74 comments

[ 3.5 ms ] story [ 139 ms ] thread
Zelle is a piece of dogshit. Venmo is PayPal based so it is dogshit wrapped in catshit.
If you ever send money to A and it actually goes to B, and for some reason the bank doesn't fix that the first time you get in touch with them, I recommend getting off the phone and escalating to an on-dead-tree letter:

Dear BigBank Legal Department:

This is written notice under Regulation E that BigBank has processed the following electronic transaction in error:

(Brief recitation of transaction details.)

You are required to investigate this matter within 10 business days of your receipt of this letter and provide me written confirmation of the results of your investigation. My desired resolution is a deposit of $XXX into my checking account with last four digits 1234.

Regards,

$YOU

You really want BigBank to put into writing "We think we've satisfied our obligation to you because you told us to send it to your mother and instead we sent it to somebody in Cincinatti; that was totes reasonable." Or, rather, you want a lawyer at BigBank to say "Eff no I am not putting that in writing; pay him $300 and charge it off to operational losses, that's what that budget is for."

Please elaborate, what is regulation E?
You've asked a question which is approximately "What is a garbage collector?" in terms of depth.

Here's the short answer: it's a regulation about electronic funds transfers that US financial institutions, including every bank which offers Zelle, are obligated to uphold.

There is a longer version of this answer; your life will probably not be materially improved by knowing it, but you can Google and read at your leisure.

> This is written notice under Regulation E that BigBank has processed the following electronic transaction in error

Do we know if Reg E [1] applies to Zelle? A safer bet is likely writing to your state financial services regulator.

[1] https://www.fdic.gov/regulations/laws/rules/6500-500.html#fd...

I work at a financial institution with some professionals who will get very cross with me if I apply the requirements of a statute to the facts of a particular banking product. Let me just observe that, separate from the legal issue, it is unlikely as a matter of business practice that any lawyer working for a financial institution would commit that position to paper.
(comment deleted)
> somebody in Cincinnati

I love how my old city gets mentioned randomly a lot .. like the first episode of BoJack Horseman with the Penguin.

(comment deleted)
I hope this method is still effective given who's in charge of the CFPB. I'm pretty sure they're responsible for enforcing Reg E for the largest banks (correct me if I'm wrong).
Early Warning is owned by a consortium of major banks. Supposedly during development of the apps, if any one bank wanted a feature the team basically had to implement it. Allegedly the team wasn’t allowed to push out the ship date or refuse new features, their only lever was adding more resource.

Any wonder why it shipped months late and with the most horrific reviews I’ve ever seen for a mobile app? My guess is fixing problems going forward won’t be an easier.

Fixing problems might not be easy, but as you mention, Early Warning is owned by a consortium of large US banks. Compared to PayPal, Stripe, and other non bank chartered institutions, their resources are effectively unlimited. Those problems are going to get fixed eventually.

Wells Fargo was fined a billion dollars [1] and will continue to operate as an ongoing business. This is a road bump.

[1] https://www.npr.org/sections/thetwo-way/2018/04/20/604279604...

Throwing infinite money and developers at something does not make a good product.

Source: I work for a SaaS aimed primarily at large banks, most of which attempted to build our product themselves before giving up and signing with us.

Just curious, what does your SaaS do? Additionally, I've come to believe that even the most forward thinking banks and credit unions don't understand tech one bit, based on how poorly written most of their software is.
> Throwing infinite money and developers at something does not make a good product.

Of course not. But it gives them more time to try and more attempts, where your runway is limited. You would eventually run out of funds if you don't find product market fit. They will not run out of funds, ever.

And likely they will be unable to build a good product, ever. You can't have decision making dissonance at the most senior levels of your organization and make good products.

Resources alone solve no product problems, leadership is far more important. I know of a $10B company whose most important feature (by far) of it's consumer facing app fails well over half the time customers tried to use it. This problem has been known for nearly a year and at no point has the team been allowed to make fixing it a priority.

Your product doesn't need to be good if you control the market for it.

You’re going to go start a bank you say? See BankSimple and Standard Treasury (and their abysmal exits to real banks, BBVA and Silicon Valley Bank, respectively) to see what that path looks like.

Having a great product alone is not good enough.

They have lots of, but not infinite resources. Their structure and leadership Dooms any attempt to make a good product. They can’t even agree on reasonable fraud prevention rules criss banks.
why couldn't they throw down the cash to buy out an existing product that doesn't suck?
Is any of this actually new or unique? If you mail an old school check to the wrong address and never get your concert tickets, do you get your money back?
Probably. Most likely you’d never lose the money in the first place, since the incorrect recipient would be unable to cash the check. If they did fraudulently cash it then you could get that reversed.
I noticed that one of the issues with Zelle is that people have accounts at multiple banks that all support Zelle but they use only 1 phone number connected to their banking apps. So sometimes when I send money from my chase mobile banking app to my friend's number who also has chase mobile banking app, the money actually ends up going to his bank of america account because he uses the same phone number on bank of america mobile banking app as well. Sometimes this becomes a serious issue and I think there is no centralized way to change your 'Zelle' settings.
Them tying this to a (cell) phone number is actually VERY annoying. I have multiple bank accounts, but one cell phone. The fact they limit the ability to create more accounts without more than one phone creates all sorts of issues.
You can tie to an email. I sent money between 2 accounts I own where one is tied to my phone and the other an email. Not sure if this is technically “allowed” but it is way faster than using the actual external bank transfer options.
In my experience, Zelle doesn't let you concurrently link a single phone number to multiple accounts.
Here in kiwi-land, a bank transfer from one individual or business to another is considered the most basic of banking services and all banks support it.

Here are some screenshots from the KiwiBank web interface, (but it's similar for all banks):

https://i.imgur.com/ug9VU5t.png https://i.imgur.com/HRsyQoN.png

There are no fees related to this unless you start doing international transfers, it's just part of the service.

I think this has to do with a fundamental difference in how sensitive account number and routing numbers are in the US compared with other international financial systems I have used.

In the US, if someone has your account number and routing number you can attempt all sorts of fraud via the eCheck system. People and companies are wary about giving out their account numbers. Providing an account number here is more often used to withdraw money than deposit. These payment services offer an extra level of authentication and authorization that does not appear to be easily accessible in the traditional banking sector.

Meanwhile, in my experience, in the UK sharing your account number is primarily used for other people doing a personal transfer to you. The institutions that can withdraw money directly from your bank account are limited to those in the Direct Debit system that has some vetting procedures and guarantees similar to what you would get in a credit card agreement[1]. This significantly reduces the chance of fraud, even with incidents like when Jeremy Clarkson printed his acct # in a newspaper on purpose [2].

[1] https://www.directdebit.co.uk/DirectDebitExplained/pages/dir...

[2] https://www.theguardian.com/money/2008/jan/07/personalfinanc...

The account number is literally on the bottom of your checks. It's not a secret and shouldn't be treated as one.

Also in Australia/NZ, transfers are two directional as well. But just like the US, transfers happen in batches and through authorized banks (well until very recently when AU implemented instant transfer). As long as it's within the same country, you can track down fraud and close down those accounts.

ACH is the US is restricted in a very similar way. It's very difficult for a non-bank to submit ACH files unless via a bank. The US could easily have a system just like AU/NZ/much of Europe (and in many EU country, they just add a TAN number, a one time non-reusable token to transfer funds).

I wrote a post about this a while back:

https://penguindreams.org/blog/the-american-banking-system-i...

> The account number is literally on the bottom of your checks. It's not a secret and shouldn't be treated as one.

Both parts of your second sentence are true, but, I think, irrelevant in practice: much like the SSN, which isn't meant for and shouldn't be used for identification but nonetheless is, the account number shouldn't be treated as a secret but is, in the sense that banks permit withdrawal activity on the basis of just the account number. They shouldn't! But they do.

What's the deal with you Americans and your magic numbers?

So you have your Social Security Number that you can't give for fear of someone impersonating you, your Credit Card Number you cannot give for someone might steal from you and now you tell me you can't even give your bank account number.

So you have all theses numbers you have to keep secret because they are the gateway to someone ruining your life, yet you still have to communicate them routinely to a number of institutions in order to function in society. Isn't that a bit crazy?

Yep. So many people are afraid of having a universal system for identifying (and tracking) us that they would much prefer many smaller broken systems used for impersonating us.
Looks like IBAN has a hard time catching on in the US.

I never considered it a problem supplying my banking information to just about anybody who asks for it.

<shrug>

The two are highly related, but one is not directly responsible for the other.

The root of of what keeps the "pull" system entrenched is the regime where whomever originates a fraudulent transaction into the network is responsible for dealing with the mess.

This explains why banks have explicit daily transfer limits for their bank to bank transfer feature (and online bill pay) outgoing and incoming, but will let arbitrarily high debit transactions post to your account from elsewhere. You click dispute, your bank sends back an ACH reject, and then the originating bank needs to figure out wtf happened.

This also explains why local banks ACH initiation limits are obscenely low - same risk profile as online-only banks, but they'd rather not have to clean up messes (whereas the online banks are basically forced to be in that business).

This creates a stable system of course, whereby it's in no individual bank's interest to start encouraging push transfers - they'd just have to potentially deal with even more fallout for no gain.

> The catch is that the bank, like all the others that use Zelle, only considers transactions fraudulent if the customer did not authorize them.

How can the banks be so short-sighted? Soon a lot of people will hear that Zelle is not secure and they will avoid using it.

Lots of banks and Credit Unions have implemented Zelle in app, its the last gasp they have to compete against Venmo. The only upside to Zelle is essentially offering instant transfers for free, where Venmo makes you wait a few days or pay $0.25.
The upside is that it's instantly in the target bank account, not a week away as it is with Venmo.

I use Venmo to pay bar tabs and event tickets. I use Zelle to send my wife money for the mortgage.

That’s a pretty huge upside IMO...

It’s actually even faster than instant deposit on Venmo because the funds appear to settle instantly (not just transferred instantly)

It is, I rather like it. There is a 1 business day delay for your first transaction fyi, which is a reasonable fraud deterrent. All transactions thereafter between Zelle members are instant and free though!
It is pretty huge, and as long as you're using it with people you actually trust, it should be safe.
Because the banks are trying to do something to replace cash. No one will ever find me if I pay for a fraudulent transaction with cash!

They could probably use some kind of reputation system to warn that a transaction may be fraudulent... But let's get real for a minute. You need to take some responsibility when you're making a purchase to make sure that the other party is going to come through. When it comes to concert tickets, doesn't Ticketmaster already offer services to allow people to transact in tickets?

Edit: One thing the banks could do, is differentiate between a person-to-person transfer, and a merchant requesting payment. There could be some kind of fraud restitution system when the payment is sent via a Merchant's request for payment. If someone asks you to send money without the normal merchant system then you know that it could be a scam. The banks could always warn that the person to person payment system is like putting cash in an envelope and cannot be refunded if there is fraud.

The article gave the example of a guy sending money to his mother's phone number, but somehow someone else registered that number and the bank refused initially to refund him because the transaction was authorized by him.
Fraud protection and dispute resolution are what you pay the credit card interchange fee for. What, did you think they were suddenly going to give away that service for free?
It's frustrating to me that I can't just go to my Wells Fargo account on the web and send money from my account to my recipient's account by routing and account number.

I can do that with my USAA bank account.

(comment deleted)
US Bank took away next day transfers to a bank account via routing/account number (ACH) as they are pushing Zelle more. They also dropped the (previously higher) transaction limits on 3-day routing/acct numb/ACH down to the $5,000 3-day limit on Zelle.

It’s frustrating when they take away a perfectly good service just push their new thing harder.

The Zelle app has had very poor Android support for quite a while... When I first tried to get the app to receive money it didn't even allow the account registration OR login flow to complete without the app crashing.
It's still iffy. I have to reenter my phone number every time I open the app
One of the examples used in the article, isn’t an argument against Zelle. Some chick sending a cash transfer for the full amount of some concert tickets got burned by some dude on craigslist.

Didn’t know Venmo came with schmuck insurance.

A conglomerate of giant, old, non-tech companies tried to launch a casual and trendy service, and the software sucks? I'm shocked.

That said: "...a phishing email that appeared to be from Wells Fargo tricked her into entering her bank ID and password into a fraudulent website." This situation didn't depend on Zelle's existence to be possible. I would say the problem here is browsers not doing a good enough job helping people identify when a site isn't the one they think it is, but it's a tough problem.

There needs to be a very large, very prominent warning on every transaction:

"ONLY SEND MONEY TO PEOPLE YOU KNOW."

"IF YOU SEND MONEY TO A SCAMMER, ZELLE WILL NOT HELP YOU GET YOUR MONEY BACK."

Zelle is not PayPal.

There is no dispute resolution service if the seller on Craigslist doesn't deliver and stops responding to your messages.

Don't use Zelle to send money to strangers.

Venmo is the same way. A friend of mine accepted payment for a piece of hardware through Venmo. My friend handed over the hardware in person to the buyer once the payment was "in" my friend's wallet and he had initiated the cash out, but before the money had actually cleared into his bank account.

Once he and the buyer parted ways, the payment was canceled due to a claim of fraud by the card's owner, and my friend's Venmo account was suspended because had used it for commercial purposes and not just sending money between friends.

Apparently, even if you already have the money cleared in your bank account, Venmo has the ability to charge it back once a fraud claim is initiated. Apparently this is very common on the platform.

> Venmo is the same way.

If Venmo reverses payment due to claims of fraud, then this is pretty much the exact opposite of Zelle. That makes Venmo more like PayPal, with a dispute resolution process.

Zelle doesn't care if your counterparty is a scammer. If you initiated the payment, the money is gone.

There are two different kinds of fraud. One is where there is fraudulent payment like from account being taken over. Venmo and Zelle can reverse those transactions. The other kind is where purchase is fraudulent. Venmo and Zelle don't offer any protection for purchases or sales. It is only credit cards and equivalent that offer purchase protection.
> It is only credit cards and equivalent that offer purchase protection

And PayPal, Payza, etc.

> Zelle is not "a company even worse on refunds and user rights"

missed your point.

I've had problems with all of these online cash transfer "apps", so much so that I don't trust any of them. Venmo flagged my account and required me to "call them up" to "fix" things (yeah no).

I've used google pay the most, but I've sent money with google pay that never reached the destination bank (the destination bank said it was "google's fault", whatever we canceled the transactions).

I've sent money to an associate's email address with google pay and then a few days later she told me someone had withdrawn $999 dollars from her account associated with google pay. Her bank did get her money back after some days. yikes.

Banks should not be "moving fast" to "catch up". They should be providing a trustable experience. I have zelle available with my bank, but no way am I experimenting until it's been stressed out.

If your bank flags and blocks your credit card for suspicious activity which you didn't initiate, are you going to "yeah no" them too, and refuse to call them up?

There is nothing wrong with having to call up a financial institution to verify things that raise alarm bells for them.

I usually just pull out a different credit card, and then take the card that didn't work out of my wallet when I get home.

Sometimes I might get around to calling my bank (somewhat depends on my perception of how long their customer service is going to take to fix the issue), but it's faster for me to just replace that card with another card from my collection of cards (I've got too many cards to keep them all in my wallet at any given time).

The last card which was incorrectly flagged for suspicious activity probably cost that bank several thousand dollars in foregone interchange fees.

> Sometimes I might get around to calling my bank (somewhat depends on my perception of how long their customer service is going to take to fix the issue), but it's faster for me to just replace that card with another card from my collection of cards (I've got too many cards to keep them all in my wallet at any given time).

This is a real and common problem for banks/card issuers, who tend to be obsessive about keeping genuine transactions declined to a minimum for this reason.

Blocking all fraud is achievable, but it would come at the cost of many instances like this.

For credit cards/banks, yes, but I can live without venmo. I initiated the transfer, but they then blocked my account, so I closed the account.
While Bitcoin is making the whole industry redundant.
Pro tip for using Zelle more safely: Ask the receiver to request funds from you vs sending to X or Y number/email.
The one thing I don't understand about Venmo is that it, based on my (limited) use, seems to show transactions amongst users in a "social networking" manner. I believe you are able to make your activity private, but why would anyone want it any other way? Am I the only one who thinks this is absolutely absurd? I am a very happy user of Square Cash as a result.
Sort of. It shows who paid who and their comment, but it does NOT show how much money was exchanged.
Yep. I made mine private by default, but it is basically just a way to send a friend money, that if you leave it public to other friends, is just a way to share jokes.

Paying a roommate for utilities but setting the description to the tongue-out emoji and an eggplant, or something similarly silly.

Of course not everyone has an Apple device, but person-to-person Apple Pay is really slick and, based on my amateur analysis, very secure.
haha I actually tried using Zelle a few days ago - "oh look, the banks are joining the future! lets try this". WRONG. Super convoluted and couldn't get it to work in the end, even after calling customer service.

Paypal was 30 seconds.

Zelle is Helle

Venmo itself has had a long history of the same issues. The main problem here for Zelle is that they should have seen this coming and handled it a bit better.