When the phone rang, the caller ID showed her bank’s name. The voice on the line said he was from the fraud department, that someone had just tried to drain her checking account, and that she needed to move her money to a “safe” account immediately through Zelle. She did. Two thousand dollars vanished in seconds. Her bank told her the transfer was authorized and declined to refund a cent.
Variations of that story played out hundreds of thousands of times across the country last year. Americans reported losing $12.5 billion to fraud in 2024, according to the Federal Trade Commission, up 25 percent from $10 billion the year before. Imposter scams, in which criminals pose as bank employees, government agents, or tech-support staff, drove much of the surge. And because many victims never file a complaint, the real number is almost certainly higher.
The payment systems at the center of many of these losses, Zelle and bank wire transfers, were designed to move money instantly. They do that job well. What they do not do well is get money back once a scammer has it. And the banks that built and profit from these systems have returned only a fraction of what their customers lost, creating a widening gap between what consumers expect and what financial institutions are willing to cover.
How little banks are paying back
A staff report released in July 2024 by the Senate Permanent Subcommittee on Investigations examined Zelle fraud disputes at the three largest banks on the network: Bank of America, JPMorgan Chase, and Wells Fargo. The findings were damning. Across the disputes reviewed, banks reimbursed just 38 percent of the dollars customers contested in 2023. Claims involving social-engineering scams, where a consumer was tricked into authorizing a payment, fared even worse than cases of outright unauthorized access. In many of those disputes, banks told customers that because they had technically pressed “send” or provided a one-time passcode, the loss was theirs.
Wire-transfer fraud follows a similar pattern but with higher individual stakes. The FBI’s Internet Crime Complaint Center has consistently ranked business email compromise and wire fraud among the costliest categories of cybercrime, with median individual losses far exceeding those on peer-to-peer platforms. Once a wire clears, which can happen within hours, the sending bank’s ability to claw back funds depends on whether the receiving institution freezes the money in time. After the first 24 hours, recovery rates drop sharply.
The Consumer Financial Protection Bureau escalated the fight in December 2024, filing an enforcement action against Early Warning Services, the bank-owned company that operates Zelle, along with Bank of America, JPMorgan Chase, and Wells Fargo. The bureau alleged that these institutions violated the Electronic Fund Transfer Act and its implementing rule, Regulation E, by routinely denying claims, conducting inadequate investigations, and revoking provisional credits even when consumers reported suspicious activity promptly.
That case now faces its own uncertainty. Under the Trump administration, CFPB leadership has moved to scale back the agency’s enforcement agenda, pausing or reconsidering multiple pending actions across its docket. As of June 2026, no final ruling or settlement in the Zelle case has established a binding nationwide standard for how banks must handle social-engineering scams on instant-payment platforms.
Why the law has not kept up
The Electronic Fund Transfer Act was written in 1978, when electronic payments meant debit cards and payroll direct deposits, not peer-to-peer transfers that settle in seconds. Under the statute and Regulation E, banks must investigate reported unauthorized transfers and cap consumer liability if the customer notifies the institution within specific time frames. But the law draws a hard line: if a consumer authorized the payment, even under duress or deception, the full suite of protections may not apply.
That distinction is where most disputes fall apart. Consumer advocates argue that when a criminal gains control of a transaction through phishing, spoofed caller IDs, or account takeovers, the resulting transfers should be classified as unauthorized, triggering Regulation E’s error-resolution requirements. The CFPB issued guidance in June 2023 suggesting that certain fraud-induced transactions could qualify as unauthorized under existing rules. Many banks have pushed back. Their position: if the customer initiated the transfer, the bank fulfilled its obligation by processing the instruction.
The result is a system where two people hit by nearly identical scams can receive wildly different outcomes depending on which bank they use. One institution may refund the full amount; another may deny the claim outright. Consumers rarely learn the internal criteria that determined their fate, and no standardized, publicly reported reimbursement data exists that would let regulators or the public track whether refund rates are improving.
How the U.K. moved first
The United States is not the only country grappling with instant-payment fraud, but it is notably behind on mandatory reimbursement. In October 2024, the United Kingdom’s Payment Systems Regulator put new rules into effect requiring banks and payment firms to reimburse victims of authorized push-payment fraud up to £85,000 within five business days, with costs split between the sending and receiving institutions. The policy was designed to shift the financial incentive: if banks bear the cost of fraud, they have a stronger reason to invest in prevention.
Early data from the U.K. suggests the mandate has accelerated investment in fraud-detection tools and real-time transaction warnings, though critics argue the £85,000 cap, reduced from an initially proposed £415,000, still leaves high-value victims exposed. No equivalent federal mandate exists in the United States, and the bills introduced in Congress so far have not advanced to a floor vote.
The data gaps that obscure the problem
Several blind spots make it difficult to measure the full scope of instant-payment fraud. The FTC’s $12.5 billion figure covers all reported fraud across every payment method, but neither the commission nor Early Warning Services has published a 2024 breakdown showing how much of that total moved through Zelle, bank wires, or other real-time channels versus credit cards or checks. Without that split, it is impossible to know whether the rapid growth of instant payments is directly amplifying losses or shifting them from one rail to another.
Bank-level reimbursement rates after the 2023 Senate findings are equally opaque. All three banks named in the subcommittee’s report have said they are investing in fraud-detection technology, real-time transaction warnings, and consumer education, but none has released standardized refund statistics that would allow outside verification. Early Warning Services has stated in congressional testimony that fraud on the Zelle network represents less than one-tenth of one percent of transactions, but that figure measures incidence, not dollar losses, and says nothing about how often victims are made whole.
Other popular payment apps, including Venmo, Cash App, and PayPal, operate under similar federal rules but are regulated as money transmitters rather than banks, adding another layer of complexity. Consumers using those platforms may have even fewer avenues for recovery, though detailed comparative data remains scarce.
What scam victims can do right now
While the legal and regulatory picture remains unsettled, consumers who lose money to a Zelle or wire-transfer scam should move fast. Filing a dispute with the bank within two business days of discovering the fraud maximizes protections under Regulation E for unauthorized transfers. Victims should also file a complaint with the FTC at ReportFraud.ftc.gov and with the CFPB’s consumer complaint database, which regulators actively monitor. Documenting every detail, including screenshots of messages, call logs, and any case numbers the bank provides, strengthens a dispute and creates a paper trail if the claim needs to be escalated.
For wire transfers specifically, contacting the bank immediately and requesting a recall can sometimes recover funds before they are withdrawn on the receiving end. State attorneys general offices also accept fraud complaints and have, in some cases, pressured banks to revisit denied claims.
A few practical steps can also reduce exposure before a scam ever starts:
- Verify independently. If someone claiming to be from your bank calls or texts about suspicious activity, hang up and call the number on the back of your debit card. Legitimate fraud departments expect this.
- Treat Zelle like cash. Only send money to people you know and trust. Once a Zelle payment is sent, it typically cannot be reversed.
- Be skeptical of urgency. Scammers create panic on purpose. Any caller who insists you must act immediately to protect your money is almost certainly trying to steal it.
Who pays when speed becomes the weapon
The CFPB enforcement case against Zelle’s operator and the three major banks remains the most significant pending action on this issue, and its resolution, whether through a court ruling, a settlement, or a quiet withdrawal, will signal how aggressively federal regulators intend to hold financial institutions accountable for losses their platforms facilitate. Congress has shown bipartisan interest in tightening the rules, but no comprehensive legislation has reached a vote as of June 2026.
Until something changes, the burden falls almost entirely on consumers. Banks built instant-payment systems to move money in seconds. Criminals figured out how to exploit that speed. And the people caught in between, the retired teachers and small-business owners and everyone else who trusted a voice on the phone, are the ones left holding the loss. The question that regulators, courts, and lawmakers still have not answered is whether the institutions that profit from these systems should also share the cost when those systems are weaponized against their own customers.
