Fraud on P2P Payment Apps Like Zelle and Venmo: A Primer

As long as money has existed, criminals have plotted clever ways to steal it. Rather than bank robberies or armored-car heists, the thefts of today often take place digitally through schemes to dupe consumers. As technology for moving money has evolved, so too have methods for stealing it. A prime target today for fraudsters is peer-to-peer, or P2P, payment platforms, such as Zelle or Venmo. These apps provide a quick, easy and inexpensive way for friends to pay each other back for dinner, homeowners to pay a handyman and parents to pay babysitters.  

This note provides a basic summary of the functions of P2P payment platforms and tips for using these platforms safely.

Key differences between major P2P apps.  Generally speaking, all P2P payment platforms, including Zelle and Venmo, enable consumers to send and receive money.  However, Zelle differs from Venmo and other FinTech competitors in several important ways.  The foundational difference is that Zelle is a bank-owned network while Venmo and other P2P payment platforms are offered by third-party FinTechs, which are not banks (meaning they generally don’t have FDIC insurance or bank licenses and are not subject to consolidated prudential regulation or supervision). 

The following table highlights certain features of Zelle and typical FinTech P2P apps:

Features of Zelle and typical FinTech P2P apps

What happens if you send money, then regret it? Some detractors criticize P2P platforms, including Zelle and those offered by nonbank FinTechs, because it’s hard or impossible to get money back when customers get scammed into paying an untrustworthy person. But money sent on P2P platforms should be thought of like cash: accessible instantly, or close to it, and difficult to recover if it’s sent to someone by mistake.

To be clear, customers are protected if there is an operational error in the system or a fraudster initiates payments from a consumer’s account without authorization.  But if a customer intentionally makes a payment, even if the payment was induced by fraud, there is no way to cancel the payment once it is sent.  Such payments are effectively irrevocable – just like when a fraudster or thief walks away with cash, never to be seen again.  Thus, for some payments and some users, other types of payment rails may be more appropriate, particularly ones where one is unsure if the goods and services will actually be provided – e.g., an online purchase from a merchant you don’t know for concert tickets.

Zelle and other payment platforms seek to protect consumers in some ways, including by layering security features into their apps (like data encryption), multifactor authentication and fraud controls.

Despite these safeguards, scams and fraud do happen. For example, a middle school teacher in Texas was scammed out of $166 on Cash App when she called what she thought was a fraud helpline and ended up with account-draining malware. “Puppy scams” are another scourge: a supposed dog breeder solicits payment for a pup that never existed. In the pandemic, when much of daily life moved online, “fast fraud” – exploiting the instantaneous speed of payments – found a niche.

A recent news article insinuated that fraud occurs more frequently on Zelle compared to FinTech P2P apps.  However, the data cited within the article in fact demonstrates that since 2017, two-thirds of P2P complaints submitted to the CFPB have been about Venmo, a unit of PayPal; Cash App, a unit of Block; and Coinbase Global, the owner of a cryptocurrency exchange platform.

Further, according to data cited in The New York Times, from 2019 to 2020, app reviews mentioning “fraud” and “scam” decreased 8% for Zelle, even as daily average users grew 21% year over year. By contrast, “fraud” and “scam” mentions on app reviews for Cash App jumped 165%, 97% for Venmo, and 62% for PayPal Mobile Cash over the same period.

While consumer protection laws may help consumers who have been scammed in certain instances, the protections available under those laws and regulations may vary based on whether a transaction is considered “authorized” or “unauthorized.”  In an unauthorized transaction, someone other than the consumer makes a payment from the consumer’s account.  For example, a fraudster gains access to a consumer’s bank account and makes a payment without permission.  In these instances, because the payment was not authorized by the consumer, consumers can generally get their money back after reporting the incident to their bank or P2P provider.  However, if the consumer authorizes a payment but does not receive the promised goods or services or is otherwise deceived, consumers may not have legal protections.

To help protect consumers, Zelle and other payment platforms are educating consumers on how to safely use their services.  Indeed, the best defense is a customer’s common sense:

  • Don’t send money to people you don’t know.
  • Don’t give out your passwords or personal information or make passwords easy to guess.
  • Don’t click on any random links in emails or text messages.
  • Slow down and read: make sure messages are from a trustworthy source before you provide any information.
  • When in doubt, don’t respond to the message, but instead contact the source through an alternative, reliable channel, such as the business or financial institution’s verified phone number found on their official website or on the back of a debit card.

In addition, the banking industry provides extensive education for customers on how to protect themselves from loss by avoiding scams — from providing basic phishing tutorials (“don’t click strange links”) to educating consumers about more sophisticated “social engineering” schemes that prey on consumers’ inclination to trust someone or something that sounds familiar or official. The American Bankers Association ran a “Banks Never Ask That” campaign to help customers avoid scams.

What can a consumer do if they believe they’ve been defrauded or scammed?  If the incident occurred through Zelle, consumers should call their bank. Banks have significant expertise in dealing with customer concerns and helping consumers, while some FinTech firms providing bank-like services have garnered criticism for being unresponsive to consumer complaints and concerns.

To learn more about preventing payments fraud, see the following materials:

Click here to download the infographic.

[1] Some FinTechs have entered into “rent-a-bank” arrangements with other banks by which they give their customers the option of holding their funds on a debit card linked to the “wallet” that is covered by the bank’s pass-through FDIC insurance.