceedingly difficult without a legislative fix.

The EFTA, first drafted in 1978 and most recently amended in 2009 and again by Dodd-Frank in 2010, establishes the rules of the road for electronic payments ranging from ATM transactions and credit card swipes to debit card transactions and P2P payments. But the bulk of the consumer protections in the law address "unauthorized transactions" — a term that the law itself defines as a transaction "initiated by a person other than the consumer without actual authority to initiate such transfer." The law also goes on to expressly say that transactions made by someone who was given access to the consumer's accounts don't count as unauthorized transactions.

There's an important difference between someone cloning your card and buying Bruno Mars tickets and someone inviting you to give them money via Zelle for whatever scammy reason. And even if the end result for the scammer is the same, the outcome for the consumer is very different, due to a regulatory quirk.

Even if the CFPB will have a hard time making the legal case for putting banks on the hook for Zelle fraud, that doesn't mean regulators are powerless to do anything about it. The lowest-hanging fruit here likely doesn't lie with the CFPB at all, but rather with the Federal Communications Commission, which oversees the telecommunications industry.

Given that these texts and calls are facilitated by telecom networks — and given, again, that they are annoying scams — the FCC should compel these networks to put a lid on these kinds of unsolicited communications the way it did with telemarketing and robocalls. The FCC compelled networks to implement a suite of anti-spoofing protocols (delightfully known as STIR/SHAKEN) last year, and I'm sure that helps. But if the question is how to reduce fraud on Zelle, the telecoms are clearly part of the answer.