New York Sues Zelle’s Operator After CFPB Drops Similar Case in March

Key Takeaways

• State Action After Federal Retreat: New York Attorney General Letitia James filed suit against Early Warning Services (EWS) in August 2025, just five months after the CFPB dropped a similar case in March following a change in federal leadership.
• Alleged $1B in Fraud Losses: The complaint alleges Zelle’s design flaws enabled scammers to steal over $1 billion from users between 2017 and 2023, with millions lost by New Yorkers.
• Delayed Safeguards: EWS identified basic anti-fraud measures in 2019 but allegedly waited four years to implement them, during which time fraud proliferated.
• Marketing vs. Reality: While promoting Zelle as “safe” and “secure,” EWS allegedly failed to enforce even minimal anti-fraud rules on partner banks, allowing scams to continue unchecked.
• Immediate Impact of Reforms: Once implemented in 2023, the safeguards reduced fraud losses by hundreds of millions of dollars despite increased transaction volumes.

Deep Dive

Zelle promised speed, convenience, and the comforting seal of “backed by the banks.” For many users, it delivered something else entirely, a direct pipeline for scammers to siphon away hard-earned money, with little hope of getting it back.

On August 13, 2025, New York Attorney General Letitia James filed suit against Early Warning Services, LLC (EWS), the Scottsdale-based operator of Zelle, accusing the company (owned and controlled by seven of the country’s largest banks, including JPMorgan Chase, Bank of America, Capital One, and Wells Fargo) of knowingly running a payment platform that left users exposed to more than $1 billion in fraud between 2017 and 2023.

The complaint paints a picture of a company that knew, from day one, its design choices made Zelle a scammer’s playground. In its rush to keep pace with Venmo, PayPal, and Cash App, EWS stripped away friction that could have deterred bad actors: sign-ups required little more than an email address or mobile number, verification was minimal, and funds could be sent and withdrawn in near real time, no do-overs. Fraudsters could even create accounts with misleading addresses resembling those of banks, government agencies, or well-known businesses.

By 2019, EWS had drafted a set of “basic network safeguards”, modest but meaningful rules to block or remove bad actors quickly, yet it didn’t fully adopt them until four years later. In the meantime, the company allegedly failed to enforce even its limited anti-fraud rules, allowing partner banks to delay reporting scams, leaving fraudsters free to target more victims.

For New Yorkers, the impact was deeply personal. One consumer got a call from someone posing as a Con Edison employee threatening to shut off the lights unless a payment was made via Zelle. The target wired $1,476.89 to an account labeled “Coned Billing,” only to be told by their bank that nothing could be done once the money was gone. Another victim thought they were paying for a puppy; others were tricked into “sending money to themselves” to reverse fictitious charges, only for the funds to land in a scammer’s account.

Meanwhile, EWS poured millions into marketing campaigns that assured consumers their transfers were safe and secure, leveraging Zelle’s direct integration into mobile banking apps to reinforce trust. The Attorney General says the reality was starkly different, and EWS was “doing little to stop” widespread fraud even as losses mounted into the hundreds of millions annually.

Adding a twist to the legal drama, the Consumer Financial Protection Bureau had already filed its own lawsuit in December 2024 accusing EWS and several owner banks of similar failures. But that case was abruptly dropped in March 2025, just weeks after a leadership change at the agency under the new federal administration. James’s lawsuit, filed five months later, makes clear that even if the federal government has stepped back, New York intends to press the case forward.

By 2023, under mounting pressure from Congress, regulators, and media scrutiny, EWS finally rolled out its long-delayed safeguards. The results were immediate: fraud losses dropped by hundreds of millions of dollars, even as total transaction volumes surged. To James, the takeaway is that the company could have spared users years of financial harm but chose not to.

“No one should be left to fend for themselves after falling victim to a scam,” James said in announcing the case. She’s urging any New Yorker who lost money through Zelle to contact the Attorney General’s Consumer Frauds Bureau.

The allegations demonstrate an uncomfortable truth that in the high-speed world of instant payments, security missteps aren’t just technical flaws, they’re governance failures that can snowball into years of litigation, reputational damage, and regulatory heat.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.