The New York attorney general’s lawsuit against Zelle’s parent company, Early Warning Services, highlights a period in July 2019 when the bank-owned payments network allegedly developed several “critical” security measures and rule changes to combat fraud on its platform.

But EWS didn’t deploy them until four years later, according to Attorney General Letitia James’ lawsuit filed Wednesday in state court. 

However, when Early Warning implemented the measures in 2023, “the result was both immediate and immense: Despite overall transfers over the Zelle network growing by billions of dollars that year, consumer losses to reported fraudulent activity dropped by hundreds of millions of dollars,” according to the lawsuit. 

During the prior years, “consumers constantly fell victim to fraudsters operating over the Zelle network, losing hundreds of millions of dollars to preventable fraud,” as EWS and the banks that own it earned “hundreds of millions of dollars from Zelle’s continued growth,” the lawsuit said.

Phil Selden, a Washington, D.C., defense attorney with Cole Schotz specializing in government enforcement investigations and litigation, said growth and frictionless transactions may sometimes outweigh other considerations for some companies. 

“Speed is great if you’re a track star or you’re operating a race car, but sometimes speed without training for those who are catching fraud, waste and abuse can be problematic,” said Selden, a former acting U.S. attorney in Maryland.

The lawsuit follows on federal regulators previously suing EWS over consumer fraud perpetrated on Zelle, mirroring several allegations of the earlier Consumer Financial Protection Bureau federal lawsuit lodged in December 2024 in Arizona. 

The agency withdrew its complaint against EWS and three of its large bank owners in March as the Trump administration began to dramatically reduce the CFPB’s mission and staffing. 

“No one should be left to fend for themselves after falling victim to a scam,” James said in a press release Wednesday. “I look forward to getting justice for the New Yorkers who suffered because of Zelle’s security failures.”

Early Warning disputes the complaint’s depiction of the 2019-2023 period and the alleged “security enhancements” and rule changes the lawsuit says Zelle adopted in 2023. 

The company adopts evolving measures regularly to combat the dynamic nature of fraud and scam tactics, an EWS spokesperson said via email. Zelle incorporated dozens of separate updates over the four years the lawsuit highlights and the company did not abruptly introduce major security changes in 2023, the spokesperson said.

In a statement Wednesday, Early Warning called James’ lawsuit “a political stunt to generate press.”

Early Warning, based in Scottsdale, Arizona, is owned by seven large banks, including Bank of America, Capital One Financial and PNC Financial Services. Besides Zelle, EWS also operates the Paze digital wallet.

States step forward

With respect to payments industry issues, James’ office has also filed complaints this year against cash advance companies DailyPay and MoneyLion Technologies over their earned wage access loans.

The Zelle lawsuit demonstrates how state attorneys general from several large states are attempting to carry on consumer-protection work in the absence of a functional federal regulator, said John Breyault, a vice president at the National Consumers League.

“We have seen an administration that has decided to step back and away from consumer financial protection in any meaningful way,” he said Friday. “And states are having to step up or otherwise consumers would be left out in the cold.”

Early Warning “hurried Zelle to market in an effort to fend off increasing competition from Venmo, Paypal, and newer entrants like Cash App,” according to the complaint. EWS “designed Zelle to be as simple, easy, and frictionless as possible, with only an email address or mobile number, and a bank account or debit card,” the lawsuit said.

James’ lawsuit called Zelle’s security 2023 measures “too little too late.”

“EWS did nothing to remedy the vast losses that consumers already suffered due to its failure to adopt the basic network safeguards in July 2019, and even with those safeguards in place Zelle continues to facilitate substantial fraudulent activity,” the lawsuit said.

James’ office declined to discuss the complaint, parts of which are redacted because it contains non-public information about Zelle and EWS, a spokesperson for the New York AG said Wednesday via email. It’s unclear why New York regulators believe EWS waited to impose its 2019 security measures until 2023.

Frauds vs scams

On its website, Zelle details the distinction between a payment fraud and scam, noting that fraud is typically an unauthorized activity in which someone accessed the account without the account holder knowing. A scam, meanwhile, involves a fraudster tricking a person into authorizing a payment for something that appeared legitimate.

A scam, generally, doesn’t allow a duped person to recover the absconded funds. “Because you authorized the payment, you may not be able to get your money back,” Zelle says on the site.

The efficiency of digital payments carries “a push-pull effect” in which the velocity of a funds transfer correlates to its security, said Scott Talbott, an executive vice president for the Electronic Transactions Association, which represents payments companies, including EWS.

“With faster payments comes a heightened focus on addressing fraud,” he said. “We could all but eliminate fraud, but payments would take three days.”

To address such scams, several Democrats introduced a bill last year that would amend the Electronic Fund Transfer Act to treat “fraudulently induced” funds transfers the same under the law as those that are unauthorized. 

The bill, Protecting Consumers From Payment Scams Act, was introduced by U.S. Sens. Elizabeth Warren of Massachusetts and Richard Blumenthal of Connecticut, and in the House by Rep. Maxine Waters from California. It had no Republican co-sponsors and did not progress. The bill has not been introduced in the current Congress.

In June, two senators introduced a separate, bipartisan bill that would form a federal task force to study payment scams. The ETA, which represents payments players such as Adyen, Block and Mastercard, has endorsed that bill. On Aug. 5, Rep. Jim Himes, a Connecticut Democrat, and Rep. Zach Nunn, a Republican from Iowa, introduced the bill in the House.

“Investigations like what’s going on in New York just underscore the need for Congress to step in here and, number one, ensure that the CFPB is actually operating as Congress intended it to and two, to take action to strengthen consumer protections,” Breyault said.

B. Todd Jones, a former U.S. attorney and civil litigator with Robins Kaplan in Minneapolis, predicted in a September 2024 interview that states would move to cover any regulatory gaps if President Donald Trump reduced federal oversight during a second term.

“Have no doubt that attorneys general will fill that void, if the federal government backs off in a Republican administration,” Jones said at that time.