What $870 Million in “Safe” Transfers Actually Felt Like

There is a specific kind of rage that comes from being robbed by a tool your bank put inside its own app, told you was secure, and then refused to help you with after the money was gone. That is what hundreds of thousands of people experienced with Zelle.

These were not sophisticated investors who misread a prospectus. These were customers who saw Zelle sitting inside the Bank of America app, the Chase app, the Wells Fargo app — right next to their checking balance, their credit card bill, their mortgage payment — and concluded, reasonably, that the bank stood behind it. A Bank of America customer said exactly this in a complaint the bureau reproduced verbatim in the lawsuit: “I made the transaction through the BoA app and I thought it was covered from fraud protection like other transactions because it is part of the same app and clearly branded on the front page. I was misled into thinking Zelle was owned or is a part of BoA.”

Another Bank of America customer paid their hairstylist or their landscaper the way the bank’s own sign-in page encouraged them to. Or they trusted a seller on a marketplace, because the Zelle logo implied institutional backing. And then the money was gone — instantly, irrevocably, because Zelle transfers are treated as final the moment they are sent.

A Chase customer complained that scammers were actively using the bank’s own credibility as part of the pitch: “Scammers point out that Zelle is on the Chase website so its gotta be safe, right?!!” That customer was correct that the association was meaningful. They were wrong, through no fault of their own, about what it meant.

Wells Fargo customers were particularly exposed to a scheme called “Me-to-Me” fraud. A fraudster contacts someone, impersonates a bank representative, convinces the customer that their account is compromised and they need to transfer their own money to a “secure” account for safekeeping — and the “secure” account belongs to the fraudster. Wells Fargo permitted customers to send Zelle payments without even registering a token until March 2022, which meant that when a customer was tricked into sending to an unregistered phone number or email, they saw no name, no verification, nothing. The money simply left. More than 3,900 Wells Fargo customers filed Me-to-Me complaints totaling over $5 million. They were not reimbursed.

When customers called to report what happened, the banks conducted cursory investigations that the CFPB says failed to meet even the minimum legal standard under the Electronic Fund Transfer Act. Chase, when it couldn’t get money back from a fraudster’s account, typically told customers they could “resolve the claim by working it out with law enforcement or the recipient” — meaning the person who stole from them — and provided no further identifying information about that person. Bank of America did the same. Wells Fargo’s phone complaint line had wait times of over an hour, and customers who discovered the fraud minutes after it happened had no way to report it immediately online.

The complaint notes that Bank of America had received feedback from its own customers showing they expected the bank to protect them. The bank observed this expectation. It marketed to that expectation. It chose, repeatedly, over the course of seven years, not to fulfill it.

The lawsuit covers documented complaints through 2023. The fraud started in 2017. That is six years of people losing money, reporting it, being denied, and trying again. The total number of complaints filed with just these three banks: over 910,000.

What They Actually Said — and What the Lawsuit Proves They Did

Every quote below comes verbatim from the federal complaint filed December 20, 2024. These are the words the banks put in front of customers, next to the words the bureau says describe what was actually happening behind the scenes.

“At its inception, Defendants focused on quickly bringing Zelle online to capture market share by leveraging their existing customer base and offering peer-to-peer money transfer services directly to those consumers. This rush to market was prioritized at the expense of consumers because Defendants have failed to institute effective anti-fraud measures for the network or otherwise comply with consumer financial protection laws.”

— CFPB Complaint, Paragraph 4

• This is the central admission in the complaint. The decision to move fast was deliberate. The decision to skip adequate fraud infrastructure was a consequence of that priority. These are choices, not oversights.
• The phrase “rush to market” is the bureau’s language, and it appears in a federal lawsuit. The bureau is saying, in a court document, that these banks chose growth over your safety.

“ZELLE is promoted constantly by Bank of America as a safe and secure way to transfer funds. [] I received no warnings when making the transaction that the ‘seller’ or ‘scammer’ may not be a legitimate account holder.”

— Bank of America customer complaint, reproduced in CFPB Complaint, Paragraph 179(c)

• This quote proves that the gap between the marketing and the reality was visible to ordinary consumers in real time. They were not paranoid; they were accurately describing what the bank had done.
• Bank of America had this feedback. The complaint details that the bank “consistently received consumer complaints” of this nature. Receipt of the complaint did not trigger a fix.

“Multiple security checks have been added to make sure you’re sending and receiving money to/from the right person.”

— Chase Zelle advertisement, 2019-2020, reproduced in CFPB Complaint, Paragraph 182

• The complaint then details, across multiple subsections, that Chase did not display recipient last names until May 2023 at the earliest, did not always display even first names until late 2020, and did not implement effective mechanisms for identifying suspicious email tokens — meaning the “multiple security checks” claim was, at minimum, highly misleading during the period it ran.
• Chase’s own market research found that customers believed Zelle was secure specifically “because of its association with the bank,” giving it a “trust halo.” Chase knew this. Chase ran ads designed to reinforce it.

“Wells Fargo promotes the use of Zelle for sending money. They even have a specific tab to use Zelle in their mobile app, [and] the entire transaction is done via the Wells Fargo mobile app. … Wells Fargo refused to assist in any way. I discovered via a subpoena that the recipient of my 5 Zelle payments was also a Wells Fargo customer and the money was sent to ‘her’ Wells Fargo account. Wells Fargo again refused to assist or provide any status updates. To my knowledge, they did absolutely nothing. … Instead, they promote someone using a payment app (Zelle) as a fraud platform.”

— Wells Fargo customer complaint, reproduced in CFPB Complaint, Paragraph 272(b)

• This quote shows that the fraudster and the victim were both Wells Fargo customers — the bank had full visibility into both accounts and still refused to act. This is the clearest possible illustration of the complaint’s allegation that banks failed to restrict bad actors even when they had direct access to the information needed to do so.
• The customer had to subpoena their own bank to find out where their money went. Wells Fargo knew. It chose not to tell them and chose not to help.

“Since 2017, hundreds of thousands of consumers complained about being defrauded by Zelle users through various schemes. Yet consumers who went to their banks for help were largely denied relief, and some were even told to try getting their money back by contacting the person who had defrauded them.”

— CFPB Complaint, Paragraph 6

• This is the bureau’s summary of the complaint intake resolution process that all three banks used: when recovery of funds failed, the customer was directed back to the fraudster. This was not an anomaly — the complaint characterizes it as typical practice at Bank of America and Wells Fargo, and documents Chase doing the same.
• Under the Electronic Fund Transfer Act, banks are legally required to conduct reasonable investigations and, where appropriate, credit consumers’ accounts. Telling someone to call the person who robbed them does not constitute a reasonable investigation under any reading of that law.

“EWS announced its intention to ‘create the largest, most secure real-time payments ecosystems in the U.S.'”

— CFPB Complaint, Paragraph 52, quoting EWS’s December 2015 acquisition announcement

• EWS made this promise publicly in 2015, when it acquired the underlying payment technology. The complaint documents that EWS did not create a formal Fraud Monitoring Program until April 2021 — nearly four years after Zelle launched. “Most secure” was the stated goal. A monitoring program that arrived four years late was the result.
• In 2022, EWS had total revenue of approximately $429 million, with about $200 million coming from Zelle. The network was generating significant money while its fraud monitoring infrastructure lagged years behind.

Who Gets Hurt, and How

Environmental Degradation

The direct harms here are financial and digital, not industrial. The source material contains no documented environmental harm associated with this conduct.

Public Health

Financial fraud at this scale carries documented public health consequences. The complaint itself focuses on financial loss, but the human stakes behind each complaint number are significant.

• The complaint documents over 910,000 fraud complaints across three banks from 2017 through mid-2023. Each complaint represents a person who experienced unauthorized or induced loss of money from their personal deposit account — often money intended for rent, groceries, or bills.
• Romance scams, one of the documented fraud types on Zelle, are classified by the FTC as causing acute psychological harm alongside financial loss. Victims of romance scams are manipulated over extended periods into believing in a relationship before being defrauded. The complaint documents this as a recognized fraud type on the network for which EWS required no reporting until years after Zelle’s launch.
• Imposter schemes — where fraudsters pose as bank representatives, government entities, or businesses — disproportionately target elderly consumers. The complaint documents that EWS’s network design allowed bad actors to register email addresses that falsely appeared to be associated with banks and government agencies, with no mechanism to detect or block them until 2023.
• Wells Fargo’s complaint intake process required customers who discovered fraud within minutes to wait over an hour on hold by phone — with no online emergency reporting option. Delays in reporting increase the probability that funds cannot be recovered. Inability to recover funds compounds the financial and psychological harm.
• The complaint documents that banks denied fraud claims based on non-dispositive factors, including the prior transaction history of a stolen device. Consumers whose phones were stolen and drained of funds via Zelle were denied reimbursement at all three banks using logic that the CFPB calls legally invalid — leaving theft victims to absorb the full financial loss.

Economic Inequality

The structure of Zelle fraud, and the structure of the banks’ refusal to reimburse, systematically extracted money from people who could least afford to lose it.

• Zelle was embedded in the mobile banking apps of over 2,200 financial institutions and could not be removed by users. Consumers at participating banks had no practical choice about whether to have access to an unprotected payment product built into their account interface.
• The irrevocability of Zelle transfers — funds were treated as final the moment they were sent — meant that the financial loss fell entirely on the consumer, with zero backstop. Traditional payment methods like credit cards and ACH transfers carry legal reversal protections that Zelle deliberately bypassed in the name of speed.
• The complaint documents that EWS’s network rules, until mid-2023, required participating banks to reimburse only a narrow subset of imposter scams — leaving the vast majority of induced fraud losses entirely on consumers. A fraudulent credit card charge triggers mandatory investigation and provisional credit under EFTA. A Zelle fraud of the same amount triggered a denial letter and a suggestion to call the fraudster.
• Chase’s market research found that Zelle’s “trust halo” — the credibility it borrowed from its bank association — was a primary reason consumers used it. That trust halo was weaponized against lower-income customers who could not afford the loss and who were denied reimbursement precisely because banks categorized induced fraud as “authorized” transfers regardless of the circumstances.
• Bank of America received over 29,000 Zelle-related complaints from Arizona customers alone, 74% fraud-related. Chase received over 40,000 Arizona complaints, 66% fraud-related. Wells Fargo received over 43,000 Arizona complaints, 71% fraud-related. Arizona’s population skews toward retirees and working-class families — exactly the demographic most targeted by the imposter and romance scam typologies documented in this case.
• EWS generated approximately $200 million in revenue from Zelle in 2022 alone. The three defendant banks combined hold over $7.85 trillion in assets. The financial gap between the institutions profiting from Zelle and the individuals absorbing its fraud losses is not incidental — it is the mechanism.

The Numbers in Human Scale

How to Push Back and Who to Contact

The CFPB filed this lawsuit in federal court in Arizona on December 20, 2024, seeking permanent injunctions, full consumer redress, and civil penalties against all four defendants. The case is active. These are the people and institutions accountable for what happened — and the avenues available to anyone who was affected.

Corporate Leadership On the Record

• Early Warning Services (EWS) is headquartered in Scottsdale, Arizona. It is co-owned by seven banks: Bank of America, Chase, Wells Fargo, Capital One, PNC Bank, Truist Bank, and U.S. Bank. Each co-owner has one vote on the EWS Board (formerly the Zelle Management Committee), which sets all network rules.
• Each of the three defendant banks — Bank of America, Chase, and Wells Fargo — also seats a representative on the EWS Enterprise Payments Advisory Board and Enterprise Payments Advisory Committee. These are the people who set strategic direction for Zelle. The complaint names these governance structures explicitly as the mechanism through which each bank exercised control over the network it also operated on.
• The four non-defendant EWS co-owners — Capital One, PNC Bank, Truist Bank, and U.S. Bank — are not named in this complaint but share ownership of the same network and vote on the same board. Their conduct is not examined in this filing.

Regulatory Watchlist

• The Consumer Financial Protection Bureau (CFPB) is the plaintiff in this case. File a complaint at consumerfinance.gov/complaint. Every complaint filed creates a public record and feeds into enforcement priorities. Reference Case 2:24-cv-03652-SMB.
• The Office of the Comptroller of the Currency (OCC) is the primary federal regulator for national banks including Bank of America, Chase, and Wells Fargo. File complaints at helpwithmybank.gov.
• The Federal Trade Commission (FTC) tracks fraud typologies including romance scams, imposter scams, and payment platform fraud. Report at reportfraud.ftc.gov. Your report contributes to data that supports enforcement actions and legislative change.
• The Department of Justice (DOJ) handles criminal referrals for fraud at scale. If you have documented evidence of systematic fraud, contact your local FBI field office or the DOJ’s fraud section at justice.gov/criminal/fraud.
• Your state attorney general’s office has independent authority to pursue consumer protection violations. Several state AGs have parallel investigative authority over bank conduct. Look up your state AG’s consumer protection division and file a complaint using the same documentation you would submit to the CFPB.
• The Federal Reserve supervises bank holding companies including Bank of America Corporation, JPMorgan Chase & Company, and Wells Fargo & Company. File complaints at federalreserveconsumerhelp.gov.

Mutual Aid, Local Organizing, and Direct Action

• If you lost money to Zelle fraud and were denied reimbursement, document everything: the original transaction, all complaint correspondence, every denial letter. This documentation is the foundation of any individual claim, class action, or regulatory submission. Keep copies in multiple places.
• Contact a consumer law attorney about a potential claim under EFTA. The Electronic Fund Transfer Act provides for individual lawsuits, and consumers who prevail may recover actual damages, statutory damages, and attorney fees. Several organizations offer free legal consultations including the National Consumer Law Center (nclc.org) and local legal aid societies.
• Share this lawsuit and its findings with your community, particularly with older adults and anyone who uses Zelle regularly. The banks’ own market research confirms that the “trust halo” — the assumption that bank association means protection — is the primary mechanism of harm. Dismantling that assumption is direct harm reduction.
• Contact your elected representatives in Congress and demand hearings on peer-to-peer payment platform fraud liability. The current legal framework places the entire burden of proof on individual consumers while banks that co-own the network and profit from it bear minimal consequence. Legislative change is the only structural fix.
• Consider joining or supporting local credit unions as an alternative to the three defendant banks. Credit unions are member-owned, not-for-profit institutions that operate under the same Zelle network rules — but their incentive structure does not include the shareholder pressure to grow market share at the expense of consumer protection that the complaint identifies as the root cause of this failure.
• If you are an activist, researcher, or journalist, the full CFPB complaint (Case 2:24-cv-03652-SMB, U.S. District Court for the District of Arizona) is a public court document. It contains the granular failure timelines for each bank and each category of misconduct. Use it.