WEBVTT NOTE This file was generated by Descript 00:00:00.450 --> 00:00:02.070 Samantha: Welcome back to our podcast! 00:00:02.360 --> 00:00:04.190 I'm your host, Samantha Shares. 00:00:04.690 --> 00:00:08.840 Today, we’re diving into the Consumer Financial Protection Bureau’s (CFPB) 00:00:08.840 --> 00:00:14.200 monumental $870 million complaint against Zelle and several major banks concerning 00:00:14.200 --> 00:00:16.590 peer-to-peer (P2P) payment fraud. 00:00:17.380 --> 00:00:21.390 Before we start, a quick note: this podcast is educational and 00:00:21.390 --> 00:00:23.210 not intended as legal advice. 00:00:23.770 --> 00:00:28.190 A special thank you to our sponsor, Credit Union Exam Solutions Incorporated, 00:00:28.470 --> 00:00:32.750 with over 200 years of National Credit Union Administration expertise. 00:00:33.240 --> 00:00:36.360 They help clients save time and money during examinations. 00:00:36.900 --> 00:00:40.260 Visit MarkTreichel.com for more details or listen to their 00:00:40.320 --> 00:00:42.220 podcast, With Flying Colors. 00:00:42.910 --> 00:00:47.040 Now, let’s explore the implications of this groundbreaking regulatory action. 00:00:47.730 --> 00:00:49.000 The Scope of the Complaint 00:00:49.704 --> 00:00:54.464 The CFPB alleges fraud losses totaling 870 million dollars across 00:00:54.464 --> 00:00:56.194 three major banks using Zelle. 00:00:56.694 --> 00:01:00.454 Beyond the staggering numbers, this case represents a seismic shift in 00:01:00.454 --> 00:01:04.824 regulatory perspectives on payment systems' security and consumer protection. 00:01:05.615 --> 00:01:07.315 Understanding the Fraud Patterns 00:01:07.990 --> 00:01:11.540 Let’s break down the common fraud patterns observed in these cases. 00:01:12.269 --> 00:01:12.719 1. 00:01:13.349 --> 00:01:14.629 Token Takeover Scheme: 00:01:15.390 --> 00:01:18.250 o A fraudster calls, impersonating bank security. 00:01:19.003 --> 00:01:22.033 o Claims there’s suspicious activity on the victim’s account. 00:01:22.877 --> 00:01:26.017 o Asks for a one-time passcode for “verification.” 00:01:26.766 --> 00:01:30.626 o Gains control of the Zelle token and initiates rapid transfers. 00:01:31.294 --> 00:01:33.974 These scams happen in under 15 minutes—money is 00:01:33.974 --> 00:01:35.264 gone before you can blink. 00:01:36.010 --> 00:01:36.420 2. 00:01:36.950 --> 00:01:37.970 Romance Scams: 00:01:38.716 --> 00:01:40.676 o Operates over weeks or months. 00:01:41.385 --> 00:01:45.175 o Fraudster builds trust through dating platforms, spins elaborate 00:01:45.175 --> 00:01:46.805 stories, and requests money. 00:01:47.552 --> 00:01:50.362 o Starts small, then escalates to larger amounts. 00:01:51.081 --> 00:01:55.851 o Particularly targets older adults, with some losing over 50,000 dollars. 00:01:56.574 --> 00:01:57.954 Real-Life Case Studies 00:01:58.674 --> 00:02:00.904 • Case Study 1: Margaret’s Story 00:02:01.636 --> 00:02:06.216 Margaret, a 72-year-old widow, lost 25,000 dollars to a fraudster 00:02:06.216 --> 00:02:08.236 posing as an investment advisor. 00:02:08.826 --> 00:02:12.946 Multiple warning signs were missed during the transfer process, highlighting the 00:02:12.946 --> 00:02:15.226 need for better fraud detection measures. 00:02:15.961 --> 00:02:18.921 • Case Study 2: Small Business Compromise 00:02:19.696 --> 00:02:23.186 A local construction company lost 47,000 dollars in a 00:02:23.186 --> 00:02:25.166 business email compromise scam. 00:02:25.736 --> 00:02:29.306 Fraudsters manipulated invoices and used Zelle to siphon funds. 00:02:29.836 --> 00:02:34.036 This underscores the importance of educating business clients on fraud risks. 00:02:34.716 --> 00:02:35.976 Prevention Strategies 00:02:36.685 --> 00:02:40.345 Fraud prevention requires a robust, multi-layered approach. 00:02:40.865 --> 00:02:42.375 Here’s a framework to consider: 00:02:43.130 --> 00:02:43.580 1. 00:02:44.230 --> 00:02:45.570 Transaction Monitoring: 00:02:46.321 --> 00:02:50.341 o Use velocity checks, pattern recognition, IP/device tracking, 00:02:50.431 --> 00:02:51.851 and behavioral analytics. 00:02:52.533 --> 00:02:52.893 2. 00:02:53.453 --> 00:02:54.583 Member Education: 00:02:55.284 --> 00:02:59.514 o Conduct awareness campaigns, use transaction verification prompts, 00:02:59.624 --> 00:03:01.274 and communicate risks clearly. 00:03:02.011 --> 00:03:05.441 o Target vulnerable groups with tailored outreach programs and 00:03:05.441 --> 00:03:07.331 ensure staff training is thorough. 00:03:08.030 --> 00:03:09.410 Regulatory Insights 00:03:10.038 --> 00:03:13.288 The Zelle case signals changes in the regulatory landscape 00:03:13.288 --> 00:03:14.918 for financial institutions. 00:03:15.636 --> 00:03:16.036 1. 00:03:16.696 --> 00:03:18.086 Enhanced Examinations: 00:03:18.761 --> 00:03:21.491 o Scrutiny of P2P systems will increase. 00:03:22.219 --> 00:03:27.039 o Institutions must improve documentation, conduct comprehensive risk assessments, 00:03:27.239 --> 00:03:28.699 and enhance board reporting. 00:03:29.419 --> 00:03:29.829 2. 00:03:30.369 --> 00:03:31.469 Future Frameworks: 00:03:32.191 --> 00:03:35.531 o Expect stricter Anti-Money Laundering (AML) requirements, 00:03:35.701 --> 00:03:40.081 potential new rules for P2P payments, and documentation standards. 00:03:40.805 --> 00:03:42.625 Frequently Asked Questions (FAQs) 00:03:43.351 --> 00:03:43.741 1. 00:03:44.401 --> 00:03:47.111 Does this impact credit unions not offering Zelle? 00:03:47.743 --> 00:03:52.083 Yes, as the scrutiny on all P2P services is likely to increase. 00:03:52.768 --> 00:03:53.188 2. 00:03:53.778 --> 00:03:55.708 What documentation should we maintain? 00:03:56.343 --> 00:03:58.183 o Fraud investigation records. 00:03:58.877 --> 00:04:00.247 o Member communications. 00:04:00.929 --> 00:04:02.419 o Staff training logs. 00:04:03.120 --> 00:04:03.530 3. 00:04:04.130 --> 00:04:06.470 How can we balance convenience with security? 00:04:07.147 --> 00:04:10.967 o Implement risk-based approaches, member segmentation, and use 00:04:10.967 --> 00:04:12.807 advanced technology solutions. 00:04:13.492 --> 00:04:15.312 Action Plan for Credit Unions 00:04:16.053 --> 00:04:17.683 Here’s what you can do starting Monday: 00:04:18.491 --> 00:04:19.591 • Immediate Actions: 00:04:20.302 --> 00:04:20.702 1. 00:04:21.272 --> 00:04:23.562 Review your P2P risk assessment. 00:04:24.379 --> 00:04:24.789 2. 00:04:25.329 --> 00:04:26.749 Audit fraud procedures. 00:04:27.423 --> 00:04:27.873 3. 00:04:28.513 --> 00:04:30.763 Evaluate member education materials. 00:04:31.483 --> 00:04:32.423 • 30-Day Plan: 00:04:33.181 --> 00:04:33.631 1. 00:04:34.281 --> 00:04:36.221 Update board reporting protocols. 00:04:36.964 --> 00:04:37.354 2. 00:04:38.004 --> 00:04:40.294 Enhance transaction monitoring systems. 00:04:41.056 --> 00:04:41.486 3. 00:04:41.956 --> 00:04:44.046 Revise authentication processes. 00:04:44.778 --> 00:04:45.728 Closing Thoughts 00:04:46.535 --> 00:04:49.735 The CFPB’s Zelle complaint is only the tip of the iceberg. 00:04:50.255 --> 00:04:53.965 As regulations evolve, credit unions and financial institutions 00:04:53.965 --> 00:04:57.875 must proactively adapt to ensure compliance and protect their members. 00:04:58.565 --> 00:05:02.275 If you’re facing challenges with NCUA exams, connect with Mark Treichel 00:05:02.275 --> 00:05:05.025 on LinkedIn or at MarkTreichel.com. 00:05:05.025 --> 00:05:07.985 Thank you for joining us today—stay safe and informed.