With the rising prominence of person-to-person (P2P) money transfer applications, scammers have taken advantage of the speed and ease of use of these applications to engage in P2P fraud. Using social engineering tricks, false pretenses, or stolen credentials, bad actors can force unauthorized payments or convince consumers to authorize payments. With the speed and efficiency of P2P payment applications such as Zelle, scammers receive the money instantaneously.
Historically, consumers have been responsible for the financial loss caused by these authorized yet fraudulent payments, but there’s a possible shift in liability on the horizon.
What is Zelle Fraud?
Zelle fraud is when a bad actor talks a consumer into sending money through the Zelle app or an online banking site that offers Zelle transfers for fraudulent financial gain. While Zelle itself is a legitimate and secure money transfer service, fraudsters may exploit vulnerabilities in user behavior or engage in deceptive practices to defraud individuals using this service.
It’s important to note that Zelle is tackling fraud head-on, leading the industry on self-regulation for authorized push payment fraud using their payment service.
What are the most common Zelle fraud scams?
- Phishing: Fraudsters may use phishing techniques to trick users into providing their Zelle login credentials or other sensitive information. They may send fake emails, text messages, or make phone calls pretending to be from Zelle or a financial institution, asking users to provide personal information or login details. With this information, they can gain unauthorized access to user accounts and initiate fraudulent transactions. In the case of these unauthorized payments, the consumer can typically get their money back.
- Social engineering: Social engineering involves manipulating individuals into revealing their personal or financial information. Fraudsters may pose as friends, family members, or trusted entities and convince users to send money through Zelle for various reasons, such as emergencies or fraudulent investment opportunities. By exploiting trust and emotional tactics, they deceive users into transferring funds willingly. Because the consumer authorized the payments, recovering the financial loss is not possible under the current regulations.
- Account takeovers: In some cases of account takeovers, fraudsters may gain unauthorized access to a user’s Zelle account or the target’s bank account through various means, such as stealing login credentials or exploiting weak passwords. Once the fraudster gains control, they can initiate unauthorized transactions, transfer funds to other accounts, or drain the victim’s balance. These unauthorized payments can typically be recovered by consumers.
- Fake sellers/buyers: Fraudulent sellers or buyers may use Zelle to facilitate scams during online transactions. They may advertise products or services at attractive prices and receive payment through Zelle, but never deliver the promised goods or services. Similarly, fake buyers may claim to have made a payment via Zelle but provide fake confirmation details, leaving the seller without payment. Since the consumer authorized the transaction, they will not receive financial restitution in this case under the current laws.
Why is Zelle fraud on the rise?
Several factors contribute to a rise in Zelle fraud. First, the Zelle platform has become increasingly popular, doubling its user base between 2019 and 2023. While consumers have been taught to look out for popular types of fraud involving gift cards and QR codes, there has been less awareness of fraud using P2P payment applications. Consumers generally make easier targets for fraud than banks do because consumers know less about the specific risks and signs of fraud and scams. With an increase in consumers using Zelle, scammers have taken advantage of this growing and vulnerable user base.
In addition, the release of ChatGPT has helped scammers craft convincing and human-like messages en masse, creating greater efficiencies for P2P fraud including fraud via payment channels such as Zelle.
Why won’t banks reimburse Zelle fraud victims?
Under the current regulatory framework known as Regulation E, banks are only liable to cover fraudulent activity when it involves unauthorized transactions. Likewise, Zelle will reimburse consumers for unauthorized fraudulent transactions but will not reimburse consumers for authorized transactions including authorized push payment fraud.
However, Zelle and its bank owners are actively involved in talks to establish new rules regarding liability. For authorized push payment fraud where a customer gets tricked into sending money, these proposed changes include shifting the liability from the consumer to the receiving bank. This would enable the consumer to receive a direct refund for the associated P2P scam.
How do you protect yourself from Zelle fraud?
There are several actionable ways consumers can protect themselves against Zelle fraud.
- Be cautious with personal information: Avoid sharing sensitive information, such as Zelle login credentials or personal details, through email, text messages, or phone calls unless you can verify the legitimacy of the recipient.
- Verify payment details: When interacting with unknown parties, verify their identity and credibility before sending money through Zelle. Be cautious of a difference in names between the seller/buyer and the verified Zelle user’s name. Use trusted platforms, research the seller/buyer, and ensure the legitimacy of the transaction.
- Enable multi-factor authentication (MFA): Enable MFA or two-factor authentication for your Zelle account to add an extra layer of security.
- Use strong, unique passwords: Create strong, unique passwords for your Zelle account and avoid reusing them across multiple platforms.
- Stay updated and vigilant: Stay informed about common fraud schemes and scams related to Zelle. Be cautious of suspicious requests or unexpected communications, and report any potential fraudulent activity to your bank or Zelle customer support.
It’s important to remember that Zelle itself is not inherently fraudulent, but it can be exploited by fraudsters. By adopting proactive security measures and practicing vigilance, users can mitigate the risk of falling victim to Zelle fraud.
How Socure Helps Protect Against Zelle Fraud
Socure is the leading SaaS identity verification and fraud detection and prevention platform, with years of industry experience protecting against fraudulent transactions, including P2P fraud. While an attack may be new to your bank or fintech organization, Socure has likely already seen and learned from the attack before and can leverage this data to intelligently identify and stop the fraud from taking place.
Socure offers several features to protect against fraud using P2P payment platforms, including Zelle. Our comprehensive RiskScores and Correlation Values can passively assess the risk of P2P credentials in real time, helping to identify and stop fraudulent activity as it happens. Additionally, these same scores can be used to identify efforts to take over accounts by changing PII contact elements such as email, phone or address. Bad actors change these identity elements to ensure the true person does not receive OTPs and emails that may be used to verify transactions on the account.
Socure’s Portfolio Scrub accurately detects identity risks hiding in accounts and provides actionable strategies to take action. And, Sigma Synthetic Fraud pinpoints fake manipulated and fabricated identities, helping banks and fintechs close the front door to new synthetic fraud attacks.
With Socure’s multi-faceted identity fraud and detection software, banks can stop Zelle fraud quickly and effectively, while ensuring a positive experience for good customers.
To learn more about fraud in the world of instant payments, watch our expert webinar.
Explore more zelle fraud content
Identity Verification
Fraud Prevention
Identity Fraud
Document Verification
Compliance
- How to Achieve Regulatory Compliance?
- What is Customer Due Diligence?
- What is a Customer Identification Program (CIP)?
- The Complete Know Your Customer Checklist - KYC Checklist
- Establishing and Maintaining Your Institution’s KYC Compliance
- How Do You Ensure Seamless CIP Compliance?
- What is the Difference Between Anti-Money Laundering & KYC?
Bank Account Verification
- A Guide to Open Banking Regulations and Compliance
- How to Stay Ahead of Digital Payments Fraud with Socure Account Intelligence
- Account Validation Solutions: Which One is Best for Your Organization?
- Unlocking Seamless and Secure Payments with Bank Account Verification
- Instantly Verify Bank Account Availability and Ownership