> But Wells Fargo said the transaction wasn’t fraudulent because Mr. Faunce had authorized it — even though he had been tricked into transferring the money.
This seems like the difference between me writing a check to a con man and a thief forging a check. If I’m tricked into writing a check, then it’s not bank fraud, it’s grift or theft.
So I see the banks point as it’s not their responsibility to make people whole after being robbed. I assume they are cooperating with police, FBI, etc.
That being said, Zelle is scary how it seems more fraud and scammy than paypal and Venmo. And I didn’t think that was possible. It’s like the banks didn’t test this for fraud and scams and they don’t seem to care enough to adjust the UX to reduce this risk.
The aspect described in the article where anyone can register any number without confirmation from the bank seems surreally stupid and the bank should be at fault for allowing a stranger to register a phone number that’s not theirs. It seems straightforward for a bank to only allow phone numbers on the bank account to be linked to a Zelle account.
> This seems like the difference between me writing a check to a con man and a thief forging a check. If I’m tricked into writing a check, then it’s not bank fraud, it’s grift or theft.
Yes, but this is inapplicable for the second case listed in the article, where someone's phone was stolen and used to make unauthorized transactions. Those transfers are truly unauthorized and should be reversed under regulation E, regardless of the bank's use of snake oil "2FA". This unjust deflection is one of the problems with creating new login hoops in general - banks will do everything they can to claim their new system means every transaction is definitively authorized, until slapped down by regulators and the courts.
>That being said, Zelle is scary how it seems more fraud and scammy than paypal and Venmo. And I didn’t think that was possible. It’s like the banks didn’t test this for fraud and scams and they don’t seem to care enough to adjust the UX to reduce this risk.
How so? I like the easy of Zelle, but much like cash it's true you can hand money over to just about anyone. To me, though, it's a 'freedom comes at a price' sort of thing. I'm not sure how they could go about making Zelle less 'scammy' tbh
In that you can register a phone number without any confirmation. So the security of Steam is stronger than signing up to receive money on Zelle.
Same for Venmo and PayPal. I can’t add a phone number or email to PayPal without confirming it.
It seems odd to receive funds without verifying my contact info.
Also, seems like there should be some age issues for the amount. The fact that I can open an accounts, scam $500, and shut it down very quickly is bad. My bank doesn’t let me deposit checks over a certain amount before checking my credit and having an account for a while. Seems Zelle should be as hard as a normal checking account.
My n=1 - At $Employer, we had a prospective vendor who insisted on payment via Zelle. Made a quick "what should we know about Zelle?" call to $Employer->Bank. After a few phone transfers, their expert told us to avoid Zelle if at all possible. Because for a legit business, that platform was very little better than traditional alternatives. Vs. for a fraudster, it was vastly superior. So if we considered P(vendor is crooked|vendor insists on Zelle), and did the math...
I guess that is why it was downvoted. I upvoted it because it made a good point (I'm not a programmer, but I think I understood it):
The upside of using Zelle for a legit business is almost nil, the upside of using Zelle for a scammer is very high, thus if someone claiming to be a business insists on using Zelle, it'd reasonable to assume it's a scam.
I'm familiar w some issues here. At least in the past the traceability / status of funds from sender side was not really available.
With ACH you can usually figure out who bank is and go from there. Return codes if money didn't credit. Checks same thing presenting bank and back of check. Wires same thing.
Zelle they will say nothing. If someone says I didn't get the money - you have no cancelled check to point to even.
Fraud detection is poor. TRX limits make it hard to use for some things def a stay away
>"In their appeals to Wells Fargo, Mr. Faunce and Ms. Gibson cited the consumer bureau’s rules about fraudulent losses, but the bank repeatedly rebuffed them."
I don't understand why Well Fargo is still able to operate as a bank or why consumers would ever even consider maintaining an account with them. It has been shown that they have literally operated as a criminal enterprise, conspiring against their own "customers." While I really feel for these folks I wouldn't expect anything less from this toxic shit hole of a company. Please vote with your feet.
From the Department of Justice, 2 years ago:
"Wells Fargo & Company and its subsidiary, Wells Fargo Bank, N.A., have agreed to pay $3 billion to resolve their potential criminal and civil liability stemming from a practice between 2002 and 2016 of pressuring employees to meet unrealistic sales goals that led thousands of employees to provide millions of accounts or products to customers under false pretenses or without consent, often by creating false records or misusing customers’ identities, the Department of Justice announced today." [1]
From the Texas Attorney General:
"Between 2009 and 2016, Wells Fargo opened as many as 3.5 million bank accounts, transferred funds, filed credit card applications and issued debit cards without customers’ knowledge or consent. The bank disclosed that it found 528,000 unauthorized enrollments of customers in its online bill payment service.
In addition, Wells Fargo improperly referred customers for enrollment in third-party renters and life insurance policies; charged auto loan customers for insurance they did not need; failed to ensure that customers received refunds of unearned premiums on certain optional auto finance products; and incorrectly charged customers for mortgage rate-lock extension fees."[2]
Tried using Zelle last month to pay back a friend, and it triggered a fraud alert. They called me, we spent half hour on the phone verifying everything. Then the next day they locked my bank account. Took me a week to get it back, after hours on the phone.
I have heard this exact same sequence of events now from two coworkers, a friend and one family member we well. Apparently these banks actively promote the Zelle service within their mobile apps, the usage of which then triggers the banks own fraud departments against the customer for using them. And as you mentioned the net result is hours of lost time which of course is not compensated for in any way.
I tried on multiple occasions to pay my rent using Zelle. Every time except one, the transactions failed with a "cancelled by recipient" or "cancelled by recipient's bank" message. My landlord verified that neither he nor his bank ever cancelled any of the payments, and I haven't bothered with Zelle since.
How can a payment system that a) misrepresents basic transaction history, and b) alters time-sensitive, in-process payments based on that misrepresentation, be trusted?
> The thief was able to sidestep the bank’s two-factor authentication process by asking Mr. Faunce to read out the verification codes that Wells Fargo sent to his phone.
I wish people installing 2FA apps could be better educated on the proper use of verification codes. Could the app when first run perhaps force the user to follow an interactive lesson that includes recognition of these cons?
Does the US not have e-transfers? Up here in Canada you can easily transfer money directly between accounts. You log into your bank and provide the email address for the recipient. The bank emails them a transfer message. They log into their account and accept the transfer. Could not be easier.
Probably this is not something that most people in the US are aware of but Zelle is extremely popular in Venezuela. So much so that businesses and people use accounts from friends to recieve/make payments.
But of course, having your account to use Zelle is not really possible at the moment, since it's hard to travel to the US and as far as I'm aware they're not opening accounts for foreigners anymore (at least to Venezuelans)
20 comments
[ 4.6 ms ] story [ 74.4 ms ] threadThis seems like the difference between me writing a check to a con man and a thief forging a check. If I’m tricked into writing a check, then it’s not bank fraud, it’s grift or theft.
So I see the banks point as it’s not their responsibility to make people whole after being robbed. I assume they are cooperating with police, FBI, etc.
That being said, Zelle is scary how it seems more fraud and scammy than paypal and Venmo. And I didn’t think that was possible. It’s like the banks didn’t test this for fraud and scams and they don’t seem to care enough to adjust the UX to reduce this risk.
The aspect described in the article where anyone can register any number without confirmation from the bank seems surreally stupid and the bank should be at fault for allowing a stranger to register a phone number that’s not theirs. It seems straightforward for a bank to only allow phone numbers on the bank account to be linked to a Zelle account.
Yes, but this is inapplicable for the second case listed in the article, where someone's phone was stolen and used to make unauthorized transactions. Those transfers are truly unauthorized and should be reversed under regulation E, regardless of the bank's use of snake oil "2FA". This unjust deflection is one of the problems with creating new login hoops in general - banks will do everything they can to claim their new system means every transaction is definitively authorized, until slapped down by regulators and the courts.
How so? I like the easy of Zelle, but much like cash it's true you can hand money over to just about anyone. To me, though, it's a 'freedom comes at a price' sort of thing. I'm not sure how they could go about making Zelle less 'scammy' tbh
Same for Venmo and PayPal. I can’t add a phone number or email to PayPal without confirming it.
It seems odd to receive funds without verifying my contact info.
Also, seems like there should be some age issues for the amount. The fact that I can open an accounts, scam $500, and shut it down very quickly is bad. My bank doesn’t let me deposit checks over a certain amount before checking my credit and having an account for a while. Seems Zelle should be as hard as a normal checking account.
Oh - $Employer->Bank == 'JPMorgan Chase'.
The upside of using Zelle for a legit business is almost nil, the upside of using Zelle for a scammer is very high, thus if someone claiming to be a business insists on using Zelle, it'd reasonable to assume it's a scam.
its the classic jargon speak problem most specialized fields have.
With ACH you can usually figure out who bank is and go from there. Return codes if money didn't credit. Checks same thing presenting bank and back of check. Wires same thing.
Zelle they will say nothing. If someone says I didn't get the money - you have no cancelled check to point to even.
Fraud detection is poor. TRX limits make it hard to use for some things def a stay away
I don't understand why Well Fargo is still able to operate as a bank or why consumers would ever even consider maintaining an account with them. It has been shown that they have literally operated as a criminal enterprise, conspiring against their own "customers." While I really feel for these folks I wouldn't expect anything less from this toxic shit hole of a company. Please vote with your feet.
From the Department of Justice, 2 years ago:
"Wells Fargo & Company and its subsidiary, Wells Fargo Bank, N.A., have agreed to pay $3 billion to resolve their potential criminal and civil liability stemming from a practice between 2002 and 2016 of pressuring employees to meet unrealistic sales goals that led thousands of employees to provide millions of accounts or products to customers under false pretenses or without consent, often by creating false records or misusing customers’ identities, the Department of Justice announced today." [1]
From the Texas Attorney General:
"Between 2009 and 2016, Wells Fargo opened as many as 3.5 million bank accounts, transferred funds, filed credit card applications and issued debit cards without customers’ knowledge or consent. The bank disclosed that it found 528,000 unauthorized enrollments of customers in its online bill payment service.
In addition, Wells Fargo improperly referred customers for enrollment in third-party renters and life insurance policies; charged auto loan customers for insurance they did not need; failed to ensure that customers received refunds of unearned premiums on certain optional auto finance products; and incorrectly charged customers for mortgage rate-lock extension fees."[2]
[1] https://www.justice.gov/opa/pr/wells-fargo-agrees-pay-3-bill...
[2] https://www.texasattorneygeneral.gov/news/releases/ag-paxton...
Never again. Avoid Zelle like the plague
How can a payment system that a) misrepresents basic transaction history, and b) alters time-sensitive, in-process payments based on that misrepresentation, be trusted?
I wish people installing 2FA apps could be better educated on the proper use of verification codes. Could the app when first run perhaps force the user to follow an interactive lesson that includes recognition of these cons?
But of course, having your account to use Zelle is not really possible at the moment, since it's hard to travel to the US and as far as I'm aware they're not opening accounts for foreigners anymore (at least to Venezuelans)