Zelle’s bumpy ride toward ubiquity

Zelle, the bank-led person-to-person payment network, is having growing pains.

As of Tuesday, 100 financial institutions were enrolled and 19 were up and running. In the first quarter alone, $25 billion passed through the network in 85 million transactions.

Banks and consumers have learned a handful of truths — good and bad — about the network as it copes with a number of challenges including fraud threats, growing demand as well as technical and enrollment issues. Here is what some of the bankers involved have to say about it all.

Zelda's transaction volume for 2016 and 2017, compare to Venmo

Fraud is an issue, but not an enormous one. News reports in recent months have focused on fraud aimed at Zelle users and raised questions about whether banks are doing enough to protect them. The reports have relayed several victims’ stories of losing money through the network. “I know of one bank that was experiencing a 90% fraud rate on Zelle transactions, which is insane,” a PwC partner, Genevieve Gimbert, told The New York Times in a recent story.

The 90% statistic was eye-popping. You would expect any program with a 90% fraud rate to be immediately shut down.

Lou Anne Alexander, group president of payment solutions at Early Warning Systems, which operates Zelle, would not share how much fraud occurs on Zelle, but she said it’s not 90%.

“Ninety percent fraud would have been ridiculous and unfathomable,” she said. “Fraud rates are calculated as basis points of a percentage, and ours are in line with other electronic person-to-person payment fraud rates. While no fraud is good fraud, we’re not suffering anything that would be unfathomable.”

On Tuesday, PwC issued a correction saying it had “determined the 90 percent figure is unsubstantiated." It further said that “the statement could be read to incorrectly suggest that there is an issue with Zelle itself rather than merely pointing out that appropriate controls and procedures are needed by banks and other users in order to properly implement any new payment system.”

All that said, fraud does happen on Zelle.

In one example in the Times article, a user tried to buy tickets to a Justin Timberlake concert from someone on Craigslist who took the Zelle payment but never sent any tickets.

“I naively believed that since my bank uses it, the accounts must be connected to real people, with some sort of protection built in,” she told the newspaper.

Alexander said Early Warning does try to vet people before letting them on the network, it monitors for bad activity and removes people who appear to be bad actors, but there are limits to what the company can do.

“We can’t give people a dishonesty test," Alexander said. "We don’t know if they will oblige by putting goods in the mail."

Alexander also pointed out that, somewhat ironically, Zelle was criticized in its early days for denying enrollment to consumers as it was trying to mitigate fraud.

In another case, money routed mistakenly to the wrong cellphone number was not refunded until the newspaper contacted the bank about it. In other cases, phishing and social engineering were used to drain money out of accounts.

Jim Reuter, CEO of FirstBank in Lakewood, Colo., which was the first nonfounding member of Zelle to adopt it (the founding members were Wells Fargo, Chase and Bank of America), has seen attempts at account takeover on Zelle, and he has seen Zelle used to move money “because it's fast and easy to do,” he said.

But he hasn’t seen fraud to the degree described in the article.

“We have experienced very little fraud relative to the volume,” he said.

The $18 billion-asset FirstBank has set limits on how much money people can send through Zelle: $1,500 a day, $5,000 a week and $10,000 a month.

“In case we don't detect an account takeover, we put an upper [limit] on what we could lose,” Reuter said. “That also limits the use cases. So as you can guess, we're trying to get better at fraud detection and be more intelligent using data, using past activity, getting more history, seeing what else they're doing in the app to see if it looks like our customers’ normal behavior.”

Alexander said banks bear most of the responsibility for detecting and preventing fraud. She also said banks have to tune their fraud and risk engines as they work with Zelle.

“The more lessons you have, the better those fraud and risk engines are,” she said.

Alice Milligan, chief customer and digital experience officer at Citi Cards, suggested that her bank, which joined Zelle in June 2017, has made the necessary adjustments to its fraud and risk controls.

The bank carefully vets all partners and it hires cybersecurity experts from the FBI and elsewhere to have people with a well-rounded set of experience to deal with fraud, identity theft and security issues. It continually monitors visible transactions as well as those on the dark web.

“It’s a multifaceted, multipronged approach we take and we recognize that with the privilege of having customers use your product comes the responsibility of having security and keeping them safe,” Milligan said.

Consumers also have to be more careful on Zelle, treat it like cash, send money only to people they know and trust, and provide valid payment instructions, Alexander said.

Their accounts are protected through Reg E, so if a crook takes over an account and sends funds from it, the bank has to make that customer whole. Customers are not protected against disputes or someone not delivering a good or service.

Zelle transactions are larger than you’d think. In 2017, FirstBank handled 1 million Zelle transactions that totaled $338 million, making the average transaction $338.

“That's not small P-to-P money movement only. It's being used for a number of different things,” Reuter said.

People are using Zelle to pay rent, split bills with roommates and dinner companions, shop at garage sales, and pay babysitters and lawn services.

Alexander said that in 2017, the average Zelle transaction was $302, down from around $400 the year before.

“We still see rent as a large portion of dollars spent on Zelle,” she said. “However, we also see meals, holiday gifts, birthday gifts and shared travel expenses.”

The business case for P-to-P is: You have to do it. Reuter pointed out that Venmo handles $35 billion in payments a year.

“A banker said to me, what's your return on investment?” Reuter said. “I said, what's your return on investment in a teller line and the call center? When you talk to consumers and see their usage of Venmo, it's pretty clear that this is a table-stakes offering.”

Reuter sees an opportunity to make revenue offering Zelle to small businesses. It would offer the ability to send an invoice with a request for payment through Zelle. That way, the bank could streamline the company’s bookkeeping and offer payments at less than the cost of a credit card transaction.

Supporting Zelle is also a brand play, Reuter said.

“If someone's using Venmo, they're not seeing your brand,” he said.

Alexander said several insurance companies use Zelle to get money to disaster victims right away.

Zelle is faster than Venmo. This is well known and the reason for the name Zelle, which is short for gazelle. Zelle payments are push credits, like wire transfers. They go into a bank account, and the money can be used immediately through a debit card, a check or getting cash at an ATM or branch. The Zelle network rules require call for immediate memo debiting and memo crediting of transactions.

“That's a significant advantage over Venmo and something I've tested with folks inside and outside the Zelle network,” Reuter said. “They get the text, they pull up their account and they see it in their available balance.”

Deploying Zelle has its complications. FirstBank had a relatively easy time implementing Zelle because it does most of its information technology in house. It built its own core system and mobile and online apps, so there was no need to wait for a vendor to help.

Banks need to connect to the Zelle directory, where aliases, tokens, cellphone numbers and email addresses are connected to the banks that house the accounts.

Banks also have to share data about all their customers with Early Warning Systems.

“This took us aback a little bit,” Reuter said. “In the beginning, we resisted that because it felt like oversharing. But as we studied it more, and did due diligence on their security, we saw they were using that data to manage fraud and that that could be beneficial to us.”

Alexander said Early Warning has a long history of using shared bank data in collaborative way and it uses the data purely to combat fraud.

You have to use Zelle’s user interface. When Reuter’s bank first joined Zelle (back then it was called clearXchange), each participant had its own user interface.

“It did not work,” Reuter said. “If I was a FirstBank customer and I wanted to send money to someone at Wells Fargo on the clearXchange network, I could not tell them how to enroll, I could not tell them what the application looked like or anything,” he said. “A big advantage Venmo had was everyone knew how it worked, because they all had the same user experience.”

When Early Warning purchased clearXchange, there were many debates about what the UI would look like.

“Some of the big banks thought they had the best UI and we should all just adopt theirs,” Reuter said.

Zelle brought in an independent company that worked on the user interface and today it looks the same at every bank, but with different colors and branding.

“The benefit of that is I can tell someone I want to Zelle money to how to enroll with their bank, what that looks like, what it looks like to use the app,” Reuter said.

There can be challenges in the enrollment process. Customers use an email address or cell number as their token, and they can only use one of those with one bank.

“If you have three banks, you probably don’t have three different cellphone numbers unless you're really a mover and shaker,” Reuter said. Customers have to choose which bit of contact information to use at each bank.

When friends try to send money, they might not know which cell number or email address to use. The bank may have to ask the person to register the additional information.

“That's a little clunky,” Reuter said. “Everyone thought if we went to cellphone and email address that would solve everything. It just creates different problems.”

If you send money to someone and they’re not registered, in 14 days it comes back to your account.

It can also be hard to get a person who is not with a Zelle member bank to download the app, Reuter said. “It's no different than Venmo, but it's something that can take some time.”

Editor at Large Penny Crosman welcomes feedback at penny.crosman@sourcemedia.com.

For reprint and licensing requests for this article, click here.
P-to-P payments Bank technology Zelle Venmo
MORE FROM AMERICAN BANKER