On July 20, 2022, there was an article on payment fraud in Digital Transactions, “So-Called Friendly Fraud on P2P Payment Systems Has Caught the Attention of the CFPB.” The article was based in part on a prior article in the Wall Street Journal, “CFPB to Push Banks to Cover More Payment-Services Scams”.

According to the articles, the Consumer Financial Protection Bureau is about to require financial institutions to cover situations where a consumer is fraudulently induced to make a payment using their own credentials. This was amplified by a letter sent by eight Democratic senators on July 20, 2022, to the seven banks that own Zelle, accusing them of not doing enough to protect their customers.

Zelle is a bank-owned instant payment network operated by Early Warning Services of Scottsdale, AZ (full disclosure: I did some paid work for EWS last year, although not on the Zelle product). Although Zelle was a latecomer to the person-to-person (P2P) or account-to-account (A2A) payments space, following PayPal and Venmo, it has been experiencing rapid growth in the past few years:

Annual Zelle Transaction Volumes in Millions, 2017-2021

Source: Zelle and Statista

 

As many a fintech can attest, with rapid growth comes fraud.  In the early days, a new financial service is too small to attract fraudsters, and this creates a false sense of security.  Early users tend to be more sophisticated, monitor their transactions more closely, and are more interested in the mechanics of the service.  Later users expect the new service to work like the ones they are familiar with.

Banks spent decades educating consumers about the safety and security of cards, and eventually introduced zero liability.  This feature improved upon federal regulations regarding fraud in electronic payment systems, which limited the amount of money consumers could lose to $50 if they reported the fraud within two days of learning of it.  Consumers could now dispute any transaction, and it would be up to the merchant to prove the transaction was valid.

As consumers learned about this power, some of them came to abuse it through what is known in the industry as “friendly fraud.”  Over time, merchants started to hire services like Chargebacks911 to help them manage disputes and tighten their return policies.

When Zelle came out, it was built on the ACH system, and later the FTP service by the Clearinghouse Payments Company.  As I described in a blog post last year, these services were originally created for use by banks, not consumers, and are extremely basic.  They focus on moving money from one account to another and lack features like a zero-liability policy or easy dispute resolution.  A customer must call customer support and deal with a live agent if they have a problem.  This makes the cost of payments extremely low, a few pennies.  By contrast, card payments start at 1% of the transaction amount for major debit cards and can go as high as 4% for certain categories of credit cards.

This extra cost turns out to be worth something.  If you use Venmo, you will see an option to turn on a fraud guarantee for about 3% of the transaction amount; this is required if you want to use a payment card as the source of funds.

Zelle does not have a feature like this, because it is not supposed to be used for retail payments.  However, just like Venmo, people can and do use it that way.  What they do not always realize is that without the fraud liability guarantee, the burden of proving fraud lies with the sender, not the receiver.

It is important here to distinguish between transactions that are themselves fraudulent, such as those enabled by stolen online banking credentials, and payments that are made by the actual account owner by mistake.  The latter falls under the moniker “friendly fraud,” because to the bank, it looks like the consumer meant to make the payment, and then later claimed they were misled.

So, we have a problem of the banks’ own making; after years of training their customers to believe they would always be protected from making payments to merchants who failed to live up to their end of the bargain, banks now find themselves fielding these same sorts of complaints about instant payments, but without the tools to deal with them.

Fixing the problem is going to be expensive, but banks have boxed themselves in by making these payments free to consumers.  Either the banks will have to introduce fees for use of the services, or finance them on the backs of receivers, in which case people might as well use cards.

There are no free lunches in payments; the costs of fraud and dispute resolution must always be paid somehow.  The most attractive option for the banks may be to follow Venmo in making a fraud guarantee an optional add-on to the payment, for a fee. The CFPB and Congress may not see it that way, though, and may make the banks eat the cost themselves.