After JPMorgan’s Zelle block, pressure mounts on banks to disclose fraud safeguards
More than three months after JPMorgan Chase began blocking Zelle payments initiated through social media, the rest of the banks behind the peer-to-peer payments network have yet to outline whether they will follow suit – or how they intend to respond to a sharp rise in digital payment fraud.
The issue, long brewing inside compliance and risk functions, burst into public view this week when Democratic lawmakers sent letters to the seven banks that own Zelle, demanding detailed disclosures on fraud prevalence, reimbursement protocols and risk mitigation measures.
The lawmakers, led by Republican Maxine Waters and Senators Elizabeth Warren and Richard Blumenthal, set a response deadline of 16 July. Industry observers are still waiting to see what, if anything, will change.
Zelle’s owners – Bank of America, Wells Fargo, JPMorgan Chase, US Bank, Truist, PNC and Capital One – face renewed scrutiny not only for the technical resilience of the platform, but also for how they allocate responsibility for fraud losses that arise from authorised push payment scams, many of which originate via contact on social media.
JP Morgan Chase, which processed the largest share of Zelle’s $1 trillion in transaction volume last year, said nearly 50% of reported scams on the platform begin on social media. The bank moved in March to block such transactions outright.
Its policy does not prohibit all Zelle payments, but it restricts transfers where the sender is deemed to have initiated the transaction following contact via platforms such as Facebook Marketplace or Instagram.
Other banks have so far declined to replicate the approach or publicly detail their stance. The silence comes as questions mount over the legal and reputational risks facing financial institutions that continue to offer real-time payments with limited recourse for defrauded consumers.
CFPB lawsuit dropped, but risks remain
The backdrop to the latest wave of concern is the now-withdrawn lawsuit filed in December 2024 by the Consumer Financial Protection Bureau. The CFPB had alleged that the three largest banks on the Zelle network, along with operator Early Warning Services, failed to implement effective anti-fraud measures and systematically denied reimbursement to victims.
The agency estimated consumer losses of over $870 million tied to the platform.
That case was dismissed in March by the Trump administration, which has also sought to curtail the CFPB’s supervisory remit. In its absence, oversight has effectively shifted back to individual institutions and the Zelle network itself. Regulators including the Federal Trade Commission continue to warn that social media is now the leading source of fraud in the US.
For banks, the withdrawal of the lawsuit may offer temporary legal relief. But it also sharpens the burden of proof when defending their consumer protection frameworks, particularly in the absence of a unified industry standard on Zelle fraud treatment.
Reimbursement, liability and risk allocation
At the heart of the debate is the treatment of authorised payment scams, where a customer willingly initiates a transfer under false pretences. Under US law, such transactions typically fall outside the scope of Regulation E, which mandates reimbursement only for unauthorised transfers.
Zelle’s owners have maintained that the service was designed for payments between individuals who know and trust each other. User terms reinforce that the platform is not intended for e-commerce transactions or payments to unknown parties. However, as Zelle’s scale and visibility have grown – along with adoption by small businesses – so too has its exposure to first-party and third-party fraud.
The congressional inquiry seeks clarity on how each bank evaluates fraud claims, whether distinctions are made based on the source of contact, and what mechanisms, if any, exist for refunding customers in edge cases. It also presses banks for any changes to their fraud detection systems following JPMorgan’s March policy shift.
Institutional and technical implications
Payments professionals have noted that blocking transactions based on origination source introduces a new layer of behavioural risk modelling that goes beyond conventional fraud scoring. Chase’s approach appears to rely on metadata, including recipient details, prior contact history, and possibly pattern recognition tied to known scam typologies.
For the broader industry, the episode reopens long-standing questions about how P2P networks govern risk while retaining the speed and convenience that define their consumer appeal. In contrast to card rails, where network rules impose a framework for chargebacks and merchant standards, Zelle operates with fewer universal protections and more bank-level discretion.
Whether Zelle’s governance model can scale to match its volume remains an open question. With regulatory momentum stalled at the federal level, further change may come only if reputational pressure or private litigation forces it.
A test of accountability
For now, lawmakers have reframed the discussion not as a technical shortcoming, but a failure of governance and accountability.
“Without federal oversight, it is up to the banks that own and profit from Zelle to ensure consumers are protected,” wrote Waters and her colleagues in the July letters.
As the July 16 deadline approaches, what’s at stake is not only how the banks respond, but whether they can demonstrate that the industry is capable of self-regulation in the face of increasingly sophisticated fraud; or whether a more prescriptive regime will eventually be required.
