Zelle, the peer-to-peer money transfer platform owned and operated by a group of some of the largest American banks, offers speed and ease to customers who want to transfer money quickly to family and friends. That speed and ease also makes Zelle a favorite target of fraudsters looking to trick victims into making irreversible transfers quickly, before they have time to change their minds. Victims of Zelle fraud sometimes look to their banks to reimburse them for these purportedly “unauthorized” transfers. But banks often respond that the transfers were authorized, however fraudulently. A recent ruling by a federal court in New Jersey has helped clarify one of the key issues in these disputes.
In a January 18 opinion granting a motion to dismiss, District Court Judge Susan D. Wigenton agreed with the defendant credit union’s position that it had no obligation to reimburse. In Wilkins v. Navy Federal Credit Union, a customer sued after her credit union refused to reimburse her for a Zelle transfer that turned out to be fraudulent. The scam worked like this: the scammer called the plaintiff claiming to be from her electrical company. The scammer told the plaintiff she was behind on her utility bills, and that she needed to send the amount she owed immediately, through Zelle. The plaintiff sent the transfer, and three more, before calling the real utility company’s customer service — at which point it was clear that she had been scammed.
The ensuing lawsuit joined a wave of similar litigation, including numerous class action cases against banks and credit unions that use Zelle. One of the key issues in these cases is what constitutes an “unauthorized” Zelle transfer. In some cases, like Wilkins, the plaintiff alleges they sent the fraudulent transfer after having been scammed. In other cases, plaintiffs were tricked into giving their login credentials, or remote access to their device, to the scammers, who then transferred money to themselves. Some plaintiffs allege that someone gained access to their physical device, or that they simply do not know how the fraudulent transfers happened.
In the Wilkins case, the Court accepted a number of the credit union’s arguments, which other banks and credit unions have also made, when it held that the plaintiff’s transactions were authorized under her deposit agreement and, accordingly, the credit union was not required to cover her losses. The deposit agreement specified four kinds of “unauthorized” transactions that the credit union would need to reimburse, but none of these included a scammer convincing the customer to send payments under false pretenses. According to the Court, the plaintiff was “unsuccessfully attempt[ing] to stretch the meaning of the word ‘unauthorized,’” As the Court further opined: “Those transactions, however tragic they may be, were neither unauthorized nor the result of fraudulent use of her Zelle account.”
This ruling, however, is unlikely to end all such lawsuits, and is also likely only one step in the path to determining when online payments can be considered “authorized” by banks. The issue recently gained significant attention when Senator Elizabeth Warren (D-MA) issued a report addressing fraud on the Zelle platform. The report contends that many larger banks repay a relatively low percentage of fraud claims involving Zelle. It goes on to claim that these banks “may be violating [the Consumer Financial Protection Bureau’s] Regulation E rules.” Those rules “carry out the purpose” of the Electronic Funds Transfer Act, and require banks to protect consumers against unauthorized transfers.
Senator Warren’s report goes on to suggest regulatory changes that would make it harder for banks to avoid repaying customers who are defrauded on Zelle. Specifically, the report calls for the CFPB to clarify Regulation E, and to “include fraud in the Regulation’s error resolution purview.” The report also suggests that the CFPB was already considering strengthening the Regulation “to cover more fraudulently induced transactions.”
Exactly what transactions would be covered by any new guidance remains to be seen. If any new guidance were far-reaching enough to cover the kinds of transactions at issue in Wilkins, it is also unclear how banks would comply; banks cannot possibly monitor or review every customer’s propensity to be defrauded, and there are also significant challenges in verifying allegations of fraud.
While the Wilkins ruling may help clarify what an “unauthorized” transaction may be, the issue is far from settled. Banks should continue to monitor these issues as the law develops.
Luke Sosnicki, Maria Zschoche and Eric Hogrefe are attorneys in Thompson Coburn’s Business Litigation group.
 See, e.g., Natalie Tristan v. Bank of America, N.A., Docket No. 8:22-cv-01183 (C.D. Cal. Jun 16, 2022); Berry v. TD Bank, N.A., Docket No. 0:22-cv-60826 (S.D. Fla. Apr 28, 2022).
 See, e.g., Jessica L. Stock v. Wells Fargo and Company et al, Docket No. 8:22-cv-00763 (C.D. Cal. Apr 05, 2022); Georgion et al v. Bank of America Corporation, Docket No. 3:22-cv-00618 (W.D.N.C Nov 11, 2022).
 See, e.g., Avantika Ahuja v. Bank of America, N.A. et al, Docket No. 2:22-cv-02313 (C.D. Cal. Apr 06, 2022); Wilson v. Navy Federal Credit Union, Docket No. 1:22-cv-01176 (E.D. Va. Oct 18, 2022).
Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you (an ‘engagement letter’).
By clicking the ACCEPT button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and, further, even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you. Please click the ACCEPT button if you understand and accept the foregoing statement and wish to proceed.