This week, New York Attorney General Letitia James announced a lawsuit against Early Warning Services LLC (EWS), the parent company of digital payment network Zelle. AG James asserts that Zelle was designed "without critical safety features," allegedly allowing over $1 billion in scam payments to be transferred over the Zelle network.
The office alleges that EWS "hastily" launched Zelle in 2017 to compete with apps like Venmo. In attracting consumers to its product, EWS allegedly advertised that consumers "can send money safely" with Zelle, and that because Zelle was "backed by banks, you know its secure." The lawsuit states that these claims were deceptive, because in reality, EWS made design decisions that made it easy for fraudsters to commit account takeover fraud and to facilitate unlawful transfers. For example, EWS allowed multiple registration tokens to be linked to the same bank account and a single token to be registered at multiple banks. Due to funds being immediately available to recipients, New York alleges that by the time a victim realized a scam occurred, the money was already lost to fraudsters. The AG's office explained that although Zelle implemented "basic" safeguards in 2019, it later abandoned them. New York alleges that in 2023, after federal investigations into Zelle began, Zelle re-introduced certain safety measures — and fraud was significantly reduced as a result. (Much of the lawsuit is redacted, however, so the specifics are currently unclear.)
The office is bringing the action under its Executive Law pertaining to repeated fraudulent conduct – presumably due to the law's slightly longer six year statute of limitations. Allegations relating to this cause of action include that EWS "created an atmosphere conducive to fraud" through the creation of the Zelle app and that it "promot[ed] and "market[ed]" safety and security when "Zelle was and is not safe or secure from fraudsters, EWS did not require reimbursement for induced fraud, and EWS failed to implement basic, known, effective measures to prevent or remedy fraud."
The lawsuit and AG James' press release detail that the CFPB abandoned a similar lawsuit against Zelle in a March 2025 dismissal with prejudice. This is therefore one of the most direct examples of Democratic AGs taking up the mantle for the CFPB as they have promised to do.
This also isn't the first time that state AGs have tackled cases related to payment methods for allegedly facilitating fraudulent activity. For example, in 2016, Texas settled with PayPal regarding its Venmo app misrepresenting security and privacy settings. In 2017, a multistate group of state AGs with the FTC settled with Western Union requiring additional anti-fraud procedures. With the new priorities of the federal administration, and the rollback of the CFPB, we expect AGs to remain active in this space.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
