Banks Aren’t Doing Enough to Protect Customers From Scams

Venessa Dikousman thought she’d adequately checked to make sure the man calling her cell phone in November 2023 wasn’t a scammer. The man said he was a Wells Fargo representative, knew her name, and was calling from a number her phone identified as belonging to the company. Her sister even dialed the number while she was on the phone, to confirm it was Wells Fargo’s customer service line. 

The man on the phone was calling, he said, because Dikousman’s account had been compromised, and she needed to send $3,500 through the payment app Zelle to remedy the breach. She sent the man $1,000 before she realized she was being scammed.

“Just imagine what they’re getting from even more vulnerable people,” says Dikousman, 33, a registered nurse who lives in Ceres, Calif. 

Dikousman immediately called Wells Fargo to file a report. But the bank initially refused to refund the $1,000 taken out of her account. Under federal regulations, financial institutions only have to compensate customers for “unauthorized” transactions, meaning money transfers that the consumers did not personally approve. If customers approve the transfer, banks do not have to reimburse them, even if the customer was tricked into making it. It wasn’t until TIME contacted Wells Fargo, four months after the scam occurred, that the bank refunded Dikousman the $1,000.

But as scams get more sophisticated, it might be time to change the status quo. The line between authorized and unauthorized transactions is getting blurrier, and many experts and elected officials say it’s time for banks to take more responsibility to prevent scams.  

“I absolutely think the responsibility should be with the banks,” says Steve Weisman, who teaches white-collar crime at Bentley University and runs the website Scamicide.com. “There are plenty of red flags for false transactions, but banks say, ‘It’s not my problem.’”

Read More: Why We're Spending So Much Money

Wells Fargo said in a statement to TIME that it has “taken significant action to combat scammers,” including education efforts and enhancing safeguards to protect customers. Zelle, which is run by Early Warning Services, a financial technology company owned by seven banks, including Wells Fargo, said in a statement that it has driven down fraud and scam rates through its prevention and mitigation efforts. Less than one tenth of one percent of transactions are reported as fraud or scams, Early Warning Services says. As of June 30, 2023, bank and credit card participants are required to reimburse consumers for certain imposter scams, the company said.

Financial scams have proliferated since the beginning of the pandemic, when people were forced online and became more comfortable sending money digitally through banking services like Venmo and Zelle. Scammers followed them there, using advanced technology, including artificial intelligence, to reach as many people as possible.

Customers lost nearly $8.8 billion to scams in 2022, according to the Federal Trade Commission, a 30% increase from the previous year. “Scams have always been around, but we’ve seen a monumental increase,” says Ian Mitchell, founder of The Knoble, an alliance of bankers, law enforcement officials, and regulators trying to fight crime. “It’s not the same as even four years ago.”

Back then, it might have been relatively easy to spot a scam. You’d receive an email or text message telling you to send money to a strange email address or phone number. Often the instructions would be misspelled or have grammatical errors. Now, with the help of AI, scammers are getting much better at writing convincing messages.

Read More: What to Do If You’ve Been Scammed

Among the most common types of scam is the one Dikousman fell victim to—the imposter scam, in which the culprit pretends to be someone they’re not in order to extract money from victims. These scammers can “spoof” phone numbers, as the perpetrator did in Dikousman’s case, and make it seem like they’re calling from your bank or are someone you know. (Dikousman never found out who had scammed her, or where her money went.) 

The sheer audacity of some scammers is astounding. In one case, a victim found a potential apartment to rent on apartments.com, toured an actual apartment, signed what he thought was an actual lease, and sent $2,000 through Zelle to the “landlord,” only to find out the whole thing was a scam, according to a lawsuit filed against his bank, Capital One.

Some scammers have access to reams of targets’ personal information because of the frequency of data breaches in recent years. There were 3,205 publicly reported data breaches impacting around 353 million people in 2023, according to the Identity Theft Resource Center. That’s a 72% increase over the past high, in 2021.

Armed with information like your address, where you were born, or even the last four digits of your Social Security number, scammers are fooling even the savviest targets. “It’s a myth to think you are somehow the only person who knows your Social Security number,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center, which is calling on more businesses to change authentication processes so that stolen personal information is less valuable. 

Ryan Feldman says that a scammer’s knowledge of his personal information was what made him a victim. A man purporting to be from Wells Fargo called Feldman in December 2023 and claimed that someone had used his credit card to make a purchase at a store in Florida. It sounded plausible to Feldman, who had just returned from a trip to the state. The caller was able to recite Feldman’s address and the last four digits of his Wells Fargo card number, which convinced Feldman the man was an employee of the bank. The caller was asking for Feldman to share a pin number that had been sent to his phone—probably, Feldman thinks now, for the purpose of logging into Feldman’s Wells Fargo account. Feldman shared that pin, and then another, and then panicked when he couldn’t log onto his account while he was waiting on the phone. The scammers charged $25 to his account before Feldman was able to get through to the real Wells Fargo, which froze his accounts. 

“It just feels like everyone is susceptible to this type of thing,” says Feldman, 38, the owner of Hustler Casino Live, a livestream poker show.

Read More: Why Gen Z Is Surprisingly Susceptible to Financial Scams

Some scammers are even getting adept at using people’s voices, ripped from their social media accounts or voicemail boxes, to make loved ones think they’re in trouble. Gary Schildhorn, a Philadelphia attorney, says he received a call in February 2020 that appeared to be from his son Brett. His son was crying, and said he had been in a car accident and was in jail. He told his father to call a certain public defender, which Schildhorn did. The lawyer then gave Schildhorn what he said was the phone number for the local courthouse. Someone answered, confirmed to Schildhorn that his son was being held, and advised him to have the public defender post a lawyer’s bond of $9,000 with the court. 

Before Schildhorn sent any money, he was able to confirm that his son was safe, and that the scammers had set up a detailed plan to trick him into sending them money. It easily could have worked, he says. “There was no doubt that it was his voice on the phone—it was the exact cadence with which he speaks,” Schildhorn says. 

Still, until now, most banks have been able to avoid liability in part because of a 1978 law called the Electronic Funds Transfer Act. A part of that law, called Regulation E, holds that banks are not liable for transactions that were authorized by the customer.

Read More: How to Reset Your Spending Mindset

There are calls for the Consumer Financial Protection Bureau to clarify the scope of Regulation E. In October 2022, Sen. Elizabeth Warren sent a letter to the CFPB urging it to hold banks more accountable for fraud, even if transactions were authorized. Warren’s office completed a report on peer-to-peer platforms like Zelle, which found that banks weren’t repaying the majority of customers, even as fraudulent activity grew. “Zelle is increasingly becoming a tool of bad actors who use the platform to defraud consumers, while the big banks that own Zelle do little to stop them or provide recourse to their consumers,” the letter said.

It’s not unprecedented for regulators to change what kind of protections they expect from banks. In the wake of the Great Recession, small businesses were losing money to fraudulent wire and ACH transactions because employees of those businesses were tricked into sending money to scammers, says Tracy Kitten, director of fraud and security at Javelin Strategy & Research. At first, these small businesses lost lawsuits trying to hold the banks accountable for these transactions, Kitten says. But then they tried another tactic: arguing that banks are required to have “reasonable” security measures in place to protect customers, and that the existing measures were deficient. 

As public opinion changed, courts eventually started to side with small businesses, forcing the banks to adopt more stringent protocols. “Until they were losing lawsuits and had to pay out, there was no reason for [the banks] to try and do anything to shore up the security gaps,” Kitten says. “And I think we see the same thing in peer-to-peer transactions.” 

Indeed, Zelle and banks like Wells Fargo, Citibank, and Capital One are facing a stream of lawsuits from customers who say the banks should be doing more to protect customers from fraud. At the very least, the lawsuits argue, banks should not be advertising Zelle and other peer-to-peer services as safe. On Jan. 30, New York Attorney General Letitia James sued Citibank, alleging that it has not deployed sufficient security measures to protect consumers’ financial accounts. Even if the customers lose the lawsuits, their stories could prompt more public pressure on the banks to take more action to protect customers. 

Of course, it’s difficult for banks to flag and stop transactions that the consumer has authorized, especially since consumers whose legitimate transactions are blocked may become frustrated enough to bank elsewhere. But the necessary technology exists, and so far, most banks aren’t deploying it, Kitten says. There are security features that can flag transactions being made at times that people don’t usually send money or unusual amounts of money being sent. There’s also technology that can detect some common behaviors of people getting scammed, like when people log into their bank accounts and call the bank’s customer service line at the same time. 

Some of this technology is expensive and cumbersome for banks to adopt, says Kitten. The biggest banks are often siloed into different departments, like online banking and call centers, and merging those for fraud protection would be difficult. “Until the fraud losses get high enough to justify the expense of updating the infrastructure, they’re not going to get the budget to make these adjustments,” she says. It doesn’t help that banks are financially struggling right now because of higher interest rates. 

But ultimately banks may need to make these upgrades to keep their customers. Venessa Dikousman has been a Wells Fargo customer since 2008, but says she is disgusted with the company, as well as with Zelle. The lesson she learned, she says, is not to trust anyone—including your bank.

“I told everyone I know, ‘If you ever get a call from your bank,’” she says, “don’t take the call.”