[Senate Hearing 118-592]
[From the U.S. Government Publishing Office]
S. Hrg. 118-592
EXAMINING SCAMS AND FRAUD IN THE BANKING
SYSTEM AND THEIR IMPACT ON CONSUMERS
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON
BANKING,HOUSING,AND URBAN AFFAIRS
UNITED STATES SENATE
ONE HUNDRED EIGHTEENTH CONGRESS
SECOND SESSION
ON
EXAMINING SCAMS AND FRAUD IN THE BANKING SYSTEM AND THEIR IMPACT ON
CONSUMERS
__________
FEBRUARY 1, 2024
__________
Printed for the use of the Committee on Banking, Housing, and Urban
Affairs
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available at: https: //www.govinfo.gov /
__________
U.S. GOVERNMENT PUBLISHING OFFICE
59-592 PDF WASHINGTON : 2026
-----------------------------------------------------------------------------------
COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS
SHERROD BROWN, Ohio, Chair
JACK REED, Rhode Island TIM SCOTT, South Carolina
ROBERT MENENDEZ, New Jersey MIKE CRAPO, Idaho
JON TESTER, Montana MIKE ROUNDS, South Dakota
MARK R. WARNER, Virginia THOM TILLIS, North Carolina
ELIZABETH WARREN, Massachusetts JOHN KENNEDY, Louisiana
CHRIS VAN HOLLEN, Maryland BILL HAGERTY, Tennessee
CATHERINE CORTEZ MASTO, Nevada CYNTHIA M. LUMMIS, Wyoming
TINA SMITH, Minnesota J.D. VANCE, Ohio
RAPHAEL G. WARNOCK, Georgia KATIE BOYD BRITT, Alabama
JOHN FETTERMAN, Pennsylvania KEVIN CRAMER, North Dakota
LAPHONZA R. BUTLER, California STEVE DAINES, Montana
Laura Swanson, Staff Director
Lila Nieves-Lee, Republican Staff Director
Elisha Tuku, Chief Counsel
Amber Beck, Republican Chief Counsel
Cameron Ricker, Chief Clerk
Shelvin Simmons, IT Director
Pat Lally, Assistant Clerk
(ii)
C O N T E N T S
----------
THURSDAY, FEBRUARY 1, 2024
Page
Opening statement of Chair Brown................................. 1
Prepared statement....................................... 38
Opening statements, comments, or prepared statements of:
Senator Scott................................................ 3
Prepared statement....................................... 39
WITNESSES
Carla Sanchez-Adams, Senior Attorney, National Consumer Law
Center......................................................... 6
Prepared statement........................................... 42
Response to written question of:
Senator Butler........................................... 89
Paul Benda, Executive Vice President, Risk, Fraud and
Cybersecurity, American Bankers Association.................... 8
Prepared statement........................................... 76
Response to written question of:
Senator Britt............................................ 91
John Breyault, Vice President of Public Policy,
Telecommunications, and Fraud, National Consumers League....... 10
Prepared statement........................................... 85
Response to written question of:
Senator Butler........................................... 93
Additional Material Supplied for the Record
Statement submitted by BPI....................................... 94
Letter submitted by AFSA......................................... 99
Letter submitted by CBA.......................................... 101
Statement submitted by ICBA...................................... 103
(iii)
EXAMINING SCAMS AND FRAUD IN THE BANKING SYSTEM AND THEIR IMPACT ON
CONSUMERS
----------
THURSDAY, FEBRUARY 1, 2024
U.S. Senate,
Committee on Banking, Housing, and Urban Affairs,
Washington, DC.
The Committee met at 10:06 a.m., in room 538, Dirksen
Senate Office Building, Hon. Sherrod Brown, Chair of the
Committee, presiding.
OPENING STATEMENT OF CHAIR SHERROD BROWN
Chair Brown. The Banking, Housing, and Urban Affairs
Committee will come to order.
When consumers send money through an app or send a check in
the mail, they are supposed to be able to trust that financial
companies are protecting their money and will help them if
something goes wrong. Yet that is not what we see.
Scammers and fraudsters have ramped up their efforts to
take people's money. Banks and payment apps have stood on the
sidelines while the problem has only gotten worse. Pretty much
everyone has either been scammed, or knows someone who has been
scammed, when trying to use a financial service.
Today one of the most popular ways people send money is
through so-called peer-to-peer apps like PayPal, Venmo, Cash
App, and Zelle. These apps are now part of most Americans' day-
to-day lives. Seventy-five percent of adults have used at least
one of them. Forty percent of Americans report using them at
least once a month.
Where consumers see convenience and accessibility, scammers
see an opportunity.
In 2022, one major payment app had more than $100 million
in ``unauthorized transactions.'' Another had almost $60
million.
Of course, it is not just new technology or payment
methods, of course, that scammers target. Check fraud is as old
as our banking system. They will steal a check from the mail,
use chemicals to wash off the key details, then fill it in with
the details they want and deposit it.
You might think that more people using apps would make
checks less of a target, but it seems to be the opposite--check
fraud is getting worse too. Last year, the Financial Crimes
Enforcement Network noticed a rise in check fraud so drastic
that they issued a public alert.
My colleagues and I wrote to the American Bankers
Association expressing concerns on the issue, and they created
an information directory providing contact information for
banks to resolve check fraud claims. By the end of 2022,
depository institutions had reported more than 500,000
incidents of check fraud, more than double the year before.
Scammers broke their record again in 2023. So the evidence
clearly shows it is getting worse.
The same goes for wire transfers. Scammers target wire
transfers because they can steal a larger portion of consumers'
savings through wire transfers. Americans will often use wire
transfers when they want to send large amounts of money, like
when buying a house.
Imagine a family in the process of buying a home, juggling
all the details of the process, along with the excitement that
they have of reaching a major life milestone. On top of
everything else they have to worry about, they have to defend
against scammers posing as a real estate agent or title company
targeting the family's downpayment. In 2023, consumers lost at
least $270 million to wire fraud.
And now we are faced with the possibility that artificial
intelligence will make these problems worse. As just one
example, scammers can now use AI to clone a person's voice to
bypass voice authentication procedures. Banks, payment apps,
and other financial institutions are not doing nearly enough to
prepare for the threat AI poses in increasing the scale and the
impact of scams.
All of these problems with scams are rampant.
In Dublin, Ohio, a suburb of Columbus, a retired FBI agent,
wrote a check for less than $200. Someone stole that check from
a mailbox right in front of a post office, changed the number
to $8,590 and cashed it.
In another case, a 17-year-old student in Ohio received an
acceptance letter from her dream college. Someone posing as
another admitted student reached out and scammed her out of
almost $3,000 of her own money through Zelle. That $3,000 was
three-quarters of her college money she saved up by working at
a discount drugstore. None of this mattered to the bank. As far
as the bank was concerned, this young woman was responsible for
the money and additional fees for depositing bad checks. In the
end, she got her money back, but only after the efforts of a
very tenacious mother, who tracked down the local executive of
the bank.
No one should have to go to those lengths because banks,
payment apps, and other financial institutions cannot get their
act together to protect their customers. When these incidents
happen, people lose their hard-earned money. And they are often
made to feel ashamed and embarrassed.
No one ever tells a victim of a hold-up or a break-in at
their home that they were stupid or should have known better
than to be robbed, but that is exactly what consumers who are
scammed too often hear.
Let's be clear, being scammed has nothing to do with
savviness or intelligence or education.
Just last year, a retired White House scientist was scammed
out of $655,000 of her retirement savings. Those scammers were
organized. They sent her a pop-up message on her computer,
rerouted a phone call she meant for her bank, and kept her on
the phone for days on end. She still wonders about what she
could have done differently. But no one should have to think
about that question.
And to be clear, the answer to these types of stories is
not to warn people to be better prepared or put millions of
consumers through a so-called ``financial education'' course.
Of course we all need better financial education, but that is
not the backstop for all of this. Americans do not have time
for that. They have jobs and kids and bills to worry about. It
is not on them. It is on the companies that allow the scam.
People should be able to have an expectation their money is
safe when they have a reputable bank.
People lose their money because payment apps and banks do
not put enough measures in place to protect their customers.
For example, among the peer-to-peer companies, Cash App
refunded just 16 percent of unauthorized transactions in
calendar year 2022, just $1 out of $6. Zelle claims they
reimburse consumers who have been victims of imposter scams,
but their website states that since the consumer ``authorized
the payment, you may not be able to get your money back.'' It
is unclear whether Zelle will actually reimburse victims of
imposter scams. They need to clarify instead their
reimbursement policy.
These companies need to step up, and they apparently need
rules to make them do it, not more financial education. These
banks, payment apps, and other financial services companies
have shown us they need, shall we say, some encouragement.
The Consumer Financial Protection Bureau has a proposed
rule that is one strong first step. It would help ensure that
companies like Venmo, Cash App, and Zelle follow Federal
consumer protection laws. This is what the CFPB does--protect
consumers and their hard-earned money. When the CFPB is
empowered, it ensures that the financial system works for
consumers, not just big companies.
With millions of users, it only makes sense that these
companies do more to protect consumers' money. Because as we
have seen in previous hearings in the last 3 years, frauds and
scams are not unique in consumer finance. They are also common
within cryptocurrency. We will keep pushing to make our
financial system safer, whether its stopping rampant frauds and
scams in cryptocurrency or in apps and check fraud.
I hope we can discuss more today about how banks, payment
apps, and other financial service companies can step up for
their consumers and actually earn their trust back.
Senator Scott.
OPENING STATEMENT OF SENATOR TIM SCOTT
Senator Scott. Thank you, Mr. Chairman.
I will start off by saying, I guess Steven Spielberg was
onto something when he named the movie ``Catch Me If You Can''.
Recently, I saw a movie called ``The Beekeeper'', which
starts off about financial scams that led to the grandmother's
suicide. Now, financial scams may not today lead to suicide,
but without any question, they certainly kill your hopes, your
dreams, and your sense of financial security.
The impact of financial scams, especially on our senior
citizens, is undeniable. Having been the Ranking Member on the
Aging Committee, we have had many, many hearings about the
devastation of retirement savings lost. Lives changed.
Grandmothers looking for a place to call home, moving back in
with their kids or their grandkids. The devastation is so real,
and so often, goes unreported in some instances. And certainly,
the investigations leave many wanting.
Even in a largely digital age, more traditional forms of
fraud continue to flourish. We think about the fact that
whether it is check fraud, wire fraud, or mail fraud, we have
seen a resurgence of criminal activity in these spaces, in
addition to of course the new types of fraud that comes along
with the technological advancements that we have seen around
our country, and certainly the innovations around the world.
Not only do I think of my own mother--who celebrates a
birthday this weekend as a senior citizen--I think of every
single South Carolinian who trusts that their money is safe
when they write a check and place it in the mail, or transfer
money to their grandkids.
Mr. Benda, I thank you for bringing your expertise and
talking about the different kinds of fraud that can impact
American consumers. Protecting consumers and preventing fraud
are critical pillars of our financial system and, frankly, what
our society deserves.
For many families, becoming a victim to these scams is
equivalent to wiping out a lifetime of savings, and not just
the dollars in the account, but the thought that you are no
longer safe to transact business anywhere, in any form.
For many, it is the worry that their identity is
compromised, that their credit score is impacted, and they
struggle to realize just how will they survive and afford,
whether it is their rent, or mortgage, or even simply
groceries, which in today's inflationary economy is even harder
than it was before.
Speaking of dollars, let's just count the costs. Nine
billion dollars in 2022 is the cost of financial fraud. A
staggering number.
Unfortunately, these criminal acts of fraud and theft are
not new, and criminals like these continue to prey on the
vulnerable.
This is precisely why our financial institutions and
financial industry participants should--and do--spend billions
of dollars developing and implementing innovative technologies
to strengthen security that will protect families and
businesses from fraud.
But on the other side of the coin, we have not seen the
same commitment from our Federal regulators. Recently, our
regulators seem to be more focused on political grandstanding
than promoting innovative solutions, protecting consumers, and
increasing efforts that support financial education. And
instead of focusing on real crimes and holding criminals
responsible, this Administration seems intent on tying up
financial institutions with ever-increasing amounts of
Washington red tape.
Recently, the CFPB has continued its deceptively named
``junk fee'' campaign, targeting legitimate, contractually
agreed upon payment incentives. In its latest proposals, the
CFPB uses legal gymnastics to turn penalty fees into loans
while slapping the label ``abusive'' on any practice it just
does not like. The CFPB is sending a clear message: it is
willing to stretch the law beyond its limits to suit Director
Chopra's political agenda.
And every dollar spent navigating Washington red tape is a
dollar less on initiatives that actually help families and
protect businesses. It is a dollar less for bolstering a firm's
cyber defenses in the investment world that may prevent or even
catch fraud before it happens. Unfounded bureaucratic
regulations take resources away from financial innovation and
education, both of which can help lift up the underserved and
minority communities.
What concerns me even more than all of this is recent
allegations that suggest that Federal law enforcement and
financial regulators may be expending their resources to target
Americans for their political and religious beliefs. Instead of
targeting Americans for purchasing Bibles or shopping at the
Bass Pro Shops, our Government should focus on doing its job,
protecting our families and prosecuting actual criminals,
including those behind financial scams. Unfortunately, these
examples are part of a larger trend we have seen from this
Administration of putting politics first.
For example, banking regulators were so focused on climate
change that they failed to identify the key risk factors
leading to the second-, third-, and fourth-largest bank
failures in our Nation's history last spring. And again, if the
CFPB was not so focused on building a public pressure campaign
against so-called ``junk fees,'' maybe it could do its job and
actually protect consumers from the real harm that comes from
being a victim of financial crime.
One of the best tools any of us have to fight back against
financial crimes is to become better educated, both about the
financial products and protections that are available to us and
about the scams and methods criminals are using against us. In
fact, I have long championed the idea that financial education
and financial literacy is one of the most important and most
critical tools for climbing the ladder of success in America.
It is why I have worked so hard to incorporate financial
literacy in my work here on this Committee, and financial
literacy is a core pillar of two of my initiatives, the ROAD to
Housing and Capital Markets framework. And I was so proud to
work across the aisle with Senator Reed last spring to pass a
resolution declaring April Financial Literacy Month.
As we discuss the very real issues of financial fraud and
crime, we must take a holistic approach. Our financial
institutions must do their part to protect, to serve, and
educate customers. And our regulators must do their job and
implement the law Congress enacted, not their political wish
list.
We must all work together to gain a better understanding of
the options before us so that we are able to best serve our
communities, our constituents, and our Nation.
I look forward to hearing from each of the three witnesses.
Chair Brown. Thank you, Senator Scott.
I will introduce the witnesses. Ms. Carla Sanchez-Adams,
Senior Attorney, National Consumer Law Center. She focuses on
banking and payment systems, fintech, and high-cost lending.
Welcome, Ms. Sanchez-Adams.
Mr. Paul Benda is Executive Vice President of Risk, Fraud,
and Cybersecurity with the American Bankers Association. Mr.
Benda, welcome.
Mr. John Breyault is the Vice President for Public Policy,
Telecommunications, and Fraud for the National Consumers
League. Welcome, Mr. Breyault.
Ms. Sanchez-Adams, please begin.
STATEMENT OF CARLA SANCHEZ-ADAMS, SENIOR ATTORNEY, NATIONAL
CONSUMER LAW CENTER
Ms. Sanchez-Adams. Chairman Brown, Ranking Member Scott,
and Members of the Committee, thank you for this opportunity to
testify on behalf of the National Consumer Law Center's low-
income clients.
Payment fraud is everywhere and impacts all Americans, even
Members of Congress. In fact, if you do a Google search on how
to address payment fraud you will get 491 million responses.
However, the impacts of payment fraud are most keenly felt
by certain low-income communities, older Americans, and
communities of color. These communities, who are already
struggling and often pushed out of the traditional banking
system, can least afford to lose money due to payment fraud and
errors.
Fraud is also occurring over all types of payment methods,
as you heard earlier. Bank-to-bank wire transfers, checks, can
now be done online and through mobile and digital applications.
And fraudsters exploit the ease of these newer technologies as
well. As you heard, they spoof phone numbers from real
financial institutions, they utilize deep fakes, psychological
manipulation, and even use force and threats of violence to get
consumers to initiate transactions.
Payment fraud can be sorted into two buckets: unauthorized
and fraudulently induced. The unauthorized bucket is the one
where fraudsters initiate a transaction without the consumer's
authority. The fraudulently induced bucket is the one where the
consumer initiates a transaction but only does so as a result
of a fraudulent scheme involving deception and manipulation by
the fraudster.
Now consumers are impacted by both, but the responses they
receive will depend on the type.
Currently, if you are a victim of payment fraud, your only
hope of getting your money back is if it happened through an
unauthorized electronic funds transfer, and that is because of
the strong protections of the Electronic Funds Transfer Act, or
the EFTA. However, even if you are in this unauthorized bucket,
if it happens through a bank-to-bank wire transfer, through
check fraud, forgery, or alteration, or through an Electronic
Benefits Transfer card, then you are going to face an uphill
battle in trying to get your money back, and that is because
these are excluded from the EFTA.
And if you find yourself over here, your story fits into
the fraudulently induced bucket, you are going to hear, ``Too
bad, so sad,'' because there are no clear protections currently
under Federal or State law.
But there are steps that we can collaboratively take to
keep impacts of fraud to a minimum, on both financial
institutions and consumers, and to incentivize more effective
use of innovation to prevent payment fraud.
First, we absolutely cannot push the entire burden of
payment fraud onto consumers, hoping that financial education
will solve it. It is important, but it is not key.
Second, we need to update antiquated laws that offer little
to no protection to consumers who have been impacted by payment
fraud. In this day and age where the vast majority of
transactions happen online or through mobile and digital
technologies, it makes no sense that only some of these
transactions are covered by the EFTA while others are not. Wire
transfers and EBT cards and maybe even checks should have the
protection of the EFTA. As well as fraudulently induced
transactions that should have protections under the EFTA.
Third, receiving institutions should bear more
responsibility. Currently in the United States there is no
mandate that institutions who allow fraudsters and money mules
to open an account and to receive fraudulently induced payments
reimburse the consumer or the consumer's institution. They have
Bank Secrecy Act obligations to make sure that their customers
are not engaging in unlawful activity, including payment fraud,
but they do not have any monetary incentive to make sure that
they can effectively prevent their own customers from
committing fraud.
Conversely, in the United Kingdom, they have mandated
reimbursement for fraudulently induced transactions where the
consumer's institution and the receiving institution split the
cost 50/50. Now if we did that here, and the receiving
institutions were obligated to pay 50 percent, you could
believe that they would be doing more to prevent their own
customers from committing fraud. And they should bear the cost
because they are allowing this to happen.
Fourth, any attempts to combat fraud must also be coupled
with policies and procedures that protect innocent consumers
who have not engaged in payment fraud but who may have had
their accounts frozen or their accounts closed due to overly
aggressive fraud monitoring. They must have the ability to
dispute the freeze or the closure, to expect money that they
need to eat or pay rent to be returned in a timely manner, no
longer than the 10 days provided under the EFTA.
Fifth, the financial institutions that design and run these
payment systems need to take more responsibility for making
these systems safe. It is in their financial interest to do so.
Confidence and use of these systems will increase as they
contemplate consumer protections when deciding things like
safety features, speed bumps, how much fraud screening to
employ, and whether to sacrifice safety for convenience.
Finally, we need to share more information about fraud, how
it is happening, through what payment systems, and who is doing
it. We need interagency cooperation on the Federal and local
level, combined with input from financial institutions, trade
associations, consumer advocacy groups, and other stakeholders.
Thank you, and I am happy to take any questions.
Chair Brown. Thank you very much. Mr. Benda, welcome.
STATEMENT OF PAUL BENDA, EXECUTIVE VICE PRESIDENT, RISK, FRAUD
AND CYBERSECURITY, AMERICAN BANKERS ASSOCIATION
Mr. Benda. Thank you, Chairman Brown, Ranking Member Scott,
and Members of the Committee. I appreciate the opportunity to
testify today before you.
My name is Paul Benda. I serve as the Executive Vice
President for Risk, Fraud, and Cybersecurity for the American
Bankers Association. Before joining the ABA I had the honor of
serving in the Air Force and worked at both the Pentagon and
Department of Homeland Security in leading roles to enhance
both physical and cybersecurity. I am an engineer by training
and try to apply those skills to help our members navigate a
range of operational challenges, including fraud. Our members
know that fraud takes a financial and emotional toll on their
customers, and banks of all sizes are taking extraordinary
efforts to protect and safeguard customer accounts as fraud has
become more sophisticated.
Today's fraudsters are using artificial intelligence and
modern tools to scam customers and small businesses out of
their money. Banks have a long history of innovating to protect
their customers, and ABA is doing what we can to support our
members in this fight.
In the last year, for example, we launched a new industry
platform to make it easier for banks to resolve check fraud
claims. We also developed a new information-sharing tool that
we believe will make it easier to spot financial fraud.
Unfortunately, however, the fight against these criminals is
one that the banking industry cannot win on its own. We believe
that a unified, cooperative effort between banks, law
enforcement, regulators, and other stakeholders offers us the
best chance to fight back against fraud and protect consumers.
There is no doubt that bank customer scams and fraud have
been increasing. According to a recent FBI report, there is a
50 percent increase in reported fraud losses from 2021 to 2022.
The top three categories of fraud were investment scams,
business email compromises, and technical support scams.
Impersonation is a common factor in nearly all of these scams,
with the criminals often impersonating a bank and asking the
customer for critical financial information.
Also worrisome is the rise of check fraud, which has become
one of the fastest-growing categories of consumer fraud across
the country, even as the use of checks continues to decline.
In response to the growing fraud threat, banks are
deploying new tools and capabilities to identify suspected
fraud and stop it from happening in the first place. Still,
there are limits to what banks can do when checks get stolen or
when sophisticated criminals scam customers into giving them
their money.
Here are some of the ways other stakeholders can help us in
this fight. As detailed in my written testimony, our members
believe that there are four pillars that will enhance our
antifraud efforts. First, increase consumer education. The best
way to reduce fraud is to prevent it from happening in the
first place, and the best way to do that is empower consumers
to protect themselves.
One of ABA's most important consumer protection initiatives
is our award-winning ``Banks Never Ask That'' campaign. Through
social media, TV ads, and even stadium scoreboards we have
educated millions of bank customers on how to spot common scams
from criminals posing as their bank. The point is to drive home
the message that a bank will never ask for your password, PIN,
or Social Security number but a scammer will. To date, more
than 2,300 banks have participated in the campaign, using
creative content provided by ABA, entirely free.
Separately, our Safe Banking for Seniors program also
provides banks and consumers with free tools and tips on how to
spot and avoid elder financial abuse. We think there are
opportunities to expand this kind of consumer education.
Second, close regulatory loopholes to stop impersonation
scams. Telephone number spoofing is a major problem. Criminals
have been able to misrepresent themselves either through a
spoofed caller ID that shows a legitimate business name or
phone number or through stolen social media accounts that are
indistinguishable from real account. ABA supported the FCC's
efforts to protect consumers from illegally spoofed robocalls
and the need to have effective authentication requirements for
calls and texts. We have also weighed in strongly on the need
to hold any telecommunication provider accountable that
knowingly allows criminals to impersonal legitimate numbers and
company names.
Third, improved information-sharing. The banking sector
works closely with law enforcement and the regulatory agencies
and are always looking to develop new ways to share and act on
critical threat information. At the same time, the regulators
should exercise care in developing new regulations that could
inhibit or impede banks' anti-fraud efforts.
Fourth, enhance collaboration with law enforcement and
regulators. ABA has a long and proud history of partnering with
law enforcement and the public sector on outreach activities.
We work closely with the FBI, the Secret Service, and Treasury,
and in recent months we launched a nuclear energy initiative
with the U.S. Postal Inspection Service to combat check fraud.
We still believe there are additional opportunities for public-
private partnerships in support of fraud prevention.
In conclusion, banks are working every day to protect their
customers from fraud by investing in new technologies,
deploying public education campaigns, and partnering with law
enforcement and other Federal agencies. We all recognize that
more must be done, however, if we are really going to crack
down on the criminals. It will take a partnership with banks
and telecom firms, technology companies, and the public sector
all working together. ABA and our member banks stand ready to
work with all stakeholders to win the fight against fraud and
protect consumers.
Thank you again for the chance to testify, and I look
forward to answering your questions.
Chair Brown. Thank you. Mr. Breyault, welcome.
STATEMENT OF JOHN BREYAULT, VICE PRESIDENT OF PUBLIC POLICY,
TELECOMMUNICATIONS, AND FRAUD, NATIONAL CONSUMERS LEAGUE
Mr. Breyault. Good morning Chairman Brown, Ranking Member
Scott, and Members of the Committee. My name is John Breyault
and I am the Vice President of Public Policy,
Telecommunications, and Fraud at the National Consumers League.
For more than 25 years, NCL has worked via our Fraud.org
campaign to educate consumers about the warning signs of fraud
and promote public policies that protect the American public
from scams of all kinds.
There is an epidemic of fraud and identity theft in the
United States. Since hitting a record of 5.96 million in 2021,
during the height of the COVID-19 pandemic, consumer complaints
to the Federal Trade Commission have remained exceptionally
high. Fraud losses have continued to mount, increasing from
$3.3 billion in 2020 to a staggering $8.8 billion in 2022.
Median fraud losses more than doubled during that period, from
$311 to $650. And as you mentioned, Mr. Chairman, these losses
can often be life savings, a lifetime of work that consumers
have built up, that is lost to scams.
When NCL last testified before this Committee in 2021, we
warned that peer-to-peer or P2P, payment platforms such as
Zelle, Venmo, Cash App, and others had become a payment method
of choice for scammers. Unfortunately, the problem has only
worsened since then. In 2020, the FTC received 62,000
complaints where payment apps were the method of payment, with
total reported losses of $87 million. By 2022, reported losses
from fraud involving these apps had grown to $163 million. We
anticipate that when the FTC reports its 2023 data this
regrettable trend will only continue.
The situation is similarly dismal when it comes to fraud
involving one of scammers' other favorite payment methods: gift
cards. In 2020, the FTC received more than 43,000 complaints
where a gift card was the method of payment, with reported
losses of $124 million. In 2022, complains rose to 48,800, with
losses nearly doubling to $228 million. Just this week, NCL
itself was targeted by scammers who tried to get our staff to
purchase gift cards by impersonating our CEO.
As bad as those numbers are, the harm from scammers using
cryptocurrency as the payment method is even worse. Since the
FTC first began reporting it as a payment method in 2020,
losses involving cryptocurrency payments have ballooned from
$129 million to $1.59 billion in 2022, a tenfold increase in
just 2 years. Complaints received at NCL's fraud.org website
last year were littered with references to fraudulent
cryptocurrency investment schemes, and such scams were by far
the costliest type of fraud for their victims.
We are not winning the fight against fraud, and we need
Congress to act.
While P2P platforms, banks, and cryptocurrency trading
platforms profit from ever-increasing transaction volumes, they
bear little of the cost of fraud that occurs on their systems.
Instead, the liability for fraud falls on those who can least
afford to absorb the losses, individual consumers. No amount of
voluntary consumer education, better disclosure, or friction
put into payment flows will solve this problem. We believe the
payment platforms where fraud occurs must have a bigger
financial incentive to stop scams before they happen. By
spreading risk across all the participants in the system, the
costs can be better absorbed, resulting in a safer and more
secure payments marketplace for everyone.
Congress can and should play a leading role in creating
these incentives and preventing fraud on P2P platforms and gift
cards. We urge Congress to give special priority to passing
legislation such as the Protecting Consumers From Payment Scams
Act, which would expand EFTA's definition of ``unauthorized
electronic fund transfer'' to cover fraudulently induced
payments. As my colleague, Ms. Sanchez-Adams mentioned, the
United Kingdom recently enacted a new law that shifts liability
for fraudulently induced payments from consumer victims onto
the issuing and receiving banks. We believe the United Kingdom
is a model for U.S. regulation in this area.
Cryptocurrency will soon become, and by some estimates
already is, the payment method of choice for criminal scammers.
The proliferation of cryptocurrency kiosks in relatively
insecure retail locations has made them a favorite tool of
scammers. By one estimate there are more than 34,000 of these
kiosks across the country.
Kiosk operators, one of whom was reportedly making a 20
percent commission on every transaction, lack sufficient
incentives to crack down on these scams. Senator Warren's
Digital Asset Anti-Money Laundering Act of 2023 includes many
needed protections and would do much to begin cracking down on
the use of cryptocurrency as a payment method. Her bill has
NCL's full support, and we urge the Committee to approve it.
In conclusion, I would like to thank you, Chairman Brown
and Ranking Member Scott, for your continuing work to protect
consumers and for holding this hearing. On behalf of the
National Consumers League, thank you for including the consumer
perspective as you consider these important issues.
Chair Brown. Thank you. The questions will begin with
Senator Tester from Montana.
Senator Tester. Thank you, Mr. Chairman, and I want to
thank you and the Ranking Member for holding this hearing, and
I want to thank the panelists for their testimony. I appreciate
it very, very much.
I do not think anybody is immune from consumer fraud. I
certainly have experienced it personally at a time when I was
very young and could least afford it. Montanans reach out to me
literally daily about these problems. Constituents have paid
for services online that they never receive or bad actors
overseas claiming that something that really does not exist,
and luckily we were able to connect them with the FBI or other
resources.
But these are tough times for people to go through. There
is no doubt about it. When they have to call my office it shows
what kind of, quite frankly, difficult times those really are
and the desperation that they have. We need to be proactive,
and we all need to be on the same page. I think all the
stakeholders need to bear some responsibility for what goes on
here.
Mr. Benda, you mentioned bipartisan efforts we have taken
in the Senate Appropriations Committee to facilitate public-
private partnership to prevent fraud and supporting law
enforcement to combat these people that are probably the lowest
forms of life on Earth. So Mr. Benda, are there additional
tools that law enforcement could use right now that we should
be looking at?
Mr. Benda. Thank you for the question, Senator. I think
information-sharing is going to be the key to help defeat this.
I think when you look at the lack of coordination that we have
got on fighting fraud, whether it is the FBI or whether it is
reporting to FTC, whether it is reporting to regulators,
whether it is reporting to the U.S. Secret Service, it is
fragmented, and so it is difficult to spot trends. It is
difficult to spot where these people are targeting. It is
difficult for banks to get ahead of it.
And so I strongly recommend--and I appreciate the language
that was in that appropriations report. We think coordination
amongst both law enforcement and private entities is going to
be key there.
Senator Tester. One of the things that has always, quite
frankly, amazed me is when a credit card number is used
somewhere else and the bank makes me aware of it very quickly.
I give an example, and I have given it before. Two hoverboards
were bought in Cleveland, Ohio, on my credit card--and it takes
two hoverboards for me, so it made sense.
[Laughter.]
Senator Tester. And the bank called me up immediately and
said, ``Have you been in Cleveland, Ohio?'', and they took care
of it. And I appreciate that and I want to pass that along
because sometimes we go somewhere, make a charge, and they will
call us up and say, ``Are you in Spokane, Washington? Is this
really legal?'' So I appreciate that.
Senator Hagerty and I have a piece of legislation, with
other folks on this Committee, the Financial Exploitation
Prevention Act, which would help folks who lose their
retirement money to scam. Look, as I see this, from this perch,
I think the people--and I would like to get a comment on this,
actually--the people most vulnerable are young people and old
people. Does that tend to be true? Ms. Sanchez-Adams.
Ms. Sanchez-Adams. Yes, sir. You know, you generally think
it is older Americans. They lose the most amount of money, the
older Americans do, but the ones that are victimized the most
are younger Americans.
Senator Tester. OK. That is good to know.
Well, with this bill that we have with Senator Hagerty, it
looks to prevent fraudulent activity because it has increased
over the years. And it allows the company to delay payments if
they think fraud is going on.
Mr. Benda, I think it is a really good bill, not just
because I am carrying it and Hagerty is carrying it but I think
it could help. It would not absolutely solve all of the
problems, but I think it could help. Would there be other
actions you would like to see be done by this Committee or
other committees to help you do your job?
Mr. Benda. You know, I am sorry to sound like a broken
record, Senator, but it really is the information-sharing
piece. And the
example I like to give is the sharing of the scam-reported data
that the telecoms receive. Banks would like to analyze that
data, look at that data, and then reach out and shut down those
links and those phone numbers--open source--they do not work,
so consumers cannot reach them. Right now we do not necessarily
get access to that data.
Senator Tester. So one of the things--and I am just going
to close out with this--one of the things that has me worried
is AI. You talked about customers and small businesses being
scammed, and quite honestly, AI is going to start playing in
this, and hopefully we can use AI to our advantage on the other
side to prevent it.
But regular people, myself included, do not understand AI,
period, and it is going to take a lot of working together to
make sure that we do not end up in a worse situation than we
are right now. Because you can damn well bet the bad guys are
going to use every method they can to try to rip people off of
money because they do not even know how to get their hands
dirty to make money in the first place. So thank you.
Chair Brown. Thank you, Senator Tester. Your experience
notwithstanding, Cleveland is a great place to live.
Senator Tester. I hear it is the heart of rock and roll.
Chair Brown. Yes, and other things.
Senator Scott. I will direct my first question to Senator
Tester and the hoverboard. Having been on it for 7 seconds,
sir, are you sure you did not order either one of those
hoverboards?
Senator Tester. I would not know how to ride one of those
doggone things if I had one, much less two at a time.
Senator Scott. That is why you remain healthy. Those things
are crazy. Anyways, thank for the comic relief there, Senator
Tester. We needed that.
Senator Tester. Any time.
Senator Scott. Yes sir. As I emphasized in my opening
statement, financial fraud and bad actors are not new. Check
fraud, for instance, has been around, from my perspective,
forever, since we have had checks, it seems like. And yet
surprisingly, despite many of the technological advancements
that we have seen in the financial industry, check fraud
incidents nearly doubled from 2021 to 2022, and it is on pace
to increase even more in 2023.
Mr. Benda, can you please explain how the majority of check
fraud is being conducted today and who check fraud impacts the
most?
Mr. Benda. Thank you for the question, Ranking Member
Scott. So check fraud is a big challenge for us today, and
really it impacts Americans of all types. The challenge we have
got is--and it started with the fact that the mail system is
not really as secure as we thought. So we are seeing a huge
increase in the theft of mail. We are seeing mail carriers
being assaulted so that they could steal the mail as well as
steal the arrow keys that are there. And what this allows the
criminals to do is actually gain access to these checks.
And unfortunately, the marketplace today allows them access
to tools we did not even dream of 20 years ago. They can access
chemicals to wash these checks. They can access cardstock from
overseas suppliers so they can print checks that look exactly
alike. Frankly, it is a very challenging fight for us, to try
and stop these trends unless we can start securing the mail.
Senator Scott. So to that point, if someone can literally
just steal the check from the mailbox what should we be doing
to educate consumers about check fraud, that we are not doing
right now?
Mr. Benda. I think there are a lot of efforts underway to
educate consumers. That is why ABA entered a partnership with
the U.S. Postal Inspection Service. But I think people need to
recognize that if you give someone your name, your address,
your bank account number, and the bank routing number you are
giving them access to your bank account, potentially. And so
looking at other more secure forms of payment. Senator Tester
talked about credit cards. That may not be viable all the time.
But ACH and other forms of payments can be useful ways to
transfer money.
Senator Scott. Thank you. I frequently hear from bankers
across the country about their frustration with the
Government's handling of suspicious activity reports, or SARs,
and the effectiveness of our anti-money laundering regime.
Bankers spend significant resources filing SARs with FinCEN,
which are intended to help catch criminals and prevent abuse
within the financial system.
But more often than not, millions of SARs are essentially
sent into a black box where banks receive no feedback and most
of which are never acted upon by agency personnel or law
enforcement.
Again Mr. Benda, you have spent most of your professional
life working in fraud and cybersecurity. Having worked with
both law enforcement and financial institutions do you believe
that the current system is working efficiently?
Mr. Benda. I think there are definitely improvements that
could be made to the current system. I know there is
frustration on the bank side, and I know there is frustration
on the law enforcement side. I think better coordination
between law enforcement and private sector, a feedback
mechanism, so that banks understand what law enforcement is
looking for, so it can provide them the information they need,
but then again, law enforcement providing tips and tactics and
trends so that banks can better protect their customers from
fraud.
Senator Scott. Great. As I stressed in my opening
statement, consumer education is critically important when it
comes to preventing or trying to reduce that sort of fraud. It
breaks my heart, as someone will place a check in their
mailbox, assuming they are paying a bill or sending money to a
loved one, only to find out that a stranger has taken it.
It seems that ABA is working around the clock to figure out
ways to protect consumers and help institutions ensure this
sort of fraud will not happen again. In fact, ABA has worked to
develop a Check Fraud Claim Directory, that provides contact
information for banks to file a check warranty breach claim
with another financial institution.
Can you walk us through the ins and outs of how this
directory works, Mr. Benda, and the importance of it?
Mr. Benda. So we know this does not solve the check fraud
problem, but we are trying to do what we can. One of the
challenges banks have is finding out who is the right point of
contact to send that claim to so they can get reimbursed for
it, so they can provide those funds back to the consumer.
But we have taken it further than that. We had recognized
check fraud is happening to all Americans, and we are trying to
figure out ways that we can make filing the claims, from the
customer perspective, easier. We are trying to get rid of
things such as requiring notarizations or pay affidavits,
trying to make sure that when a decision is made the customer
is reimbursed more quickly.
It is a challenge. It is a very complex thing to do, but we
are working to try and make this process better for banks and
customers alike.
Senator Scott. Thank you.
Chair Brown. Thank you, Senator Scott.
Senator Menendez, of New Jersey, is recognized.
Senator Menendez. Thank you, Mr. Chairman.
Mobile peer-to-peer payment applications are growing more
popular and are expected to facilitate transactions worth over
$1 trillion this year. Unfortunately, these platforms, which
include apps such as Venmo, Zelle, PayPal, and Cash App, are
also rife with scammers and fraudsters seeking to steal from
hard-working consumers. Members of this Committee, including
the Chairman, Senator Reed, Senator Warren, and myself, have
led letters to banks, regulators, and the apps themselves,
urging them to adopt better user protections. And I was pleased
to finally see some action when the CFPB, in November, proposed
a rule establishing supervisory authority over large nonbanks
with person-to-person payment apps, and I know Zelle has made
some changes to its own policies.
Ms. Sanchez-Adams, can you comment on these actions taken
so far and tell the Committee what next steps we should
consider to take to better protect consumers from scams and
fraud on P2P apps.
Ms. Sanchez-Adams. Yes. Thank you, Senator, for the
question. The CFPB's proposed rule would allow them to
supervise these institutions--the Cash App, the PayPal, the
Venmo--particularly to see whether they are reimbursing
consumers for unauthorized fraud and their policies for
reimbursing consumers when there are fraudulently induced
payments. So basically to check their policies and procedures
and make sure they are complying with the law. And that is
extremely important, and we support that rule.
More actions we can take is to make sure that the law
actually protects victims of fraudulently induced payments. So
that would be amending the EFTA or allowing the CFPB, through
rulemaking, to do so, and that is one huge step that we can
take.
Senator Menendez. OK. Now according to the 2017 American
Community Survey, nearly 26 million people, which is roughly 9
percent of the U.S. population, have limited English
proficiency. And we know consumers who lack access to
information are prime targets for predatory behavior.
Can you talk about the unique vulnerabilities consumers
with limited English proficiency face when combating scams?
Ms. Sanchez-Adams. I mean, absolutely, you named them. The
fact that we talked about consumer education, consumer
disclosure, knowing products, knowing protections. Well, one,
if you do not speak the language or read the language, how are
you going to know that? And two, if it is buried in fine print
or in some contract that you never see, you will not know those
either.
So absolutely it impacts them, and then I would say that
there are certain payment systems that target low-income
consumers and minorities because they are pushed out of the
banking system. So they are targeting these folks and they are
more rife with fraud, and so they really need to be doing more
to protect these consumers.
Senator Menendez. In addition to being disproportionally
targeted by a wider variety of scams, Limited English
Proficiency (LEP) consumers can also face difficulties in
accessing anti-scam and fraud resources. For instance, there is
no CFPB online complaint system in Spanish, or for that fact,
in any other language. And IC3, the FBI's website that provides
education resources to protect individuals from cybercrimes and
allows victims to report internet crimes is only available in
English.
Would making more anti-fraud and scam resources available
in other languages help protect LEP consumers?
Ms. Sanchez-Adams. Yes, absolutely.
Senator Menendez. Yes. Talking about different groups of
consumers, Mr. Breyault, another group often targeted by
scammers are seniors. Crimes targeting older Americans were up
84 percent in 2022 over the previous year, and furthermore,
older adults report higher median losses than younger adults.
According to the Federal Trade Commission, the median loss
from fraud was $1,750 for those 80-years old or order, compared
to $548 for those in the 20 to 29 age group. These losses can
have significant impact on the financial security of older
Americans as they rely on these critical funds for their
retirement.
What sort of procedures or training should financial
institutions be implementing to improve the institutions'
abilities to detect and prevent fraud committed against
seniors?
Mr. Breyault. Thank you for the question, Senator. So
seniors are uniquely vulnerable to fraud. They are inviting
targets for scammers because they often have access to more
assets that the scammers can steal because they have been
working for their entire lifetime. Unfortunately, they also
have less ability to recover. They do not have as much time to
go back to work and recover these lost funds. So they do
present uniquely vulnerable type of victim.
In terms of what institutions can do, number one, I would
say is make sure that you are training all of your employees to
understand that fraud victims are not the ones who are at
fault. Too often we have a stigma against older Americans who
report this. We wonder, how can you be so stupid? You know, you
fell for this. You know, didn't you know better? As was
mentioned earlier, those are not terms we use for victims of
violent crime, and I do not think we should use it for older
Americans, or frankly, any scam victim.
So I think training of frontline employees to show some
grace when they get these kinds of questions is important. I
think also we need to be able to provide anti-fraud services to
people in ways that do not involve technology. Unfortunately,
many older Americans often have difficulty using advanced
technology. They actually want a real person to speak with.
They want somebody in a bank branch they can go and talk to
about that. And those avenues are often more difficult or more
costly for all consumers but particularly older Americans to
access.
So certainly if there are policies that could make that
avenue of getting fraud redressed easier for older Americans is
another step I would encourage you to take.
Senator Menendez. Thank you. Thank you, Mr. Chairman.
Chair Brown. Thank you, Senator Menendez.
Senator Tillis, of North Carolina, is recognized.
Senator Tillis. Thank you, Mr. Chair. Thank you all for
being here.
Mr. Benda, you mentioned the need for a partnership. Give
me just a quick back-of-the-napkin list of people who should be
at the table, particularly the ones who should be that are not
right now.
Mr. Benda. Thank you, Senator. I think right now there
really is no table, and so it is hard to say who is there or
who is not. There is not that coordination that we would like.
I think the appropriations language that is in there, having
Treasury look at who could convene the right people, makes a
lot of sense.
Senator Tillis. Yes, if I were just kind of spitballing,
obviously banks, credit companies, payment platforms, like
Senator Menendez put together, consumer advocacy groups, law
enforcement, but really the whole of Government, too.
Mr. Benda. Yes, absolutely.
Senator Tillis. And one partner that I am kind of wondering
whether or not they are already taking steps in the wrong
direction would be the CFPB. Last year, in August, I think it
was August of last year, Director Chopra mentioned that it may
be more difficult to get credit header data. We are going to go
from maybe minutes for law enforcement getting it to a subpoena
process. Is that like a partnership that is actually going to
put us further away from a viable solution?
Mr. Benda. That is not the direction we would like to see
them go, Senator.
Senator Tillis. You are very diplomatic. It would just seem
to me when you are taking that law enforcement tool off the
table, at the end of the day law enforcement has to be at the
table. We have to enable them. In fact, we need to take a look
at increased penalties.
I, for one, think that is taking a step in the wrong
direction, so I understand the motivations on some part. I
disagree with most of Mr. Chopra's motivations, to be honest
with you, in this case. I think it is cross purposes to the
problem we are trying to address today.
Ms. Sanchez-Adams, I really struggle with this, because you
hear Senator Tester had two hoverboards charged to his account.
I had my bank call me up and ask me if I had charged $100 at a
hardware store in Chicago. I have not been to Chicago in almost
10 years, certainly not a hardware store, so we said no and it
was covered. That was clear fraud. The banks covered it. I want
to come back on a question related to this to you, Mr. Benda.
But how do we kind of strike the balance? We had a hearing
yesterday about social media platforms, and we had some
horrible stories told about the children that had lost their
lives, suicides, a number of other things. But at the end of
the day, there is a parental responsibility there. These
devices that we are giving children, these tablets, phones,
that we have to be very careful with how they are used.
Similarly, I do not believe that you can just hold the
payment platforms or the banks or the intermediaries
responsible for all fraud, and I know you said it will not work
just with financial literacy or education. I agree with that.
But at some point, I mean, do you agree that at some point, if
we are striking the right balance, that the consumer has to own
some level of responsibility? And I say that with some
trepidation because I have heard these stories of people being
scammed into keeping on the line, and going to a Walgreens and
getting a $500 payment to somebody that they think is an IRS
agent. I get all that. But at some point we cannot possibly
build into the system someone other than that individual who is
making that horrible decision.
So how do you strike the balance in a partnership to
address a problem that I think we all need to address?
Ms. Sanchez-Adams. Yes. As I mentioned, the U.K. example.
Initially they had an industry-led response. It was called the
Contingent Reimbursement Model, and there they would, again,
apportion the responsibility between three parties--the
consumer who was victimized, the receiving institution, and the
consumer's institution. And so the consumer would be on the
hook for like the first 10 pounds or so, and they would be
reimbursed up to a certain amount.
So there are different ways we can do that. If we change
the law to allow, again, the receiving institution to bear some
responsibility, not just the consumer's institution, then you
can build other types of protections like only allow a certain
amount of dollar transactions per day because you are going to
be bearing that responsibility, or verifying that your new
customer, who is receiving all of these new transactions, is
not committing fraud. So there are different things that I
think we can do.
Senator Tillis. Well, the reason I worry about, you know,
we cannot let people off the hook, even if it is devastating
consequences. The reason I worry about that is that the
industry that will serve customers will then have to start
thinking about who they serve, based on a potential risk.
Ms. Sanchez-Adams. Absolutely.
Senator Tillis. We have already said that the vast majority
of the money comes from senior citizens. The vast majority of
the fraud are individual interactions coming from young people.
Then I could see a financial institution saying their sweet
spot is not them.
Ms. Sanchez-Adams. Right.
Senator Tillis. But when I am talking about a partnership,
that is what I am saying. Let's not throw a baby out with the
bathwater and unbank. There are a number of times, we are
proposing legislation up here that on the surface looks good,
but it ultimately underbanks or unbanks people. So we have just
got to strike the right balance.
Ms. Sanchez-Adams. Absolutely. I mean, with credit cards,
consumers are already responsible for like up to $50 of
unauthorized transactions, and you are right that people who
can get credit is limited because of that credit risk. So all
of those balances can be struck, but if people are more
protected then they are more apt to feel safe and to actually
choose to bank.
Senator Tillis. Well, I have gone over my time, but Mr.
Chair, just food for thought because of what Mr. Benda said,
and I am sorry I was not able to get to the third witness. But
the fact that we need a partnership but we do not really have a
convener now, I do not think we have done it in this Committee,
Mr. Chair, but it may be helpful outside of a formal Committee
hearing to have a workgroup and get all the players, and let's
see who is absent, who we think are a necessary part of the
team. But maybe to host a workgroup at some point in the future
so that we can get out there, in a less formal setting, and say
how do we initiate this, and ultimately get a response from law
enforcement and all the other stakeholders. That is something I
would love to participate in.
Chair Brown. Thank you for that thought, Senator Tillis.
Senator Smith, from Minnesota, is recognized from her
office, I believe.
Senator Smith. Thank you, Mr. Chair, and everybody, thanks
to our panelists, and I am sorry I cannot be with you in person
today.
I really appreciate this hearing, Mr. Chair, and I think
what I am gleaning from what everyone is saying is just how
ubiquitous these scams are across the country, and I know it is
true in Minnesota.
But I want to ask about particularly this question of
spoofing, and Mr. Breyault, I will address this question to
you. You know, scammers have been spoofing phone numbers of
banks and other financial institutions for years, but it feels
like they are refining their contacts. I am sure it has
something to do with how AI can be deployed. And it can leave
even the savviest consumer susceptible to being victimized by
this. My own dad, who is nearly 94 but totally on top of it in
so many ways, had this happen to him and was well down the path
of providing lots of information about his bank because he
thought he was talking to the bank. And luckily he was able to
stop it in time, but it created quite a ruckus.
So, Mr. Breyault, I am wondering about whether telecom
companies should have some responsibility for preventing
spoofing, and also how banks and telecoms can work together to
ensure that scammers are not so easily able to impersonate a
legitimate call or a legitimate institution.
Mr. Breyault. Thank you for the question, Senator.
Certainly we need a multifaceted solution to this problem, and
how scammers contact their victims is certainly one of the
channels that needs to be addressed. Spoofing, as you
mentioned, has for a long time been a tactic that scammers have
used to impersonate not just banks but Government agencies,
like the IRS. We know that they use spoofing to impersonate
agencies like Immigration, when they reach out to particularly
vulnerable, limited English proficiency communities.
And so more definitely needs to be done. The telecoms
certainly have a role to play in this. Mr. Benda mentioned
better information-sharing between the telecoms and the banks
on this. I think that is a great idea. And to the extent that
that is not happening I think it is a role for this Committee
to play in making sure that that cooperation does happen.
Beyond simply spoofing, I think we need to look at the
epidemic of texting and how text messages are being misused to
impersonate not just banks but like Government agencies. We
hear a lot about scammers impersonating retail, like Amazon or
UPS telling you about package delivery.
So definitely going after the channels that scammers use to
reach their victims and making those safer is an appropriate
thing to do, and I think would have an impact.
Senator Smith. Thank you. Thanks very much.
I would like to just quickly talk about an issue that is
quite related, I think, to this topic today, which is how
businesses and other institutions are targeting shady practices
at home buyers and homeowners. Ms. Sanchez-Adams, I would like
you to answer this question.
One of the things that has been happening in Minnesota, and
I think around the country, is we are seeing a proliferation of
these very predatory contract or deed contracts where a home
purchaser enters into a contract with a home seller to pay for
the home in installments, thinking that they are in the process
of buying their own home. This has been targeted specifically
to Somali Minnesotans who, in their faith traditions, are
discouraged from either paying or profiting from interest. So
this is often marketed falsely as an interest-free way to buy a
home.
And then what happens, of course, is folks get into this
contract and they realize that if they miss just one payment
they end up forfeiting all of the money that they put into the
home and losing the home. They find out, for example, that they
have balloon payments at the end, none of the protections that
exist with a traditional mortgage.
So, Ms. Sanchez, could you just talk about this a bit, from
your perspective as a consumer advocate, and what we should be
doing a better job of here. Senator Lummis and I introduced a
piece of legislation yesterday jut to help protect homeowners--
help protect people from these predatory practices.
Ms. Sanchez-Adams. Yes, thank you for the question, and
absolutely. I was a legal services attorney for 13 years, and
would hear of these stories all of the time. And my colleague,
Sarah Bolling Mancini, actually testified on this very issue,
so I would recommend you look at her testimony--she is
absolutely the expert on this--for recommendations on what you
can do.
Senator Smith. Thank you. Thanks, Mr. Chair.
Chair Brown. Thank you, Senator Smith.
Senator Britt, from Alabama, is recognized.
Senator Britt. Thank you, Mr. Chairman. We are fortunate to
have a growing number of innovation and just different ideas
coming into the financial sector, as we look to find new ways
to make sure that we are serving existing clients, that they
are doing that, and then also how do we reach individuals and
families and communities that have not always had traditional
access to different things in the financial markets. So I have
been glad to see that innovation begin to occur.
However, we know that bad actors are exploiting our
financial industry only to continue to adapt to the new
innovation that we are having and finding ways to undermine
consumers, and
ultimately fraudsters are targeting these individuals. They are
targeting vulnerable Americans with phone, internet scams to
the tune of almost $9 billion a year. And in Alabama, in 2022,
we were actually defrauded, Alabamians, by nearly $55 million.
And so that number is not only alarming but even worse, it
continues to rise.
So we must do more to protect consumers, and while thinking
carefully about regulatory changes that would impact the
benefits provided by banks, or P2P apps that provide fast and
nonfee payments between friends, we have got to look at what is
happening and figure out how we--we being Congress, industry,
Government agencies like the CFPB--can actually get to the root
of the problem.
And the CFPB, they are supposed to be the agency that
focuses on protecting consumers, but time and time again it
seems that they are utilizing their resources, their time, and
their energy to pursue regulations that actually only
perpetuate the problem. For instance, I am concerned that the
Bureau's expected changes to the Fair Credit Reporting Act
could directly stifle banks' fraud prevention efforts.
Mr. Benda, you mentioned this specifically in your written
testimony, that the CFPB's proposal could create new legal,
practical, and procedural difficulties for banks to detect and
prevent fraud and crime. Can you elaborate a little bit more on
that for me?
Mr. Benda. Thank you for the question, Senator. The concern
here is that banks routinely access this information, and they
use that information for fraud purposes. I think the CFPB is
targeting others that might use it for commercial purposes, but
when you put the Fair Credit Reporting Act around that
information, access to that type of information, it creates a
whole series of barriers that require notifications to the
potential criminals that banks are taking certain actions on
their accounts.
So for normal Americans it does not make any sense. You
know, I would not mind being notified. But when banks have
these requirements placed on them by FCRA for this type of
anti-fraud information it creates notifications to criminals
and reduces the ability, frankly, for them to share that type
of information or use that type of information.
Senator Britt. So what would be a better path forward on
this, do you think?
Mr. Benda. I think it is a complex issue. We would be happy
to get back to you with any details on that, but we would love
to work with you on that.
Senator Britt. Absolutely. Well, it just seems that
financial regulators tend to be less focused on actually
stopping the fraud and more determined just to see the
institution itself pay for it, and this approach, I believe, is
not only misguided but I think it fuels criminal activity. The
solution to preventing financial fraud is not to create
additional hurdles for banks and law enforcement or to halt
innovation completely through excessive and burdensome red
tape. Rather, we have to continue to adapt ourselves.
I think that this includes increasing consumer education
efforts across the board. This is one of the most important
undertakings, I think, that we could do to help get fraudsters
out of the way and allow Americans to preserve their savings
and small business
accounts, among so many other things. So greater security and
anti-fraud mechanisms do not help, though, if consumers can be
convinced to willingly hand over their money and their login
credentials to a fraudster.
So just in followup on that, what are banks currently doing
to educate, Mr. Benda, their customers about fraud and help
them to prevent this, keep them from falling victim to what we
are seeing occur across the country?
Mr. Benda. The biggest effort we have is our Banks Never
Ask That campaign. I was interested in Senator Menendez's
comments about non-English speakers. We recently launched that
campaign in Spanish. So we recognize we need to reach all types
of consumers to educate them. You know, banks will never ask
for your password, PIN, ask you to send money to yourself.
We also have an ABA foundation that looks at elder-scam
awareness. We create training courses for our bankers so they
can help their customers. And we are interested in partnering
with the Government and other public sectors to try and amplify
these messages. We worked with other associations like the
AARP, but we have not seen as much engagement as we would like
to see from maybe some of the regulators.
Senator Britt. Well, I hope that those people will step up
to the plate so that we can help prevent the fraud and protect
our consumers across the country. Thank you.
Chair Brown. Thank you, Senator Britt.
Senator Warner, from Virginia, is recognized.
Senator Warner. Thank you, Mr. Chairman. Thank you for
holding this hearing. And I want to jump right into it on some
of the tech issues.
I know some of my colleagues were mentioning the Judiciary
Committee hearing yesterday. As someone who thinks, has felt
for a long time that while the original intent of Section 230
back in 1996 might have made some sense then, this has turned
into a ``Get Out of Jail Free'' card for all the social media
companies, and I was glad to hear Senator Graham talk about it
yesterday, and others members.
I have had what I thought was a fairly simply reform of
Section 230 for a while out there called the Safe Tech Act,
which would basically say if it is illegal in the real world,
it ought to be illegal in the online world, and there ought to
not be this kind of--and again, I cannot think of any other
term other than a ``Get Out of Jail Free'' card.
That obviously hits us in the consumer fraud area. I think
the FTC just did a study that said that, the way I read it was
that when you use typical contact methods--phone, email,
whatever--fraudsters have about a 6 to 17 percent hit rate. But
when it
appears on a social media platform or an online ad, that fraud
rate goes up to 61 to 63 percent. So whether it was the kind of
gripping testimony we heard yesterday of parents who have lost
their kids or the ability to have Americans ripped off.
I know this may be a little out of your lanes, but have any
of you got any thoughts on whether we ought to have a thorough
reexamination of Section 230, even in terms of consumer
protection? Why don't we start with you, Ms. Sanchez-Adams.
Ms. Sanchez-Adams. Yes, thank you for the question. You
know, I agree. As we have all talked about, there are so many
different avenues that we need to take to address the issue of
payment fraud. You know, as we heard earlier, holding those
telecom companies that are allowing robocalls and robotexts to
happen, yes. Holding social media platforms that are allowing
these fraudsters to do the work that they are doing on that----
Senator Warner. But if you are going to hold them
accountable, does that not require a change in Section 230?
Ms. Sanchez-Adams. Well, I will agree with you that, yes,
we need to find a way to hold all players accountable, and that
is why we also think institutions that are banking the
fraudsters should also be held accountable. So it is a
multipronged approach.
Senator Warner. Mr. Benda? Mr. Breyault?
Mr. Benda. Thank you, Senator. I am not familiar with the
Act but I truly believe focusing on impersonation scams that
allow people to basically con people out of money is a great
area, and we would love to work with you on that.
Senator Warner. Sir?
Mr. Breyault. Senator Warner, thank you for the question.
You know, I think as you have heard from all the witnesses
today, we need the actors where these frauds are being
facilitated to have more skin in the game. They need more
incentives to invest and to protect their users, because
ultimately it is the users who are the ones who are making them
their money.
Senator Warner. But again, the fact is--I am an old telecom
guy so this is where I am a little just crazy to me. Section
230 basically, the 1996 Telcom Act, said if you are one of
these platforms, you have no responsibility at all for any of
the content that appears. So the distribution model for this
fraudster activity goes through the platforms, and if we do not
hold them accountable, I do not think we are ever going to get
there.
I also know some of you touched on--I am going to get one
more question in--on how we can do more real-time reporting. I
am Chairman of the Intelligence Committee. We have managed to
move forward on real-time reporting as we see threats in the
intelligence system. We have still got a ways to go. I do
think, in terms of internet-based fraud, real-time reporting
has to be a component.
But I want to move my last question to AI. One of the
things that scares the dickens out of me on AI, some good
things coming out of this, but the scale and speed with which
these tools can be used, and they do not have to have a lot of
sophistication. Senator Kennedy and I have a bipartisan bill
that looks at could we bring FSOC to the table to look at where
there are gaps, could we end up saying if you use these tools
you might even have things like trouble damages, which already
exists in the SEC world. We have been thinking about this on
market manipulation. But we have also been thinking about it in
terms of consumer fraud.
And one of the things that really concerns me is a lot of
these AI tools, you may say just go make the most money
possible, and that may then result in screwing around with
consumers. But it goes to the question of intent.
My time is clicking down. Do any of you have any thoughts
on how we get at this intent issue around AI tools?
Mr. Breyault. So Senator Warner----
Senator Warner. Maybe you could take it for the record.
Mr. Breyault. Yes.
Chair Brown. Be brief, each of you, if you would.
Mr. Breyault. Sure. I definitely like the idea of
increasing penalties for bad actors who use AI.
Senator Warner. Good. Well, if you could think about the
intent question I would love to get some thoughts on that.
Thank you, Mr. Chairman.
Chair Brown. Thank you, Senator Warner.
Senator Butler, from California, is recognized.
Senator Butler. Thank you, Mr. Chairman. If it is OK I
would love to sort of go back to the point of conversation that
Senator Tester, actually, introduced, and this question of
``who''. There are a lot of perceptions that these kinds of
scams and fraudulent activities happen mostly directed toward
older people, and we have had a lot of conversation here about
that. And I think it is important as we have started to uncover
in this hearing that we paint a full picture of who actually
are victims and how they are being impacted.
There has been some research put forward focused on Gen Z
and their impact here. The 2022 Annual Cybersecurity Attitudes
and Behaviors Report shows that Gen Z and Millennials were
actually more likely to fall victim to certain types of scams
like phishing than other generations. The data also showed that
Gen Z Americans were three times more likely to get caught up
in online scams than Boomers, and the cost of falling victim to
online scams has risen. In 2017, young victims under 20 are
estimated to have lost $8.2 million in online scams, and that
rose dramatically from 2017 to 2022, where that loss has now
exceeded $210 million.
Ms. Sanchez-Adams, I would love to just start with you on
this question. Given that the younger generations are already
struggling financially compared to their parents and
grandparents, are there specific examples that you are aware of
that are happening in the financial services sector that are
working with schools and youth organizations to raise greater
awareness about online scams? We have talked a great deal about
partnership here, and what I am trying to get at are there
actually targeted efforts focused on this younger population.
Ms. Sanchez-Adams. None that I am aware of.
Senator Butler. Mr. Benda, do you have any specific
examples that you are aware of?
Mr. Benda. ABA does run a Teach Children to Save effort,
where we partner with bankers and we go out to different
communities. It is financial education but also has a scam
component.
Senator Butler. Mr. Breyault.
Mr. Breyault. Senator Butler, at NCL we have a program
called LifeSmarts, which is targeted at high school students,
and one of the parts of the curriculum at LifeSmarts is to
teach younger consumers, particularly, those in high school,
how to spot and avoid scams, including the ones that you just
described.
I would also just like to point out that while the
numbers--you have talked about $210 million for losses. We have
also talked about $9 billion in losses overall. I think it is
important to stress that those numbers, by almost every
cybersecurity expert and fraud expert that we talk to, those
numbers are a significant undercount.
Senator Butler. Sure.
Mr. Breyault. We know that consumers do not report these
scams as much as they happen. So the numbers you see here are
bad, but the real situation is likely much worse.
Senator Butler. I appreciate you making that point because
that is a little bit of what I am trying to get at. Young
people are falling victim to these crimes, and the shame and
stigma associated with, you know, falling for them, being so
stupid as to, as the term was used earlier, to fall for them
does not really help us get at prevention.
And so I just wanted to follow up. Mr. Benda, Mr. Breyault,
you mentioned some specific programs. Is there any information
that you could share relative to scale of those programs? How
many high schools are you working with? You know, I have six
million children who are residents of California. One-in-four
American kids are residents of my State. And so I am trying to
figure out what is the scale at which we are actually moving
and if there are recommendations that you would have to get to
a greater scale faster.
Mr. Benda. Senator, that program is run by our ABA
Foundation, and they would love to share that detail with you.
I will make sure that we get that to you.
Mr. Breyault. And while our program reaches tens of
thousands of students across the country, and the content
reaches hundreds of thousands more, with additional resources
we can always reach more. But yes, certainly programs like
LifeSmarts, programs like the one Mr. Benda discussed do play a
role in helping consumers build a resistance against these
scams. But that is not the only thing that is going to stop
this. We need legislation that actually goes at the incentives
that companies have to actually protect their customers from
these scams in the first place.
Senator Butler. Thank you. Mr. Chair, I would love to
submit a followup question for the record with the staff. But
thank you for the time.
Chair Brown. Of course. Thank you, Senator Butler.
Senator Reed, of Rhode Island, is recognized.
Senator Reed. Thank you very much, Mr. Chairman, and I
thank the panel for their testimony.
Ms. Sanchez-Adams and Mr. Breyault, the Electronic Fund
Transfer Act and its implementing rules cover transfers done
through the ACH system, where it is not clear if a transfers
done through wire transfer systems are covered. And I am very
concerned that this gap or ambiguity leaves consumers
unprotected against fraud for very large electronic payments
they are doing for things like a downpayment on a home.
Ms. Sanchez, first, how widespread is the issue of wire
fraud for consumers, and can you walk us through some common
scams?
Ms. Sanchez-Adams. Yes. So it is unfortunately exploding. I
get two or three emails a week about it from consumer lawyers,
and sometimes even from consumers themselves, and there are
always news reports on this. Some of the common scams, you have
one that is horrible. It is a tech support scam, and they gain
access to somebody's laptop or computer and then gain access to
their financial information without the consumer knowing, and
then they get onto their bank account and do a wire transfer to
a crypto account, and then the consumer is out of luck. Even
though State law says that consumers should not be held liable
for unauthorized wire transfers, there are all of these
caveats. If there was a security procedure in place, if the
consumer agreed to it in the account agreement then generally
the banks will say either, sorry, it was sent out and there was
a security procedure that was used so we cannot help you, or if
you, by chance gave your account information to someone it
would be protected under the EFTA but not under the UCC.
Senator Reed. And Mr. Breyault, your comments.
Mr. Breyault. Certainly in addition to the type of scams
that Ms. Sanchez-Adams discussed we see this where scammers get
in between consumers during a real estate transaction. For
example, when you are sending money to a title agent, a scammer
may impersonate the recipient of those funds in order to
disrupt that transaction.
And I think certainly one of the things that all of these
transactions have in common, whether we are talking about ACH
or peer-to-peer, or gift card to some extent, is that the money
is transferred very quickly, nearly instantaneously. In fact,
that is why it is so attractive to the scammers.
So I think as part of the solutions that you consider in
this is do we need to slow down some of those transactions? Is
the benefit we are getting from instantaneous payments, that
are oftentimes irreversible, even after fraud is discovered,
are those benefits outweighed by the cost to consumers of the
fraud that is occurring on these systems?
Senator Reed. Now can the Consumer Financial Protection
Bureau deal with these issues under current law, or do we have
to pass additional legislation to try to address these scams?
Mr. Breyault. The CFPB does a tremendous amount of
authority to start to address some of these scams, and they are
exercising it. But I would say there is more that could be
done. We discussed, particularly in my testimony, the
Protecting Consumers from Payment Scams Act, which would
redefine what is an unauthorized transaction to include these
kinds of induced fraud, or also known as authorized push
payments, as covered under EFTA. So certainly that is one area
where the CFPB could help us, and this Committee could help the
CFPB do its job even better.
Senator Reed. Ms. Sanchez-Adams, your solutions?
Ms. Sanchez-Adams. The CFPB has authority under Regulation
E, or the EFTA, to do rulemaking. So through rulemaking they
could clarify, you know, there was the exemption to wire
transfer that the Federal Reserve Board said included Fed wire,
CHIPS, and so they could change that after doing a rulemaking,
open comment, and all of that. They can clarify things, like
what fits under errors, because they can create additional
errors under the EFTA, so they can do that through rulemaking.
Senator Reed. Well, thank you very much. Thank you all for
your testimony today. Mr. Chairman, I will yield.
Chair Brown. Thank you, Senator Reed.
Senator Vance, from Ohio, is recognized.
Senator Vance. Thank you, Mr. Chair, and thanks to our
three witnesses for being here.
You know, I wanted to ask a series of questions to Mr.
Benda, because this is a very important topic, fraud, how it
affects consumers. But in particular I hear a lot about how it
affects elderly consumers in the State of Ohio. You know, we
spend a lot of time in Congress, I think rightfully, lauding
innovation and advancements in technology, and they do bring a
lot of benefits, but of course they bring a lot of risks.
One of the things that I hear a lot about from constituents
back home is that there are a lot of spoofing scams sort of
deploying and employing modern technology to basically trick a
lot of our elderly folks into giving money, very often preying
on sort of the best sentiments, you know, a grandchild calling
needs bail money, something like that. And, of course, it is
not. It is very often a person who is just trying to scam them.
And so I really worry about what this looks like and
whether the modern technology infrastructure that we have in
this country, while obviously it has a ton of benefits, has
also enabled this massive amount of scam on our elderly
Americans. It is not just anecdotal. Americans lost, in 2019,
over $3 billion due to financial exploitation, and seniors are
particularly targeted by a lot of this.
So I want to ask this question, Mr. Benda. I know this is
an issue that affects your member banks, and obviously it is
customers. I know that you guys deal all the time with these
scams, and you have to pick up the pieces and hopefully help
the customer address some of the problems.
Could you build on sort of what you guys are seeing, what
is out there, what are the spoofing scams that are particularly
concerning to you and what we can do from a financial and
banking perspective to mitigate some of this stuff?
Mr. Benda. Thank you for the question, Senator. So I think
you are hitting the nail on the head. The FCC even put out an
alert just last summer that talked about bank impersonation
scams being the number one scam. Everyone probably on this dais
has gotten that text message that says, ``Did you have this
fraud alert? Did you make this transaction?'' and you reply to
that because it looks exactly like something coming from your
bank. And then they lure you in. They socially engineer you.
And I want to be clear. These people are very good at what
they do. They are very bad people. They are criminals. They are
very convincing. It is not stupid people that fall for these.
So what we would like to see happen is trying to attack
these impersonation scams. Can we figure out a way--and you are
right, our technology infrastructure is not where it needs to
be to ensure that that caller ID message is accurate. If, at
any point in that process, that authentication drops--there is
a process the FCC has, but it can be worked around--if that
authentication drops it should be an unknown caller. We should
not allow people to fraudulently display wrong names. My dad is
86. If it says his bank on that caller ID, he thinks it is his
bank.
So we need to stop that because they are the ones that are
enabling those scams to occur.
Senator Vance. And is that something that the
telecommunications companies--maybe this is outside the
jurisdiction of this particular Committee, though. I know a guy
on the Commerce Committee. Is this something that our
technology and communications infrastructure should be better
at? I mean, recognizing it is not necessarily your area of
expertise, what can we be doing to better police this stuff and
preventing it from happening?
Mr. Benda. So the FCC has active rulemaking on the
implementation STIR/SHAKEN. We would like to see that move more
quickly. We would like to see it more default to versus right
now they let messages through if they meet certain things,
basically default to you do not get to display any message
unless you are at the gold standard level. I think that is one
thing, a change we could make right now that would really help.
Senator Vance. OK. Great. I will yield the remainder of my
time, but appreciate the guests being here and appreciate the
Chairman for hosting the Committee.
Chair Brown. Thank you, Senator Vance.
Senator Van Hollen, of Maryland, is recognized.
Senator Van Hollen. Thank you, Mr. Chairman, and thank all
of you for being here and for your testimony.
Earlier this month the FTC released its annual report on
consumer activities, and they reported that my State of
Maryland is among the top five States with the highest per
capita rates of reported fraud. And this has been an ongoing
issue in Maryland, as around the country, and it takes all
forms, as the conversation today has indicated. I want to
focus, for a moment, on one area of this kind of fraud, and
right now the failures of our system to catch it and compensate
people for it.
We have an open case in Maryland where the victim of check
fraud reported the fraud right away, but their local bank,
their home community bank, is still awaiting payment from the
much bigger bank in which the fraudulent check was deposited.
And I am hearing a lot from Maryland community banks about
this, and I think their view is well expressed by a letter that
I have here from the Community Bankers Association of Illinois,
written about a year ago. And I am just going to quote a part
of it:
Our members have been particularly frustrated because these
fraudulent returns have been deposited into accounts at the Nation's
largest banks, and the process to determine the liability for the fraud
losses and reimbursement is protracted. When this issue has been raised
to Federal regulators the responses have been that it is not their
responsibility to intervene in bank-versus-bank disputes. Our members
respectfully urge the OCC, Federal Reserve, and the FDIC to reconsider
your position regarding fraudulent returns in light of the information
included in this letter.
This is a letter that was addressed to them. They make the
point that they are not asking Federal regulators to pick
winners and losers. They just want to expedite this process so
that those who have been defrauded can be made whole, and those
who were negligent in cashing the fraudulent check will end up
making the payment.
If I could start with you, Ms. Sanchez-Adams, can you speak
to this issue and whether or not, in your view, the larger
banks are taking advantage of the weaknesses in the system to
prevent quick payment to the local banks so that they can, in
turn, reimburse a defrauded customer?
Ms. Sanchez-Adams. Yes. So one story that we were contacted
about was a man who sent a check to the IRS, and it was
deposited into, I believe it was a Wells Fargo account, and it
was to the U.S. Treasury. And so clearly they are not the U.S.
Treasury. But they delayed for 2 years to refund the consumer's
bank. Though the law says that consumers should be reimbursed
by their own bank, that bank was dragging their heels because
they were waiting to get payment. And the consumer bank was
also a large bank, so it is not like they did not have the
funds to refund the consumer.
And I also just want to point out another problem with
check fraud and check alteration is that it is not just them
stealing it in the mail, but I have heard a lot of stories
about, in particular, one that I mentioned in my written
testimony, where they did not even have checks associated with
their account, and fraudsters create checks out of thin air.
And because banks do not often provide written statements
anymore and they do not provide copies of checks back to
consumers, it is hard for them to know that this is happening,
or especially when it is altered to know that it was altered if
you do not see the check to see that it was altered.
Senator Van Hollen. I appreciate that, and we saw a big
rise in this sort of check fraud during COVID, but it has
continued. And obviously it impacts those who do not do online
transactions, mostly the elderly.
Mr. Benda, if you could talk to this issue. I mean,
obviously you have got members of different sizes, member
banks. But this is clearly an issue that is hurting community
banks. Do you agree that the Federal regulators should be more
engaged in resolving these issues?
Mr. Benda. So, Senator, I appreciate the question. I do not
think anyone thinks that the check fraud processing system is
working as well as it could. Banks of all sizes agree the
timelines to process these are taking too long, and that is why
the industry is taking its own steps to try and figure out ways
that we can accelerate this process, such as developing a
universal claim form. We see sometimes banks will file a claim
with one bank and they will have to go iterate to make sure
they provide the required information, trying to reduce the
information the customer is trying to provide. So trying to
make this process easier.
In terms of the regulator involvement in this, I agree with
them that they do not pick winners and losers. Because each
case is so different, it really needs to be that determination
between the banks.
Senator Van Hollen. Well, I understand. You know, FinCEN
and other regulators, they do pay attention, obviously, to the
SARs reports and sort of major fraud, but a lot of this fraud
that is
impacting, you know, regular people, is falling between the
cracks, and those regular people are left holding the bag. So I
appreciate that you, as well as--I think you, Ms. Sanchez-
Adams, also spoke to some language that we put in the FSGG
appropriations reporting language. I chair that subcommittee.
It is aimed at creating more of a public-private partnership to
really try to plug the holes and gaps in the system, and I
understand you both agree that that would be a smart move. Is
that right?
Mr. Benda. Yes, Senator.
Ms. Sanchez-Adams. Agreed.
Senator Van Hollen. Thank you. Thank you, Mr. Chairman.
Chair Brown. Thank you, Senator Van Hollen.
Senator Warnock, from Georgia, is recognized.
Senator Warnock. Thank you very much, Mr. Chair. Fraud is a
serious problem in the United States, and this sector is
growing. A Gallup study found that 8 percent of respondents
said that they had personally been a victim of fraud in the
past year--8 percent. In the first quarter of 2023, reports of
financial fraud per capita occurred more often in Georgia than
in any other State, according to data published by the Federal
Trade Commission. Forbes Advisor ranked Georgia the fifth-most
financially scammed State during that time period.
With these incidents of fraud becoming more sophisticated
and more realistic, unsuspecting folks, seniors, and others are
being targeted directly and personally, meaning that consumer
education plays a key role in stopping scams and fraud before
they start.
Ms. Sanchez-Adams, what have been some effective ways to
educate consumers regarding the risks of financial fraud and
scams?
Ms. Sanchez-Adams. Well, sir, I think that financial
education is extremely important but it does not solve the
problem, especially because the scams change overnight. So you
tell them about one thing and then it changes to the next day.
So, you know, there are things that could be done, like in-
app warnings, and I know that Mr. Benda has spoken about some
of the things that the banks do. You can make some things in-
app. But I think more than that you need to hold the
institutions that are receiving those payments from the
fraudsters more responsible for reimbursing consumers that are
harmed.
Senator Warnock. So in that regard, are there additional
authorities and resources that the Federal Government needs in
order to protect Americans from financial fraud?
Ms. Sanchez-Adams. Yes. I mean, I think you could pass
legislation, as I mentioned, in the EFTA to hold those
institutions that are receiving the payments responsible, to
have them bear some liability. The CFPB can do things through
regulation. And certainly I agree that we should have the task
force to get more information and more people at the table to
talk about this and come up with solutions.
Senator Warnock. So there is more work to be done, and our
rulemaking and legislation has not kept pace with the reality
on the ground. Is that a fair assessment?
Ms. Sanchez-Adams. That is correct.
Senator Warnock. Now, my home State of Georgia is a hub for
financial technology and payment processing. In fact, Georgia-
based payment processing firms handle about 70 percent of U.S.
transactions. Many fintech and payment companies are focusing
on activities that traditionally were handled by consumer
banking, including digital payment apps and wallets.
When consumers transfer money using traditional financial
tools there are financial protection laws in place for these
traditional tools that protect their money. But since many of
these digital payment systems are owned by large, nonbank
financial companies, they may not carry the same safeguards as
financial institutions or debit and credit cards. Last
November, the CFPB proposed a rule that would ensure that
certain nonbank digital wallets and digital payments apps are
subject to the same supervisory oversight as banks and credit
unions, again, keeping pace with the reality on the ground.
How would the CFPB's proposed rule provide additional
protections to consumers who rely on these payment apps?
Ms. Sanchez-Adams. They would have supervision authority,
meaning that they can go in and examine the books. They can
talk to them to see the policies and procedures for them
protecting consumers from both unauthorized transactions, to
see if they are actually reimbursing consumers, doing
reasonable investigations, or what they are doing to protect
fraudulently induced scams, especially things like Cash App and
Venmo, who have access to both accounts and are seeing those
that are receiving the fraudulent payments and where it is
going, that they can freeze them, stop them, investigate them,
and try to make consumers whole.
Senator Warnock. There is no question that consumers
deserve to know that their funds are protected by consumer
protection laws, regardless of their payment method. We cannot
have one set of guardrails for one sector and not have the same
guardrails for another sector, as we see increasing digital
operations in the banking sector or the financial sector.
What other steps can be taken to protect consumers?
Ms. Sanchez-Adams. So one thing is to make sure that
consumers are reimbursed for fraudulently induced transactions,
or scams as people talk about that. Full stop. And then hold
those financial institutions that are receiving fraudulent
payments responsible, and make sure that payment systems are
doing more to protect consumers as well.
Senator Warnock. Great. Thank you so very much.
Ms. Sanchez-Adams. Thank you.
Chair Brown. Thank you, Senator Warnock.
Senator Warren, of Massachusetts, is recognized.
Senator Warren. Thank you, Mr. Chairman, and thank you for
holding this hearing.
So cyber criminals are exploiting cryptocurrency to scam
American consumers out of billions of dollars every year.
According to the FBI, Americans are reporting losing more money
to crypto-related investment fraud than any other kind of
investment scam. In 2022, that amounted to reported losses of
more than $2.5 billion, and that was up 183 percent in just 1
year.
Now according to the Federal Trade Commission, since 2021,
crypto has accounted for about 1 in every 4 dollars that
consumers report losing to fraudulent schemes, more than any
other payment method out there.
So let's focus today on one type of cryptocurrency--
stablecoins. Stablecoins, like Tether and USDC, are supposedly
pegged to the dollar or other assets that are relatively
stable, and this is supposed to make stablecoins safer and less
volatile than other tokens, kind of the responsible big brother
of crypto.
But new data show that stablecoins are now used in the
majority of illicit crypto transactions, especially in the
scams. Last year, more than 70 percent of the crypto scams that
we know about involve stablecoins.
So Ms. Sanchez-Adams, as a consumer protection expert does
it surprise you that stablecoins are increasingly being used to
scam customers?
Ms. Sanchez-Adams. No. As you said, stablecoins are not as
stable as they claim, and they really are primarily a gateway
to support unsafe and dangerous crypto assets. So it is to get
them into the door to do the crypto.
Senator Warren. Right. So crypto scams, as you know, take a
variety of different kinds of forms--pig butchering, a kind of
romance scam, where criminals build up a personal relationship
with their targets online and then convince them to invest
money in fake crypto platforms before stealing the money. Many
of these scams are perpetrated by sophisticated criminal
organizations based in Asia, including North Korea.
Mr. Benda, you are an expert on cybersecurity. What is it
about crypto that makes it such a good tool to scam people out
of their money?
Mr. Benda. So the challenge we have is that these
cryptocurrencies operate outside the banking system, operate
outside of regulation, operate outside of BSA/AML.
Additionally, the technology is there that allows you to mix
and hide transactions. So you can go into that crypto ecosystem
and you can actually obfuscate where that money goes after
that. And additionally, you can put together what are called
``cold wallets.'' So you can download millions, hundreds of
millions of dollars onto a single USB and transfer that
internationally without anyone knowing anymore.
Senator Warren. Well, that is a lot to be able to hide.
You know, we cannot keep making it easy for criminals and
for countries like North Korea to defraud Americans out of
their hard-earned money. Twenty Senators, both Democrats and
Republicans, are sponsoring the Digital Asset Anti-Money
Laundering Act. This bill would plug the holes in our anti-
money laundering rules to make it easier for financial
regulators to track suspicious crypto activity, to make it more
visible, and to shut down the scammers.
So Mr. Breyault, your organization, the National Consumers
League, has been protecting consumers for over 100 years. Would
this bill help protect American consumers from crypto fraud?
Mr. Breyault. Absolutely, yes, Senator.
Senator Warren. Want to say a word more?
Mr. Breyault. So cryptocurrency is certainly the next
frontier when it comes to payment scams. It offers a scammer's
dream--anonymity, immediacy, and irrevocability. And because of
the availability now of cryptocurrency kiosks in convenience
stores, grocery stores, smoke shops--I mentioned earlier that
by one estimate there are more than 34,000 of these kiosks
across the country--the ability to send cryptocurrency to
scammers is usually just down the block for the vast majority
of Americans. So yes, your bill would do much to protect
consumers.
Senator Warren. Well, thank you, Mr. Breyault, and thank
you to the National Consumers League. We are very grateful to
have your endorsement from your organization. I also want to
say thank you to the National Consumer Law Center, Ms. Sanchez-
Adams.
Our bill will help protect consumers and protect our
national security, and I look forward to working with my
colleagues on this Committee so that we can get it passed.
Thank you. Thank you, Mr. Chairman.
Chair Brown. Thank you, Senator Warren.
Senator Fetterman, from Pennsylvania, is recognized.
Senator Fetterman. Well, thank you. I hate to have to
follow my colleague, Senator Warren, and talk about crypto
because she is, of course, the expert on that. But here into
it.
Now it turns out that scammers, hackers, and terrorists now
have chosen to use crypto. I mean, it is a shock, right? And it
makes you wonder why that. Now do you think the terrorists and
those folks are using crypto for the airlines' mileage points,
or is it because it is untraceable and they are engaging in
illegal kinds of things? Is that a fair statement?
Mr. Breyault. Yes, Senator.
Senator Fetterman. So now, of course, we have the bank
meltdowns and crypto funding from Hamas, and now we have
scammers and hackers using crypto to steal people's money, of
course, as will too.
Now again, directly, Mr. Breyault, can you speak to how
people have now fallen prey to these kinds of crypto scams? And
my real question is, now is that redundant to have the term of
``crypto scam''? Crypto is one gigantic scam, really, on that.
So, Mr. Breyault.
Mr. Breyault. Yes, I would say that crypto is the next
payment method of choice for scammers. They recognize that your
average everyday consumers is probably not familiar with how it
works, and yet, as I just mentioned to Senator Warren, the
ability to give your cash to buy crypto and send it to a
scammer is usually as close as your closest grocery store.
Cryptocurrency, we believe, for people who want to use it,
it is a sophisticated investor who should be looking at
cryptocurrency, not my grandmother. And scammers prey on that.
They prey on the fact that consumers are not familiar with how
it works, and they use that to defraud them out of billions of
dollars, and growing.
Senator Fetterman. Well, and investor--and again, to me
that is kind of a paradox, too, crypto investors. Because
really, I know somebody once said that they would not buy up
every cryptocurrency for I think it was a quarter. And, you
know, really, so why would you invest in crypto for a quarter
unless you could sell all of it for 50 cents? You know, kind of
like the greater fool kind of thing. Is that really what
underpins it, or is there any kind of inherent value on that,
that really, why does it seem to be so open to scams? Is there
a connection?
Mr. Breyault. Well, Senator, thank you for the question.
Personally, I would never invest in crypto, for all the reasons
that you just discussed. But for scammers it is incredibly
appealing because it offers what they are after, which is the
ability to get their funds quickly, anonymously, and in a way
that is practically impossible to reverse, even when the----
Senator Fetterman. Anonymously. Anonymously, right?
Mr. Breyault. Yes.
Senator Fetterman. So it is untraceable and anonymous.
Ms. Sanchez-Adams. If I may, one of the things that, when
we are talking about crypto and scams, is to take into
consideration how the money is actually going into crypto
first. We hear a lot of stories that it is actually
unauthorized or even fraudulently induced through wire
transfer, and then there are no protections for the consumer
there. If it was sent through, like an electronic funds
transfer that is covered by the EFTA, they would have
protections, but we have heard of it coming either from HELOC
accounts or from wire transfers. And so initially, even that
transfer out has no protections for the consumer.
Senator Fetterman. Oh my gosh. That is amazing, because I
literally was going to pivot to you for the next question, and
that is really about that. My staff is much smarter than I am,
and I was not really aware of this, but they brought it to my
attention, is that true bank customers, they aren't protected
from hackers if they initiate a wire transfer. Right. I mean,
like that is outrageous. I did not even know that myself.
And is there a fix for that or anything that you would
recommend, because again, if I was not aware of that, and I am
on the Banking Committee, so think of the millions of Americans
that are not aware of this.
Ms. Sanchez-Adams. Yes, absolutely. We get interviewed all
the time, even by ``Good Morning America'', about this very
same question. So yes, make it be covered by the Electronic
Funds Transfer Act.
There was an exclusion when it was originally written in
the 1970s and wire transfers were really business-to-business
and consumers were not doing it, and it was in person. Now you
are doing it online through mobile and digital applications,
and so it is, in essence, an electronic funds transfer now. And
even the New York AGs have argued, in a suit they filed against
Citi, that it actually is an electronic funds transfer when it
is unauthorized or requested from someone who is not the
consumer to send it somewhere else.
So it can be included in the EFTA, and of course, we should
not forget the fraudulently induced transactions. Those should
also be included in the EFTA.
Senator Fetterman. So I guess you are saying, so really the
banks, I mean, they are the experts and they are professionals,
they should be held accountable, not then a customer, that may
not have any kind of idea on the level of what is going on. Is
that a fair statement again?
Ms. Sanchez-Adams. Right. Again, if it was unauthorized and
the consumer did not do it, then yes, they should be
reimbursed.
Senator Fetterman. OK. Mr. Chairman.
Chair Brown. Thank you, Senator Fetterman, for your
incisive questions.
It is my turn. I think I will be the last questioner.
Ms. Sanchez-Adams, like an hour ago, an hour-and-a-half
ago, you gave your six recommendations. The CFPB, as you know,
last year proposed a rule that would allow the consumer agency
to supervise larger payment apps. Just walk through, if you
would, what this proposed rule means for large payment apps
like Venmo and Cash App and Zelle and the consumers, what it
means to the consumers who use these platforms. Sort of give us
a synopsis of what this rule is actually going to mean for sort
of all the players.
Ms. Sanchez-Adams. One thing is that nobody actually knew
what was happening on these platforms until this Committee sent
a letter, right, asking for that information of how many people
are actually getting reimbursed for unauthorized transactions
and how many people are not being reimbursed when they are
scammed. Nobody had access to that information because they
were not supervised. So the CFPB being able to go in and
supervise that means that you will actually know if they are
following the law.
So unless you are a private attorney who is suing them
because a consumer came and told you a story, there was really
no way to know what was happening behind the scenes. So that is
why this rule is so important, and again, it is not just Venmo,
PayPal, and Cash App, but it is other players as well.
Chair Brown. Thank you. And, I mean, that really is the
work this Committee can do. We do oversight. We sometimes just
inform the public and can ask questions like that. And the
larger participant rule, as you point out, will allow the
agency to supervise these apps, ensuring that they follow
consumer protection laws, and why we need a strong, independent
CFPB. That has been said many, many, many times from this dais,
from a whole bunch of my colleagues.
I would also point out that this attendance--attendance is
sometimes spotty in this Committee, sometimes not--this is such
an important issue to so many that at least on our side of the
aisle all but one Member showed up and a number of Members on
the other side, too, and that is a good sign.
Ms. Sanchez-Adams, you discussed the differences between
unauthorized transactions and fraudulently induced
transactions, with the major difference being that financial
institutions are legally required to reimburse consumers for
the unauthorized transactions. Does the same hold true for
unauthorized transactions using wire fraud? Are consumers and
their money really protected from scammers there?
Ms. Sanchez-Adams. No. As I had mentioned in detail and, I
think, in my written testimony is the Uniform Commercial Code
(UCC) is the State law that applies to wire transfers,
excluding international remittances. And it was not designed to
be a consumer protection statute. It was designed for banks to
know the procedures when using these.
And so right now it essentially says if there was a
security procedure that the consumer and the bank agreed to,
and the consumer does not really agree to it when it is in the
fine print of something they are clicking to agree to be able
to have an account, or often those terms say that we may choose
one. We may call you or we may not call you. So if the banks
use that procedure then they argue that they do not have any
liability, and it is pushed onto the consumer. This is why we
really need wires to be covered by the EFTA.
Chair Brown. Thank you. Mr. Breyault, we are hearing more
and more anecdotes about how scammers are using AI to create
personalized attack. For example, scammers, as you know, can
use a consumer's voice from a social media post and use AI to
replicate that consumer's voice to gain access to account
information. How do Congress and regulators get ahead of these
problems?
Mr. Breyault. Thank you for the question, Mr. Chairman. I
certainly think that AI has the potential to be as big an
accelerant of fraud as the internet was 30 years ago. And in
addition to the voice-cloning technology that you talked about,
we are also very concerned that AI can be used by criminal
scammers to basically supercharge the ability to identify the
most vulnerable consumer. So we know that criminal gangs will
fight over lists of potential victims in the United States that
they want to use for many different kinds of scams. With AI,
they can target, with laser-like precision, the consumers that
they think are most vulnerable to these scams. So even if they
do not need to use voice cloning, just being able to know the
right people to contact, how to contact them, and the types of
words to use to get them on the hook for these frauds is one
way that we are really concerned about how AI is going to be
used.
I think we are still developing sort of specific policy
proposals that Congress could take, but I appreciate what we
heard earlier about triple damages, again, scammers using AI in
this way. I think that is one area that this Committee should
consider, and we are happy to get back to you with additional
policy proposals for how to start to tackle the threat that AI
poses.
Chair Brown. That would be helpful. Thank you.
Last question, and be as brief as you can. I am over my
time. But this is the end, so that is fine.
Mr. Benda, my colleagues and I wrote to your organization,
the ABA, expressing concerns about the alarming increase in
check fraud scams. Your organization created an information
directory, providing contact information for banks to resolve
check fraud claims. That is good as far as it went.
Has this directory improved the timeliness with which
defrauded customers get their money back? It seems that bank
customers are all too often waiting too long for their money,
not something that people often could afford when it is
thousands of dollars. So assure me that it is more timely than
that and that you are working to make it even more timely.
Mr. Benda. Thank you, Mr. Chairman, and I appreciate you
recognizing the efforts we have made on this.
So the directory now encompasses almost 1,700 banks, and we
have heard from many banks at how much better it has made their
lives because they can actually file these claims faster. Are
we where we want to be? No, we are not, and that is why we are
continuing our efforts, reaching out to banks to try and
expedite those processes, make sure they are more streamlined,
make sure that we have better and more industry baseline in
terms of the requirements to submit these claims so they can be
processed faster.
Chair Brown. OK. Someone from the Richmond Fed told me
once, ``Watch us and make sure you let us know that we are
watching you.'' So we are in this case, so thank you.
Thanks to the three of you. Really good hearing. Really
informative. Great interest from this Committee.
Senators who wish to submit questions for the hearing
record, we have notified them they are due 1 week from today,
the 8th of February. To the witnesses, please submit responses
to any and all of those questions within 45 days from the day
we get them to you.
Thank you very much. The hearing is adjourned.
[Whereupon, at 11:57 a.m., the hearing was adjourned.]
[Prepared statements, responses to written questions, and
additional material supplied for the record follow:]
PREPARED STATEMENT OF CHAIR SHERROD BROWN
When consumers send money through an app or send a check in the
mail, they are supposed to be able to trust that financial companies
are protecting their money and will help them if something goes wrong.
Yet that's not what we see.
Scammers and fraudsters have ramped up their efforts to take
people's money. Banks and payment apps have stood on the sidelines
while the problem has only gotten worse.
Pretty much everyone has either been scammed, or knows someone who
has been scammed, when trying to use a financial service.
Today one of the most popular ways people send money is through so-
called peer-to-peer apps like PayPal, Venmo, Cash App, and Zelle.
These apps are now part of most Americans' day-to-day lives.
Seventy-five percent of adults have used at least one of them. Forty
percent of Americans report using them at least once a month.
Where consumers see convenience and accessibility, scammers see an
opportunity.
In 2022, one major payment app had more than $100 million in
``unauthorized transactions.'' Another had almost $60 million.
Of course, it's not just new technology or payment methods that
scammers target. Check fraud is as old as our banking system.
They'll steal a check from the mail, use chemicals to wash off the
key details, then fill it in with the details they want and deposit it.
You might think that more people using apps would make checks less
of a target, but it's the opposite--check fraud is getting worse, too.
Last year, the Financial Crimes Enforcement Network noticed a rise
in check fraud so drastic that they issued a public alert.
My colleagues and I wrote to the American Bankers Association
expressing our concerns on the issue, and they created an information
directory providing contact information for banks to resolve check
fraud claims.
By the end of 2022, depository institutions had reported more than
500,000 incidents of check fraud--more than double the year before.
Scammers broke their record again in 2023.
The same goes for wire transfers. Scammers target wire transfers
because they can steal a larger portion of consumers' savings through
wire transfers.
Americans will often use wire transfers when they want to send
large amounts of money, like when buying a house.
Imagine a family in the process of trying to buy a home, juggling
all the details of the process, along with the excitement of reaching a
major life milestone.
On top of everything else they have to worry about, they have to
defend against scammers posing as a real estate agent or title company
targeting the family's downpayment.
In 2023, consumers lost at least $270 million to wire fraud.
And now we're faced with the possibility that artificial
intelligence will make these problems worse.
As just one example, scammers can now use AI to clone a person's
voice to bypass voice authentication procedures.
Banks, payment apps, and other financial institutions are not doing
nearly enough to prepare for the threat AI poses in increasing the
scale and impact of scams.
All of these problems with scams are rampant.
In Dublin, Ohio, a retired FBI agent, wrote a check for less than
$200.
Someone stole that check from a mailbox right in front of a post
office, changed the number to $8,590 and cashed in.
In another case, a 17-year-old student in Ohio received an
acceptance letter from her dream college.
Someone posing as another admitted student reached out and scammed
her out of almost $3,000 of her own money through Zelle.
That $3,000 was three-quarters of her college money she saved up
working at a discount drugstore.
None of this mattered to the bank. As far as the bank was
concerned, this young woman was responsible for the money and
additional fees for depositing bad checks.
In the end, she got her money back, but only after the efforts of
her tenacious mother, who tracked down the local executive of the bank.
No one should have to go to those lengths because banks, payment
apps, and other financial institutions can't get their act together to
protect their customers.
When these incidents happen, people lose their hard-earned money.
And they're often made to feel ashamed and embarrassed.
No one ever tells a victim of a hold-up that they were stupid or
should have known better than to be robbed. But that's exactly what
consumers who are scammed hear.
Let's be clear, being scammed has nothing to do with intelligence,
savviness, or education.
Just last year, a retired White House scientist was scammed out of
$655,000 of her retirement savings.
Those scammers were organized. They sent her a pop-up message on
her computer, rerouted a phone call she meant for her bank, and kept
her on the phone for days on end.
She still wonders about what she could have done differently. But
no one should have to think about that question.
And to be clear: the answer to these types of stories isn't to warn
people to be better prepared or put millions of consumers through a so-
called ``financial education'' course.
Americans do not have time for that. They have jobs and kids and
bills to worry about. It's not on them--it's on the companies. People
should be able to have an expectation their money is safe when they
have a reputable bank.
People lose their money because payment apps and banks don't put
enough measures in place to protect their customers.
For example, among the peer-to-peer companies, Cash App refunded
just 16 percent of unauthorized transactions in 2022.
Zelle claims they reimburse consumers who have been victims of
imposter scams. But their website states that since the consumer,
``authorized the payment, you may not be able to get your money back.''
It is unclear whether Zelle will actually reimburse victims of imposter
scams. They need to clarify their reimbursement policy.
These companies need to step up, and they apparently need rules to
make them do it. These banks, payment apps, and other financial
services companies have shown us they need, shall we say,
encouragement.
The Consumer Financial Protection Bureau has a proposed rule that
is one strong first step. It would help ensure that companies like
Venmo, Cash App, and Zelle follow Federal consumer protection laws.
This is what the CFPB does--protect consumers and their hard-earned
money. When the CFPB is empowered, it ensures that the financial system
works for consumers, not just corporations.
With millions of users, it only makes sense that these companies do
more to protect consumers' money.
Because, as we've seen in previous hearings, frauds and scams are
not unique in consumer finance, they are also common within
cryptocurrency. We will keep pushing to make our financial system
safer--whether its stopping rampant frauds and scams in cryptocurrency
or in apps and check fraud.
I hope we can discuss more today about how banks, payment apps and
other financial service companies can step up for their consumers and
earn their trust back.
______
PREPARED STATEMENT OF SENATOR TIM SCOTT
I'll start off by saying, I guess Steven Spielberg was on to
something when he named the movie ``Catch Me If You Can''.
Recently, I saw a movie called ``The Beekeeper'', which starts off
about financial scams that led to the grandmother's suicide. Now
financial scams may not today lead to suicide, but without any
question, they certainly kill your hopes, your dreams, and your sense
of financial security.
The impact of financial scams--especially on our senior citizens--
is undeniable. Having been the Ranking Member on the Aging Committee,
we've had many, many hearings about the devastation of retirement
savings lost. Lives changed. Grandmothers looking for a place to call
home--moving back in with their kids or their grandkids.
The devastation is so real--and so often--goes unreported in some
instances. And certainly, the investigations leave many wanting.
Even in a largely digital age, more traditional forms of fraud
continue to flourish.
We think about the fact that whether it's check fraud, wire fraud,
or mail fraud, we've seen a resurgence of criminal activity in these
spaces--in addition to of course the new types of fraud that comes
along with the technological advancements that we've seen around our
country--and certainly the innovations around the world.
Not only do I think of my own mother--who celebrates a birthday
this weekend as a senior citizen--I think of every single South
Carolinian who trusts that their money is safe when they write a check
and place it in the mail, or transfer money to their grandkids.
Mr. Benda, I thank you for bringing your expertise and talking
about the different kinds of fraud that can impact American consumers.
Protecting consumers and preventing fraud are critical pillars of
our financial system and, frankly, what our society deserves.
For many families, becoming a victim to these scams is equivalent
to wiping out a lifetime of savings.
And not just the dollars in the account, but the thought that you
are no longer safe to transact business anywhere, in any form.
For many, it is the worry that their identity is compromised, that
their credit score is impacted, and they struggle to realize just how
will they survive and afford--whether it's their rent, or mortgage, or
even simply groceries.
Which in today's inflationary economy is even harder than it was
before.
Speaking of dollars, let's just count the costs--$9 billion in 2022
is the cost of financial fraud. A staggering number.
Unfortunately, these criminal acts of fraud and theft are not new,
and criminals like these continue to prey on the vulnerable.
This is precisely why our financial institutions and financial
industry participants should--and do--spend billions of dollars
developing and implementing innovative technologies to strengthen
security that will protect families and businesses from fraud.
But on the other side of the coin, we haven't seen the same
commitment from our Federal regulators.
Recently, our regulators seem to be more focused on political
grandstanding than promoting innovative solutions, protecting
consumers, and increasing efforts that support financial education.
And instead of focusing on real crimes and holding criminals
responsible, this Administration seems intent on tying up financial
institutions with ever increasing amounts of Washington red tape.
Recently, the CFPB has continued its deceptively named ``junk fee''
campaign, targeting legitimate, contractually agreed upon payment
incentives.
In its latest proposals, the CFPB uses legal gymnastics to turn
penalty fees into loans while slapping the label ``abusive'' on any
practice it just doesn't like.
The CFPB is sending a clear message: it is willing to stretch the
law beyond its limits to suit Director Chopra's political agenda.
And every dollar spent navigating Washington red tape is a dollar
less on initiatives that actually help families and protect businesses.
It's a dollar less for bolstering a firm's cyber defenses in the
investment world that may prevent or even catch fraud before it
happens.
Unfounded, bureaucratic regulations take resources away from
financial innovation and education, both of which can help lift up the
underserved and minority communities.
What concerns me even more than all of this, is recent allegations
that suggest that Federal law enforcement and financial regulators may
be expending their resources to target Americans for their political
and religious beliefs.
Instead of targeting Americans for purchasing Bibles or shopping at
the Bass Pro Shops, our Government should focus on doing its job--
protecting our families and prosecuting actual criminals, including
those behind financial scams.
Unfortunately, these examples are part of a larger trend we have
seen from this Administration of putting politics first.
For example, banking regulators were so focused on climate change,
that they failed to identify the key risk factors leading to the
second, third, and fourth largest bank failures in our Nation's history
last spring.
And again, if the CFPB wasn't so focused on building a public
pressure campaign against so-called ``junk fees,'' maybe it could do
its job and actually protect consumers from the real harm that comes
from being a victim of financial crime.
One of the best tools any of us have to fight back against
financial crimes is to become better educated, both about the financial
products and protections that are available to us and about the scams
and methods criminals are using against us.
In fact, I have long championed the idea that financial education
and financial literacy is one of the most important and most critical
tools for climbing the ladder of success in America.
It's why I've worked so hard to incorporate financial literacy in
my work here on this Committee, and financial literacy is a core pillar
of two of my initiatives--both the ROAD to Housing and Capital Markets
framework.
And I was so proud to work across the aisle with Senator Reed last
spring to pass a resolution declaring April financial literacy month.
As we discuss the very real issues of financial fraud and crime, we
must take a holistic approach.
Our financial institutions must do their part to protect, to serve,
and educate customers.
And our regulators must do their job and implement the law Congress
enacted, not their political wish list.
We must all work together to gain a better understanding of the
options before us so that we are able to best serve our communities,
our constituents, and our Nation.
I look forward to hearing from each of the three witnesses.
PREPARED STATEMENT OF CARLA SANCHEZ-ADAMS
Senior Attorney, National Consumer Law Center
February 1, 2024
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
PREPARED STATEMENT OF PAUL BENDA
Executive Vice President, Risk, Fraud and Cybersecurity, American
Bankers Association
February 1, 2024
Chairman Brown, Ranking Member Scott, and Members of the Committee,
thank you for the opportunity to testify today for a hearing
``Examining Scams and Fraud in the Banking System and Their Impact on
Consumers''. My name is Paul Benda, and I serve as Executive Vice
President, Risk, Fraud and Cybersecurity for the American Bankers
Association (ABA). The American Bankers Association is the voice of the
Nation's $23.4 trillion banking industry, which is composed of small,
regional, and large banks that together employ approximately 2.1
million people, safeguard $18.6 trillion in deposits, and extend $12.3
trillion in loans. Our members know that fraud takes a financial and
emotional toll on their customers and banks of all sizes are making
extraordinary efforts to protect and safeguard customer accounts as
fraud has become more sophisticated.
Introduction
From using breakthrough technologies such as generative artificial
intelligence (AI) to old fashioned theft of checks out of mailboxes,
criminals are relentlessly pursuing new ways to scam consumers and
small businesses and steal money from their bank accounts. Banks have a
long history of improving and innovating to protect their customers--
from the adoption of chip-enabled credit cards to multifactor
authentication to protect user accounts to the use of advanced AI tools
to warn customers about potentially fraudulent transactions--banks have
been on the front lines of innovation and deploying advanced
capabilities to protect their customers. Unfortunately, however, the
fight against these criminals is one that banks cannot win on their
own.
A recent example of widespread fraud efforts occurred when
criminals took advantage of the economic devastation of COVID-19 and
the unprecedented Government response to support small businesses and
out-of-work Americans. By the Government's own estimate over $300B \1\
\2\ was lost, fueling the growth of more organized and sophisticated
networks of financial criminals who continue to look for new ways to
keep the illicit funds flowing. The criminals are now using the tools
and networks they built during the pandemic, along with secure
messaging technology, to share tactics, techniques and procedures to
expand their reach, finding new people to cash stolen checks and
provide ``mule'' bank accounts \3\ to receive and move the funds. They
are also becoming more sophisticated, using new advanced deepfake
technologies to change their voice and appearance in real-time video
calls to execute romance and impersonation scams. A significant portion
of the $300B that was stolen during the pandemic has been reinvested by
these criminals to create a highly advanced and sophisticated adversary
who is a far departure from the basic phishing scams of yesteryear.
---------------------------------------------------------------------------
\1\ See: https://www.sba.gov/sites/sbagov/files/2023-06/
SBA%20OIG%20Report%2023-09.pdf.
\2\ https://www.sba.gov/sites/sbagov/files/2023-06/
SBA%20OIG%20Report%2023-09.pdf
\3\ Money mules are people who, at someone else's direction,
receive and move money obtained from victims of fraud.
---------------------------------------------------------------------------
These criminals can't be stopped by banks alone, and we support law
enforcement as they combat this scourge. While banks need to have the
technology and infrastructure in place to defend themselves and their
customers, they can only provide the leads necessary for law
enforcement to track down the perpetrators. Banks also need the telecom
companies and their regulators to close regulatory loopholes that allow
criminals to spoof legitimate names and phone numbers to convince
customers they are speaking with a bank. Banks need social media
companies to proactively root out accounts pretending to be bank
employees or financial advisors to convince people to put their money
into their investment scams. Banks need the postal service to improve
the security of the mail system so that when someone mails a check, it
won't get intercepted, stolen, altered and cashed by the criminal. Most
importantly, banks need strong partnerships with law enforcement, so
the resources to combat these crimes match the amount of money being
stolen from consumers. And when these criminals are caught, the
punishments must match the crime, so these offenders won't continue to
steal from American consumers and businesses. Banks also welcome the
chance to partner with community-based organizations that are doing
critical work in this area, as they are trusted voices in many
underrepresented communities.
Banks clearly play a key role in fighting fraud, but unless every
player in the ecosystem joins the fight, criminals will continue to
steal at a scale we've never witnessed before.
State of Fraud Today
Banks have made significant progress in protecting themselves and
their customers from being hacked. One recent industry analysis found
that Financial Services, which is a category that includes more than
just banks, account for only 5.4 percent of ransomware attacks in Q3
2023. \4\ Unfortunately, bank customer losses from scams and fraud have
been increasing significantly. Reliable data on consumer fraud is
scarce, but the Federal Bureau of Investigation's (FBI) Internet Crime
Complaint Center (IC3) is the Nation's hub for businesses and consumers
to report cybercrime and elder fraud. \5\ This data is limited to
certain types of fraud, and therefore underreports the true dollar
amount of fraud perpetrated, but it is still a useful proxy to identify
trends and compare the number of different internet-based scams.
---------------------------------------------------------------------------
\4\ https://www.coverware.com/blog/2023/10/27/scattered-
ransomware-attribution-blurs-focus-on-ir-fundamentals
\5\ www.ic3.gov
---------------------------------------------------------------------------
In the IC3's 2022 Internet Crime Report (the Report), released in
March 2023, data showed a nearly 50 percent increase in losses reported
by consumers and businesses from 2021 to 2022
---------------------------------------------------------------------------
\6\ https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf.
According to the Report, the top three categories of scams in order
of victim losses were investment scams, business email compromise, and
technical support scams. The rise of investment scams was especially
pronounced with an increase of 127 percent from 2021 of $1.45B to
$3.31B lost.
While the top three scams rely on different mechanisms,
impersonation is the common enabling factor. Impersonation scams can
take many different forms, including a criminal pretending to be a
financial advisor or romantic partner to convince someone to invest in
the next ``can't miss'' opportunity, or a criminal who has hacked a
realtor's email account and then convinces the buyer to change the
wiring instructions for the home-closing costs.
Impersonation scams directly affect banks and their customers. In
June 2023, the Federal Trade Commission (FTC) published a Data
Spotlight \7\ that identified the top text messaging scams of 2022. The
top scam was an impersonation scam--which is often in the form of a
fake fraud alert from a bank:
---------------------------------------------------------------------------
\7\ https://www.tic.gov/news-events/data-visualizations/data-
spotlight/2023/06/iykyk-top-text-scams-2022
Reports about texts impersonating banks are up nearly
twentyfold since 2019. You might get a fake number to call
about supposed suspicious activity. Or they might say to reply
``yes or no'' to verify a large transaction (that you didn't
make). If you reply, you'll get a call from the (fake) fraud
department. People say they thought the bank was helping them
get their money back. Instead, money was transferred out of
their account. This scam's median reported loss was a whopping
---------------------------------------------------------------------------
$3,000 last year.
It's not just the private sector that is being impersonated. Just
this year the Consumer Financial Protection Bureau (CFPB) became the
victim of an imposter scam, confirming that ``scammers are using CFPB
employees' names to try to defraud members of the public. We've heard
from people, specifically older adults, who received phone or video
calls.'' \8\ Unfortunately, many times these types of scams
impersonating public and private entities are aided by inadequate
technology controls that allow the criminals to show a legitimate
business or agency phone number and name on caller ID giving an air of
authenticity to the criminal.
---------------------------------------------------------------------------
\8\ https://www.consumerfinance.gov/about-us/blog/beware-of-new-
cfpb-imposter-scams/
---------------------------------------------------------------------------
Though losses from the internet and impersonation-based scams are
most prominent, check fraud has become one of the fastest-growing
categories of fraud impacting consumers across the country. However, as
noted above, it is extremely difficult to gather the actual volume of
check fraud being perpetrated as there is no central repository of
data. The IC3 does provide some data, but it combines check and credit
card fraud for a value of $264M for 2022. Judging by what we are
hearing from our members, this very likely underrepresents the actual
volumes of check fraud; one bank alone has reported losses of over
$100M in a single quarter due to check fraud.
In order to determine if the anecdotal growth being reported is
accurate, we must cross reference it with trend data. Treasury's
Financial Crimes Enforcement Network (FinCEN)--charged with collecting
and analyzing information about financial transactions to combat money
laundering and financial crimes, including confidential Suspicious
Activity Reports (SARs) banks are legally required to file--provides
one such source. FinCEN categorizes and tracks the types of SARs being
filed and the growth of check fraud-related reports by banks and other
financial institutions has become so substantial that early last year
FinCEN published an alert on the ``Nationwide Surge in Mail Theft-
Related Check Fraud Schemes Targeting the U.S. Mail''. The alert
states:
In 2021, financial institutions filed more than 350,000 SARs to
FinCEN to report potential check fraud, a 23 percent increase
over the number of check fraud-related SARs filed in 2020. This
upward trend continued into 2022, when the number of SARs
related to check fraud reached over 680,000, nearly double the
previous year's amount of filings. \9\
---------------------------------------------------------------------------
\9\ https://www.fincen.gov/sites/default/files/shared/
FinCEN%20Alert%20Mail%20Theft-Related%20Check%20Fraud%20FINAL%20508.pdf
Even though the exact dollar value of fraud being committed can't be
determined, the trends are clear and troubling. Fraud is increasing
across all channels. Banks are investing heavily in new technologies
and capabilities to try to stop it, but when customers are duped into
giving their money to criminals or mail gets stolen from a post office,
there are limits to what banks can do. Attacking these trends requires
---------------------------------------------------------------------------
work in the following areas:
Continue To Enhance Banks' Anti-Fraud Operations--The scale
of fraud being experienced may make existing procedures and
policies obsolete and banks must continue to look for ways to
improve bank to bank recoveries and customer experiences.
Increase Consumer Education--Securing someone's account
doesn't help if they can be convinced to willingly hand over
their money or their login credentials.
Close Loopholes To Stop Impersonation Scams--Too many
loopholes, such as phone number spoofing, exist allowing
criminals to impersonate legitimate businesses and agencies.
Improve Information-Sharing--Criminals have an active
information-sharing ecosystem that banks and the public sector
must match to try to slow the flow of illicit funds.
Enhance Collaboration With Law Enforcement and Regulators--
Law enforcement plays a critical role in stopping fraud and
ensuring perpetrators are prosecuted and prevented from further
activity.
Banks Are Continually Improving Anti-Fraud Operations
The rise in fraud has not only impacted consumers but banks as
well. The rise in the volume of cases, the complexity of processing
check fraud claims, and the significant churn in personnel that
occurred as a result of the pandemic created very significant
operational challenges for banks, resulting in processing delays for
check fraud claims.
Banks are working diligently to reduce current timelines and
improve the overall experience for customers. In the majority of
instances, and assuming a customer reports the fraud promptly, they are
not liable for a fraudulent check and the bank will make them whole.
The process requires the bank that accepted the check for deposit (bank
of deposit) and the bank that issued the check (the paying bank) to
work out liability under applicable State law and contractual
agreements. This is achieved in a number of ways, depending on the
reason the check is unpayable. For certain claims, the paying bank
whose customer has notified them of a fraudulent check will file a
check warranty breach claim with the bank of deposit. Given the wide
range of banks involved, one of the biggest challenges is determining a
point of contact with which to exchange a claim.
Recognizing this challenge, in 2023 ABA worked collaboratively with
other industry groups to establish a check fraud working group focused
on expediting the processing of check fraud claims. Among other things,
the working group exchanged points of contact and documentation
requirements to process a claim. And while the working group focused on
the banks handling the vast majority of claims, its success has
resulted in ABA developing an online check fraud directory that any
bank--whether an ABA member or not--can access for free as long as they
reciprocate and provide their contact information. In just over 6
months the directory has grown to nearly 1,700 banks, and we have heard
from banks how invaluable this resource is in speeding up the claim
processing timeline. Our job is not done yet, and we continue efforts
to expand the number of participating banks in the directory.
In addition to the directory, the check fraud working group has
undertaken efforts to improve the overall claims process for banks and
customers alike, including:
Drafting a Universal Warranty Breach Claim form to help
standardize the required information for a claim, reducing
duplicative submissions.
Reducing burdensome documentation hurdles by encouraging
banks to drop notarization requirements.
Making it easier to file a claim if a customer's stolen
check was going to pay a recurring bill to a large company
(e.g., an electric utility) by not requiring the normally
standard affidavit from the utility, which can be very
difficult for the consumer to obtain.
Developing industry baselines for notifying the paying bank
when a claim was received, assigning it a claim number, and
providing an estimated time for processing.
Attempting to standardize the time after a claim has been
adjudicated and paid out, which can vary significantly.
The processing of check warranty breach claims is surprisingly complex
and difficult, but banks and the ABA are committed to improving the
system.
Banks Provide Extensive Consumer Education
Consumers are on the front lines of this fight, and we need to do
all we can to ensure they have the tools and knowledge they need to
protect themselves. Many banks have significantly increased their
education of customers. For example, many provide tips for spotting
scams in branches, customer communications, and websites and provide
timely warnings that customers not share passcodes or send money to
people they do not know, in addition to participating in ABA's cross-
industry consumer education efforts
However, while banks can help to keep customers' accounts secure,
these controls can be defeated if a criminal convinces the customer to
let them into the customer's account or to send them money. Ultimately,
banks have little power to stop customers from withdrawing their own
money, and indeed victims often are coached to ignore the bank
employees who warn them not to withdraw or send the money. People need
to hear from other sources as well, and ABA encourages other trusted
sources, such as Government actors or nonprofits, to partner with us to
amplify the important work banks are doing to educate consumers on
fraud.
Stopping Phishing
One of ABA's most important consumer protection initiatives is our
#BanksNeverAskThat \10\ anti-phishing campaign. Since its launch in
October 2020, we have helped educate millions of consumers on how to
spot common scams from bad actors posing as their bank.
---------------------------------------------------------------------------
\10\ www.banksneveraskthat.com
---------------------------------------------------------------------------
The public awareness campaign, developed with input from banks of
all sizes across the country, educates consumers by posing ridiculous
questions banks would never ask a customer. Using humor and bold
graphics, we hope to drive home the message that your bank will also
never ask for your password, pin, or Social Security number. ABA
provides all of the campaign materials free of charge to any bank in
the country interested in participating, so they can deliver the
#BanksNever
AskThat messaging in their local markets.
The campaign has increased in size and scope each year. To date,
more than 2,300 banks have participated in #BanksNeverAskThat and
spread its educational content to millions of Americans through social
media, bank websites, ATM screens, and bank branches across the
country. ABA has promoted the campaign nationally and anyone who has
been to a Capitals, Wizards, or Nationals game has probably seen its
education message.
In 2023, ABA launched a Spanish language version of the campaign,
available at www.BancosNuncaPidenEso.com. This year's campaign also
features an interactive quiz, an educational video game and short
entertaining videos. The campaign has been recognized by Federal,
State, and local officials for its consumer protection message, and it
has received numerous national awards for its creative approach. We've
briefed other industry trade groups interested in launching something
similar and are already planning for next year's campaign.
Combating Elder Fraud
In addition to its public outreach campaign, ABA through the ABA
Foundation has active programs to protect seniors from scams. Given the
seriousness of the issues facing older customers, ABA works through its
nonprofit foundation to ensure that all banks, irrespective of
membership status, can access tools and resources to prevent, detect,
and combat elder financial exploitation.
The ABA Community Engagement Foundation, known as the ABA
Foundation, is a 501(c)3 corporation that helps banks and bankers make
their communities better. Through its leadership, partnerships and
national programs, the Foundation supports bankers as they provide
financial education to individuals at every age, elevate issues around
affordable housing and community development and achieve corporate
social responsibility objectives to improve the well-being of their
customers and communities.
The ABA Foundation offers banks a free toolkit on ``Protecting the
Financial Security of Older Americans''. This three-part resource is
designed to help banks develop a framework on educating and engaging
their communities on preventing elder financial exploitation.
Since 2016, more than 1,850 banks have participated in the ABA
Foundation's Safe Banking for Seniors program. \11\ Through the free
initiative, participating banks have access to turnkey materials to
inform their communities about avoiding scams, choosing executors,
financial caregiving, preventing identity theft, known perpetrator
fraud, and understanding powers of attorney. Banks use the materials to
help empower their communities and lead a combination of in-person and
virtual workshops, post videos and other content on social media, and
share vital information during one-on-one conversations at teller
stations. All the resources are available at no cost to ABA member and
nonmember banks.
---------------------------------------------------------------------------
\11\ https://www.aba.com/seniors
---------------------------------------------------------------------------
Through a prior partnership with the FTC, the ABA Foundation also
developed infographics to raise awareness about scams that
disproportionately affect older customers. Banks and nonbanks alike can
freely access and disseminate materials on: Fake Check Scams,
Government Imposter Scams, Imposter Scams, Money Mule Scams, Online
Dating Scams, Phishing Scams, and Peer to Payments. \12\
---------------------------------------------------------------------------
\12\ https://www.aba.com/advocacy/community-programs/consumer-
resources/protect-your-money
---------------------------------------------------------------------------
While ABA's campaigns have been instrumental in educating the
public, we are just one voice. We need a nationwide message coordinated
among multiple agencies (including the CFPB and FTC), nonprofits, and
private companies to promote a simple and memorable action plan for
people of all ages facing scams. The campaign should also focus on
dispelling the behavioral techniques scammers use in
impersonating authorities, indicating urgency, requiring secrecy, and
manipulating people into action.
Changes Are Needed To Stop Impersonation Scams
Criminals' ability to impersonate legitimate businesses or
Government agencies is a major challenge that needs to be addressed to
reduce the amount of fraud Americans experience. The challenge can be
made more difficult when criminals are able to misrepresent themselves
either through a spoofed caller ID that shows a legitimate business
name and business' phone number, or through stolen or copycat social
media accounts that are indistinguishable from real accounts.
Currently technology can help criminals impersonate legitimate
actors through three primary channels:
Spoofing of Caller ID--Criminals have figured out loopholes
that allow them to ``spoof'' the numbers and names of
legitimate businesses with intent to defraud the call
recipient. For example, banks have reported that customers have
received calls that show they are coming from the 1-800 number
listed on the back of their debit card. When a customer is
presented with what they believe is technologically validated
information, it significantly aids the criminal in convincing
the customer that they are from their bank.
Impersonation Text Messages--Criminals can use email-to-
text tools to create text messages that look like they come
from a bank or simply use similar numbers and formats to
pretend they're from a bank. These can include links to fake
bank websites, call-back numbers, or prompts that cause the
criminal to call the customer to socially engineer them to give
up security credentials or send money from their accounts.
Stolen or Spoofed Social Media Accounts--The FBI reported
that investment scams had the highest losses in dollars. There
are many ways these scams can be perpetrated but one recent
example is the unknowing takeover of actual bank employees'
social media accounts, which were then used to reach out to
their connections to convince them to invest in fraudulent
investment scams.
Spoofing of Caller ID Information
The Secure Telephone Identity Revisited (STIR) and Signature-based
Handling of Asserted Information Using toKENs (SHAKEN) caller ID
authentication framework established by the Federal Communications
Commission (FCC) is meant to help protect consumers from illegally
spoofed robocalls by verifying that the caller ID information
transmitted with a particular call matches the caller's telephone
number. \13\ Unfortunately, technical limitations of existing networks
used, particularly non-IP networks, and calls originating from overseas
communications providers have hampered the effectiveness of the
framework, leaving loopholes that criminals can exploit to spoof the
data (i.e., phone number) shown on a consumer's caller ID. We
appreciate that the FCC continues to make progress in fully
implementing STIR/SHAKEN across all networks. Nonetheless, ABA strongly
believes that more needs to be done. Only callers whose calls are fully
authenticated--signed at origination and attested throughout the call's
pathway--should be able to display data in the recipient's caller ID
display. If at any point the authentication cannot be validated, the
caller ID should simply display ``unknown caller.'' We recognize that
due to technical limitations some legitimate callers may have their
caller ID data dropped, but we believe erring on the side of caution is
the best course due to the vast scale of impersonation fraud being
committed.
---------------------------------------------------------------------------
\13\ https://www.fcc.gov/call-authentication
---------------------------------------------------------------------------
Additionally, we believe that telecommunications providers who
enable criminals to impersonate legitimate numbers and incorrectly
authenticate their calls with impersonated numbers and company names
should be held to account. We have expressed strong support \14\ for
the FTC's proposal to prohibit entities from providing the ``means and
instrumentalities'' for another to impersonate a Government or
business. \15\ We agree with the statement made by the National
Association of Attorneys General in that proceeding that ``when an
entity provides substantial assistance or support to impersonators and
knows or should have known that their
products [or] services are being used in a fraudulent impersonation
scheme, that company could also be held liable under the proposed
impersonation rule.'' \16\
---------------------------------------------------------------------------
\14\ Letter from Am. Bankers Ass'n, et al., to Lina Khan, Chair,
Fed. Trade Comm'n (Dec. 16, 2022), https://www.aba.com/advocacy/policy-
analysis/impersonation-proposal-comment-letter/.
\15\ Notice of Proposed Rulemaking and Request for Public Comment,
Trade Regulation Rule on Impersonation of Government and Businesses, 87
FR 62,741, 62,751 (Oct. 17, 2022).
\16\ Comments of Nat'l Ass'n of Attorneys General 10 (Feb. 23,
2022), https://www.regulations.gov/comment/FTC-2021-0077-0164.
---------------------------------------------------------------------------
The vast majority of telecommunications providers follow the law,
but those who know or should know that they are enabling criminals to
steal from Americans should be held accountable and be liable for the
harms they enable.
Impersonation Text Messages
Texting has become a primary method of communication for Americans
and criminals have shifted their tactics to ``meet their customers
where they are.'' ABA has focused on ensuring that banks have the tools
to identify fraudulent texting trends quickly enough to prevent or
mitigate customer harm. Unfortunately, banks are still encountering
barriers as they seek to prevent fraudulent texts from reaching
customers.
ABA has supported the FCC's efforts to combat illegal text
messages, but we believe more needs to be done. With ABA's support, the
FCC now requires ``terminating mobile wireless providers'' (providers
that deliver calls to recipients) to investigate and potentially block
texts from a sender after they are on notice from the agency that the
sender is transmitting suspected illegal texts. \17\ We have urged the
FCC to apply this requirement to entities that originate text messages,
as these entities are best positioned to stop illegal texts from being
sent in the first place. Last spring, ABA identified ``email-to-text''
as a common method by which bad actors send large numbers of phishing
or otherwise fraudulent messages because the bad actor can load
consumers' cell phone numbers into an email application to send these
texts. \18\ We support the FCC's December 2023 statement encouraging
providers to make email-to-text an opt-in service--whereby consumers
have the option whether they receive text messages that originated
through an email platform. \19\
---------------------------------------------------------------------------
\17\ In the Matter of Targeting and Eliminating Unlawful Text
Messages, CG Docket No. 21-402, Rules and Regulations Implementing the
Telephone Consumer Protection Act of 1991, CG Docket No. 02-278,
Advanced Methods to Target and Eliminate Unlawful Robocalls, CG Docket
No. 17-59, Second Report and Order, Second Further Notice of Proposed
Rulemaking in CG Docket Nos. 02-278 and 21-402, and Waiver Order in CG
Docket No. 17-59, para. 16-25 (released Dec. 18, 2023) [hereinafter,
Second Report and Order].
\18\ Reply Comments of Am. Bankers Ass'n, et al., In the Matter of
Targeting and Eliminating Unlawful Text Messages, CG Docket No. 21-402,
Rules and Regulations Implementing the Telephone Consumer Protection
Act of 1991, CG Docket No. 02-278, at 8 (filed June 6, 2023), https://
www.aba.com/advocacy/policy-analysis/joint-ltr-txt-msgs-lead-generators
[hereinafter, ABA Reply Comments].
\19\ Second Report and Order, supra note 17, at para. 86.
---------------------------------------------------------------------------
We also have urged the FCC to finalize a requirement that text
messages be authenticated and set a deadline for the development and
mandatory implementation of a text message authentication solution.
\20\ As described earlier, bad actors use numerous approaches to
impersonate legitimate companies in text messages sent to consumers.
The FCC should work with mobile wireless providers and other entities
involved in the texting ecosystem to design an authentication framework
that prevents bad actors from sending to consumers text messages that
impersonate legitimate companies, while at the same time ensuring that
text messages from legitimate companies are not blocked. \21\
---------------------------------------------------------------------------
\20\ ABA Reply Comments, supra note 18, at 10-11.
\21\ In designing an authentication framework, however, the
Commission should recognize that legitimate companies frequently send
text messages through ``short code'' text messages--a five- or six-
digit number registered through CTIA's short-code registry that
businesses use to send and receive text messages--or through a 10-digit
number that is registered with a third-party aggregator. Short Code
Registry, Frequently Asked Questions, https://www.usshortcodes.com/
learn-more/faq (last visited May 2, 2023). The FCC should ensure that
the framework adopted does not interfere unduly with these texts.
---------------------------------------------------------------------------
Beyond creating an authentication regime for text messages, the FCC
should provide banks with access to the information necessary to
protect their customers from fraudulent texts. Currently, the
telecommunications industry asks that the public forward scam texts to
the short code 7726, which spells ``SPAM'' on your phone. It would be
very helpful for banks to have access to the spam messages in order to
identify those impersonating their bank and the fake phone numbers and
links they are trying to get consumers to use. In fact, one bank worked
with telecommunications companies to establish a pilot program whereby
the bank gained access to and reviewed reported SPAM data. The bank
then used that data to actively issue take-down requests to the
relevant phone numbers and internet links that were in the messages so
that they no longer functioned. Unfortunately, this program was
discontinued because the telecommunication companies revoked the bank's
access to the data.
We strongly urge policymakers ensure banks and other legitimate
businesses are allowed to access, with appropriate privacy safeguards,
data from scam/spam reporting services, whether it is the 7726 data,
the ``Report Junk'' data in Apple's iMessage application, or other
similar scam/spam reporting features in other closed messaging
applications. Additionally, consideration should be given to requiring
all significant messaging services to operate a ``Report Spam'' feature
and be required to share that data so that businesses can protect their
customers even if these messaging providers are unwilling to do so.
Stolen or Spoofed Social Media Accounts
Criminals also target consumers by stealing personal social media
accounts of employees of legitimate businesses or building fake
accounts that portray them as working for that business. In both
instances, the brand of the company, often a bank, is used to grant
legitimacy to the criminal's posts or messages. While this is a complex
problem to combat and prevent, once these ``impersonation accounts''
are identified there should be a simple, quick, and free method to
request that they be taken down. Unfortunately, no major social media
company offers such a method.
ABA strongly urges policymakers to ensure that social media
companies provide a method to report impersonation accounts that is
free to access and to use, and that results in an expedited removal of
the offending account. Additionally, we recommend that if the hosting
company refuses to take down the impersonation account, they then may
be held liable for any fraud committed by that account as they are
clearly providing the ``means and instrumentalities'' and have
knowledge that the account is engaged in fraud.
Banks are committed to protecting their customers' data and money.
Our goal is to provide a safe and sound financial system that allows
our customers to achieve their financial goals. Banks spend billions of
dollars a year on cybersecurity and antifraud measures to provide one
of the most secure banking systems in the world, but banks can't do it
alone. The technology companies that enable criminals to pose as
trusted agents must help as well. The criminals have realized the
challenges in directly hacking someone's bank account, so instead they
focus on convincing customers to give them that access. This is made
easier when a phone, text message, or social media site tells a
consumer they are speaking with a banker and not the criminal behind
the screen.
Improve Information-Sharing To Combat Fraud
Given the massive scale and global reach of fraud, it is simply not
possible for one bank to fight back alone; collaboration is required to
ensure success. One of the most important tools banks have in combating
financial crimes is shared information. However, due to inconsistencies
across financial institutions, among other reasons, there are
challenges in accessing actionable information in a timely manner.
That is why ABA has been working to establish a program to help
banks share information that identifies activity that may involve
terrorist financing or money laundering, and predicate crimes like
fraud. ABA formed an association of banks to design and develop this
new information-sharing exchange, which ABA will manage. The goal is to
encourage the sharing of information in real-time so it can reduce the
flow of funds to criminals' accounts and improve the quality of banks'
reporting. We believe this effort can make a real difference in
fighting fraud and other financial crime.
Partnership With Law Enforcement and Regulators
As I have discussed, the rising tide of fraud cannot be fixed by
banks or technology alone. At some point, the criminals executing this
fraud need to be caught, prosecuted, and sentenced so that they no
longer commit these crimes. ABA has a history of partnering with law
enforcement and the public sector on education and outreach activities
along with identifying potential improvements in addressing fraud.
For example, ABA and the U.S. Postal Inspection Service (USPIS) are
entering into a formal partnership to combat check fraud. It is often
publicized that the increase in check fraud is partly due to criminals
targeting the U.S. mail infrastructure by stealing mailed checks and
altering (washing) them, leading to fraudulent transactions at banks.
This agreement builds on our current partnership--dating back to
early 2022--when we began joint training initiatives to proactively
address fraud: USPIS briefings for ABA-hosted fraud information-sharing
groups, participation in ABA webinars, and platforms at ABA
conferences. Drawing on USPIS and ABA's respective resources and reach
allows us to educate the public and bank and Postal employees with
joint training and red flag alerts at a greater scale.
ABA and USPIS will kick off this new partnership by hosting a free
webinar for banks with the USPIS on ways they can collect evidence and
support criminal investigations. Following this webinar, ABA and USPIS
will distribute co-branded materials to educate bank customers and
consumers on how to spot and report on common check fraud activity.
ABA also applauds efforts by other agencies to educate the public
regarding fraud and scams. We lead a committee on the FTC's Stop Senior
Scams Advisory Group focused on the freezing and recovery of fraudulent
transfers, are active in the Federal Reserve Bank of Boston's Scams
Definition and Information-Sharing Working Group and have worked with
CFPB on elder fraud prevention tools such as trusted contacts adoption
among depository institutions and powers of attorney. \22\
---------------------------------------------------------------------------
\22\ https://files.consumerfinance.gov/f/documents/cfpb_trusted-
contacts-fis_2021-11.pdf
---------------------------------------------------------------------------
There are more opportunities for agencies to improve consumer
education about scams. For example, Congress established a Financial
Education Office in the Consumer Financial Protection Bureau with a
statutory mandate to ``be responsible for developing and implementing
initiatives intended to educate and empower consumers to make better
informed financial decisions.'' \23\ We encourage the CFPB to
prioritize using this office's resources to help consumers detect and
avoid scams and would welcome an opportunity to work collaboratively,
as we have done with the FCC, FTC, FBI, and USPIS.
---------------------------------------------------------------------------
\23\ Dodd-Frank Act Wall Street Reform and Consumer Protection
Act, 12 U.S.C. 5493 1013(d).
---------------------------------------------------------------------------
While agencies can also effect fraud prevention through their
regulatory actions, we urge them to take care not to impede or inhibit
banks' fraud prevention efforts. For example, recently the CFPB
outlined changes it is considering to regulations implementing the Fair
Credit Reporting Act (FCRA), which could have a significant impact on
banks' work to detect and prevent fraud, identity theft, and other
financial crimes. \24\ Among these, the CFPB is contemplating narrowing
the permissible purposes for which information can be used under the
FCRA, treating consumer-identifying information (including name,
address, and Social Security number) as a consumer report subject to
the FCRA, while expanding who could be considered a consumer reporting
agency to potentially include vendors banks rely on to assist with
fraud prevention. Doing so could create new legal, practical, and
procedural difficulties for banks that use this information to detect
and prevent fraud and crime. Indeed, a Small Business Regulatory
Enforcement Fairness Act (SBREFA) that reviewed the CFPB's potential
policies for their impact on small entities specifically recommended
that the CFPB carefully consider the impacts on fraud prevention and
detection, identity verification, and law enforcement and ``consider .
. . ways to mitigate any negative effects.'' \25\ It is important that
the CFPB and other regulators consistently evaluate how each policy
they consider may impact banks' efforts to detect and prevent fraud.
---------------------------------------------------------------------------
\24\ CFPB, Small Business Advisory Review Panel for Consumer
Reporting Rulemaking Outline of Proposals and Alternatives Under
Consideration (Sept. 15, 2023), https://files.consumerfinance.gov/f/
documents/cfpb_consumer-reporting-rule-sbrefa_outline-of-proposals.pdf
\25\ Final Report of the Small Business Review Panel on the CFPB's
Proposals and Alternatives Under Consideration for the Consumer
Reporting Rulemaking (Dec. 15, 2023) at 47-48, https://
files.consumerfinance.gov/f/documents/cfpb_sbrefa-final-
report_consumer-reporting-rulemaking_2024-01.pdf.
---------------------------------------------------------------------------
Law enforcement is a critical force in preventing and detecting
fraud, and ABA applauds work by the FBI, United States Secret Service,
and FinCEN to try and freeze funds that have been transferred
fraudulently. The FBI IC3 Recovery Asset Teams have been great
partners, but we are concerned that they may lack capacity to engage on
lower-dollar frauds that are reported to the IC3 portal. We would
welcome a partnership with them to identify those cases that may not be
pursued in a timely manner to determine whether a public-private
partnership could be created to pursue those cases and result in more
funds being returned to consumers. Congress has recommended similar
efforts by the Treasury Department, as seen in a report accompanying a
bipartisan Senate Appropriations bill approved by the Committee
unanimously, last year, which urged the facilitation of a public-
private partnership on fraud prevention. \26\
---------------------------------------------------------------------------
\26\ See p. 10; https://www.appropriations.senate.gov/imo/media/
doc/fy24_fsgg_report.pdf.
---------------------------------------------------------------------------
Americans are losing billions of dollars to fraud annually. Yet,
amid resource constraints and competing demands, local law enforcement
struggle to devote appropriate time and attention to these cases. Given
the levels of fraud taking place against Americans, police departments
and sheriff's offices should not have to choose between dedicating
personnel to violent crimes and financial fraud cases.
Additionally, law enforcement personnel need more effective
training on addressing and responding to fraud allegations. Fraud is a
continually evolving landscape and new fraud typologies develop each
day. Enforcing the law and responding to these cases requires
understanding the multifaceted strategies criminals employ to defraud
Americans, particularly with respect to cybercrime. As such, we
recommend strengthening the relationship between local law enforcement
and Federal agencies.
Moreover, while the losses Americans experience goes to U.S.-based
criminals, large amounts are being transferred overseas and potentially
by and to those who threaten our national security. The lack of a
centralized fraud response and tracking capability within the U.S.
Government hinders the ability to spot trends, track tactics,
techniques and procedures, and the ability to recover funds for
Americans when fraud has been identified. Additionally, there is no
central agency with which banks can work on innovative programs to
defeat fraud and recover funds.
Conclusion
Banks are working every day to protect their customers from fraud
by investing in new technologies, deploying public relations campaigns
to educate consumers and small businesses about old and new scams, and
partnering with law enforcement and other Federal agencies on new
initiatives to combat fraud. Yet our industry recognizes that there is
more work to do, and banks can't stop criminals by themselves. Every
player in the fraud ecosystem must play a role; from the
telecommunications firms to the social media companies to the postal
service. And we would welcome collaboration with community groups who
have the trust of consumers across the country. The goal of all banks
is to help their customers have a safe and secure financial future, and
ABA and America's banks are ready to help protect our customers from
fraud. I look forward to answering your questions.
______
PREPARED STATEMENT OF JOHN BREYAULT
Vice President of Public Policy, Telecommunications, and Fraud,
National Consumers League
February 1, 2024
Introduction
The National Consumers League appreciates the opportunity to
provide the Committee with our views on protecting consumers from fraud
involving misuse of the banking system.
Founded in 1899, the National Consumers League (NCL) is the
Nation's pioneering consumer and worker advocacy organization. Our
nonprofit mission is to advocate on behalf of consumers and workers in
the United States and abroad. \1\ For more than 25 years, NCL has
worked, via our Fraud.org campaign, to educate consumers about the
warning signs of fraud and promote public policies that protect the
American public from scams of all kinds.
---------------------------------------------------------------------------
\1\ For more information, visit www.nclnet.org.
---------------------------------------------------------------------------
Fraud Involving Peer-to-Peer Platforms, Gift Cards, and Cryptocurrency
Is Getting Dramatically Worse
There is an epidemic of fraud and identity theft in the United
States. While the number of complaints received by the Federal Trade
Commission (FTC) has leveled off since hitting a record of 5.96 million
in 2021 during the height of the COVID-19 pandemic, complaint levels
remain unacceptably high. Nearly 5.2 million consumers submitted
complaints in 2022, according to the FTC. \2\ And while fewer
complaints may suggest that the situation is improving somewhat,
scammers are getting better at extracting more money from their
victims. From 2020-2022, fraud losses increased from $3.3 billion to a
staggering $8.8 billion. Median fraud losses more than doubled from
$311 to $650.
---------------------------------------------------------------------------
\2\ Federal Trade Commission. Consumer Sentinel Data Book 2022
(February 2023) p. 6. Online: https://www.ftc.gov/system/files/ftc-gov/
pdf/CSN-Data-Book-2022.pdf.
---------------------------------------------------------------------------
When NCL last testified before this Committee in 2021, we warned
that peer-to-peer (P2P) payment platforms such as Zelle, Venmo, Cash
App, and PayPal had become ``payment methods of choice for scammers.''
Unfortunately, the problem has only worsened since then. In 2020, the
FTC received 62,000 complaints where
payment apps were the method of payment, with total reported losses of
$87
million. \3\ By 2022, reported losses from fraud involving payment apps
had grown to $163 million. \4\ We anticipate that when the FTC reports
its 2023 fraud data, this regrettable trend will only continue.
---------------------------------------------------------------------------
\3\ Federal Trade Commission. ``Consumer Sentinel Network Data
Book 2020''. (February 2021) p. 11. Online: https://www.ftc.gov/system/
files/documents/reports/consumer-sentinel-network-databook-2020/
csn_annual_data_book_2020.pdf.
\4\ Federal Trade Commission. ``Consumer Sentinel Data Book
2022''. (February 2023) p. 11. Online: https://www.ftc.gov/system/
files/ftc_gov/pdf/CSN-Data-Book-2022.pdf.
---------------------------------------------------------------------------
The situation is similarly dismal when it comes to fraud involving
one of scammers' other favorite payment methods: gift cards. In 2020,
the FTC received 43,242 complaints where a gift card was the method of
payment, with reported losses of $124 million. \5\ In 2022, complaints
rose to 48,800 with losses nearly doubling to $228 million. \6\ Even
NCL itself was recently targeted by scammers who tried to get our staff
to purchase gift cards by impersonating our CEO. Despite the relative
savvy of our staff, several considered going out and buying gift cards,
scratching off the back and sending the codes as the scammers asked.
---------------------------------------------------------------------------
\5\ Federal Trade Commission. ``Consumer Sentinel Network Data
Book 2020''. (February 2021) p. 11. Online: https://www.ftc.gov/system/
files/documents/reports/consumer-sentinel-network-databook-2020/
csn_annual_data_book_2020.pdf.
\6\ Federal Trade Commission. ``Consumer Sentinel Data Book
2022''. (February 2023) p. 11. Online: https://www.ftc.gov/system/
files/ftc_gov/pdf/CSN-Data-Book-2022.pdf.
---------------------------------------------------------------------------
An explosion in the fraudulent use of cryptocurrency as a payment
method should be of particular concern to the Committee. Since the FTC
first began tracking it as a payment method in 2020, losses involving
cryptocurrency payments have ballooned from $129 million to $1.59
billion in 2022--a tenfold increase in just 2 years. Complaints
received at NCL's Fraud.org website last year were littered with
references to fraudulent cryptocurrency investment schemes, and such
scams were by far the costliest type of fraud for their victims. \7\
Law enforcement agencies-- like the Federal Bureau of Investigation--
have reported similar spikes in cryptocurrency scam losses. \8\
---------------------------------------------------------------------------
\7\ National Consumers League. ``2024 Top Ten Scams Report''.
(Forthcoming, February 2024).
\8\ Lyngaas, Sean, and Rabinowitz, Hannah. ``FBI Says $10 Billion
Lost to Online Fraud in 2022 as Crypto Investment Scams Surged'',
CNN.com. (March 13, 2023) Online: https://www.cnn.com/2023/03/13/
politics/fbi-online-fraud-report/index.html.
---------------------------------------------------------------------------
All consumers, of every age, income, and education level are
vulnerable to falling victim to professional criminal fraudsters.
Unfortunately, fraud is a chronically underreported crime due in part
to the stigma too often directed at fraud victims. \9\ While these
numbers are sobering, they are almost certainly a significant
undercount of the true scope of the fraud.
---------------------------------------------------------------------------
\9\ Ianzito, Christina. ``Let's Stop Blaming Scam Victims, New
AARP Report Says''. AARP. (July 21, 2022) Online: https://www.aarp.org/
money/scams-fraud/info-2022/victim-blaming.html.
---------------------------------------------------------------------------
Consumers Should Not Shoulder the Costs of Financial Fraud Alone
This data makes clear that we are not winning the fight against
fraud. A common thread running through P2P, gift cards, and
cryptocurrency is that once funds are sent, they are available to
scammers on the other end of the transaction nearly instantaneously.
And when a victim discovers the fraud, it is extremely difficult to
recover lost funds. From a scammer's point of view, this is exactly why
payment methods like these are so attractive in the first place.
Through NCL's Fraud.org campaign, we know that consumers are not only
bewildered at becoming a victim of fraud, but also outraged that the
companies to whom they entrusted their money do so little to protect
their customers' interests or help make them whole.
While P2P platforms, banks, and cryptocurrency trading platforms
profit from ever-increasing transaction volumes, they bear little of
the costs of fraud that occur on their systems. Instead, the liability
for fraud falls on those who can least afford to absorb the losses--
individual consumers. The costs of fraud to individual victims can be
life-altering. Nearly every day, NCL's fraud counselors hear stories
from consumers of how scams erased victims' life savings and caused
deep trauma. We clearly need better solutions.
No amount of consumer education, better disclosure, or ``friction''
put into payment flows will solve this problem alone. We believe the
payment platforms where fraud occurs must have a bigger financial
incentive to stop scams before they happen. By spreading risk across
all the participants in this system, the costs can be better absorbed,
resulting in a safer and more secure payments marketplace.
A model for consumer protection for P2P apps and gift cards should
be credit and debit cards. Thanks to the Electronic Funds Transfer Act
(EFTA) and Fair Credit Billing Act (FCBA), consumers typically shoulder
none of the risk when there is unauthorized use on their credit or
debit cards. Instead, fraud risks are shared across issuing and
receiving banks, card networks, and merchants. As a result, card
networks are protected by 24/7 fraud monitoring, with more secure
payment technologies such as chip-and-PIN and tap-to-pay regularly
replacing older, out of date technology.
From a consumer's perspective this works well. Consumers typically
first become aware that fraud has occurred on their credit or debit
cards when they receive communication from their bank letting them know
that their card has been compromised and will need to be replaced.
Unfortunately, because many of the scams involving P2P apps and gift
cards involve consumers being induced into authorizing a transaction,
banks and payment platforms usually refuse to bear liability for this
fraud, resulting in a far less secure payment system. \10\
---------------------------------------------------------------------------
\10\ Mierzwinski, Ed, et al. ``Virtual Wallets, Real Complaints''.
MASSPIRG Education Fund. June 2021. p. 9. Online: https://masspirg.org/
sites/pirg/files/reports/MA_wallets.pdf.
---------------------------------------------------------------------------
Fixing the ``Unauthorized Transactions'' Loophole in EFTA Should Be a
Priority
To meaningfully reduce fraud on P2P apps and gift cards, a
multifaceted approach will be required, including better information-
sharing among stakeholders in the payments ecosystem and more fraud-
fighting resources and authorities for law enforcement agencies.
Congress can and should play a leading role in this effort by
strengthening EFTA so that it protects consumers who are victims of
induced fraud. Already, pressure from Congress has led Zelle to take
some initial steps to protect victims of impersonation scams. \11\
However, voluntary actions by one actor in the payments ecosystem is no
substitute for robust safeguards that protect consumers no matter what
payment technology they use. Congressional action is urgently needed to
address the rising costs of fraud to consumers.
---------------------------------------------------------------------------
\11\ Lang, Hannah. ``Payments App Zelle Begins Refunds for
Imposter Scams After Washington Pressure'', Reuters. (November 13,
2023) Online: https://www.reuters.com/technology/cybersecurity/
payments-app-zelle-begins-refunds-imposter-scams-after-washington-
pressure-2023-11-13/.
---------------------------------------------------------------------------
NCL supports the legislative policy proposals that the National
Consumer Law Center included in their written testimony for this
hearing. We urge Congress to give special priority to passing
legislation, such as the Protecting Consumers From Payment Scams Act,
\12\ to expand the definition of ``unauthorized electronic fund
transfer'' in the Electronic Funds Transfer Act to cover fraudulently
induced payments. This simple fix would address fraudulently induced
payments on all payment platforms covered by EFTA, including P2P apps
and gift cards. Recently enacted rules in the United Kingdom require
banks to reimburse victims of fraud in the inducement, with issuing and
receiving banks sharing liability for making victims whole. \13\ The
U.K.'s rules should serve as a model for U.S. law in this area.
---------------------------------------------------------------------------
\12\ Online: https://democrats-financialservices.house.gov/
UploadedFiles/BILLS-117pih-Protect
ingConsumersFromPaym-U1.pdf.
\13\ Payment Systems Regulator (U.K.). ``PSR Confirms New
Requirements for APP Fraud Reimbursement''. Press release. (July 6,
2023) Online: https://www.psr.org.uk/news-and-updates/latest-news/news/
psr-confirms-new-requirements-for-app-fraud-reimbursement/.
---------------------------------------------------------------------------
The Explosion in Cryptocurrency-Related Scams Must Be Addressed
Cryptocurrency will soon become, and by some estimates already is,
the payment method of choice for criminal scammers. Driven by the mania
for Bitcoin and other cryptocurrencies, as many as 34,000
cryptocurrency kiosks (also known at ``BTMs'') have been placed in
convenience stores, malls, smoke shops, laundromats, and grocery stores
around the country. \14\
---------------------------------------------------------------------------
\14\ Oguz, Kaan. ``Why Bitcoin ATMs Are Taking Over Malls and Gas
Stations Across the U.S.'' CNBC.com. (November 7, 2023) Online: https:/
/www.cnbc.com/video/2023/11/07/why-bitcoin-atms-aretaking-over-malls-
and-gas-stations-across-the-us.html.
---------------------------------------------------------------------------
The proliferation of the kiosks in relatively insecure retail
locations has made them a favorite tool of scammers. \15\ At Fraud.org
we often see complaints where scammers direct victims to their closest
convenience store to deposit cash into the criminals' cryptocurrency
wallets. Kiosk operators, one of whom was reportedly making a 20
percent commission on every transaction, \16\ lack sufficient
incentives to crack down on these scams.
---------------------------------------------------------------------------
\15\ Duncan, Jericka, et al. ``Unregulated Crypto ATMs Give
Criminals a Loophole To Prey on Unsuspecting Victims'', CBS News.
(March 22, 2023) Online: https://www.cbsnews.com/news/crypto-atm-scams-
unregulated-machines/.
\16\ Anderson, Zach. ``Bitcoin of America Indicted for Operating
Unlicensed Kiosks'', Blockchain News. (March 7, 2023) Online: https://
blockchain.news/news/bitcoin-of-america-indicted-for-operating-
unlicensed-kiosks.
---------------------------------------------------------------------------
More must be done to protect consumers from scammers using BTMs.
Simply relying on better disclosures or undertrained retail employees
will not meaningfully reduce fraud rates. Congress must act. To this
end, NCL supports policies that:
Require cryptocurrency kiosk operators to provide
regulators the physical addresses of any crypto BTM's they
operate;
Require cryptocurrency kiosk operators to abide by
longstanding anti-money laundering and know-your-customer
requirements, including ID verification for parties involved in
a transaction;
Require businesses that host cryptocurrency kiosks to
provide training to their employees on how to spot and
intervene in likely fraud involving crypto ATMs; and
Require businesses that host cryptocurrency kiosks to
prominently display warnings about the risks associated with
depositing cash into crypto ATMs, especially when the funds
will go to digital wallets the consumer does not own.
Senator Warren's Digital Asset Anti-Money Laundering Act of 2023
includes many of these protections and would do much to begin cracking
down on the use of cryptocurrency as a payment method for fraudsters.
\17\ Her bill has NCL's full support and we urge the Committee to
approve it.
---------------------------------------------------------------------------
\17\ Senator Elizabeth Warren. ``Warren Expands Coalition of
Banking Committee Support for Bill Cracking Down on Crypto's Use in
Money Laundering, Drug Trafficking, Sanctions Evasion''. Press release.
(December 11, 2023) Online: https://www.warren.senate.gov/newsroom/
press-releases/warren-expands-coalition-of-banking-committee-support-
for-bill-cracking-down-on-cryptos-use-in-money-laundering-drug-
trafficking-sanctions-evasion.
---------------------------------------------------------------------------
Conclusion
Chairman Brown, Ranking Member Scott, and the Members of the
Committee, we thank you for your continuing work to protect consumers
and for holding this hearing. On behalf of the National Consumers
League, thank you for including the consumer perspective as you
consider these important issues.
RESPONSE TO WRITTEN QUESTION OF SENATOR BUTLER
FROM CARLA SANCHEZ-ADAMS
Q.1. Ann Booras, a teacher from East Bay had $20,000 snatched
from her by a scammer who called her, pretending to be from her
bank, Wells Fargo, and claimed to be investigating fraud. She
was asked to wire $20,000 and $5,000 from her account; the wire
for transfer for $5,000 was recovered but the larger sum was
not. Sadly, Ann's story of wiring her hard-earned money to
criminals is not an isolated one. When she received the scam
call, her caller ID even said Wells Fargo bank. Ann realized
what had happened and contacted Wells Fargo, her request for
reimbursement was denied on the grounds that she had authorized
the transaction.
Ms. Sanchez-Adams, what can be done to help steer financial
institutions to refund unauthorized transactions and ensure
that funds are returned to customers in a timelier manner?
A.1. The transactions described in this story are examples of
fraudulently induced transfers through bank-to-bank wire
transfer. I have heard of so many stories with the same type of
fraudulently induced transfers, often referred to by the
payment industry as ``imposter'' scams, where a fraudster poses
as a customer's own bank and even spoofs the bank's own phone
number to deceive and manipulate a consumer into initiating a
transfer. Because the consumer initiates the transaction, it is
considered to be ``authorized'' by the consumer, even though
the consumer only initiated the transfer based on the deception
and manipulation of the fraudster. Currently, there are no
clear protections for fraudulently induced transfers under
Federal law.
Even if the transfer had been unauthorized, where the
consumer did not know of the transaction and did not initiate
it, bank-to-bank wire transfers also have very little
protection under the law. Instead of the clear consumer
protections provided by the Electronic Funds Transfer Act
(EFTA), which was designed to protect consumers with clear
rights and procedures, bank-to-bank wire transfers are covered
under State law, more specifically a State's adopted version of
Uniform Commercial Code Article 4A (UCC Article 4A). The UCC
was not designed as a consumer protection statute and was
instead designed to govern commercial-to-commercial
transactions. UCC Article 4A offers very weak or no protection
for consumers who have suffered harm due to bank-to-bank wire
transfer fraud. In essence, the consumer is deemed to have
authorized a wire transfer if the bank utilized a commercially
reasonable security procedure that the bank and the consumer
agreed to beforehand and if the bank acted in good faith. Yet
consumers have no understanding of or control over those
security procedures and no choice but to click ``I agree'' to
the fine print of an agreement.
For example, the New York Attorney General recently filed a
lawsuit against Citibank alleging it failed to protect and
reimburse victims of electronic fraud when it used ``poor
security and anti-fraud protocols'' that consumers had not
negotiated with Citibank. \1\ According to the lawsuit,
Citibank connected wire transfer services to consumers' online
and mobile banking apps in recent years--allowing direct
electronic access to the wire transfer networks--but employed
lax security protocols and procedures; had ineffective
monitoring systems; failed to respond in real-time; and failed
to properly investigate fraud claims. \2\ As a result, New
Yorkers lost millions of dollars in life savings, their
children's college funds, and even money needed to support
their day-to-day lives.
---------------------------------------------------------------------------
\1\ New York State Attorney General, Press Release, ``Attorney
General James Sues Citibank for Failing To Protect and Reimburse
Victims of Electronic Fraud'' (Jan. 30, 2024), available at https://
ag.ny.gov/press-release/2024/attorney-general-james-sues-citibank-
failing-protect-and-re
imburse-victims.
\2\ See Complaint, People of the State of New York v. Citibank,
No. 1:24-cv-00659 (S.D.N.Y. filed Jan. 30, 2024), available at https://
ag.ny.gov/sites/default/files/2024-01/citi-complaint.pdf. The New York
AG also alleges that the unauthorized wire transfers that occurred by
electronic requests initiated by scammers via online banking or mobile
app are covered by the EFTA. They are electronic instructions that do
not come from the actual consumers who are Citi account holders and
under the EFTA are unauthorized.
---------------------------------------------------------------------------
I have also heard numerous other reports of banks failing
to reimburse unauthorized wire transfers even if the consumer
did not agree to any commercially reasonable security
procedure. Consumers do not have the resources to fight the
bank in court or arbitration to enforce their right to a
reimbursement when this occurs.
UCC Article 4A does not provide a consumer with any
remedies besides reimbursement of (and possibly interest on)
the unauthorized wire amount, and the consumer's attorney is
not entitled to recover attorneys' fees from the bank. As a
practical matter, it means that a consumer would have to pay
out of pocket to fight in court or in arbitration just to get
their money back, while a financial institution with deep
pockets can afford to fight a claim. As a result, in most cases
financial institutions will reject a consumer's unauthorized
wire transfer claim because the consumer cannot afford to fight
the decision.
With respect to fraudulently induced wire transfers like
those in the story you shared above, the UCC provides no
remedy.
You asked me what could be done to help steer financial
institutions to refund unauthorized transactions and ensure
that funds are returned to customers in a timelier manner. If
the definition of unauthorized use in the EFTA was amended to
include fraudulently induced transfers and if the EFTA was
amended to include bank-to-bank wire transfers, then consumers
like Ms. Booras would be entitled to timely refunds of
unauthorized transactions.
Congress can and should amend the EFTA to address the
problems of unauthorized consumer bank-to-bank wire transfers
as well as fraudulently induced consumer bank-to-bank wire
transfers by:
Eliminating the exemption for bank wire transfers,
bringing those transfers within the EFTA and its
protections against unauthorized transfers and errors;
Protecting consumers from liability when they are
defrauded into initiating a transfer; and
Allowing the consumer's financial institution,
after crediting the consumer for a fraudulent transfer,
to be reimbursed by the financial institution that
allowed the scammer to receive the fraudulent payment.
The consumer bank-to-bank wire transfer loophole and
inclusion of fraudulently induced transfers could also be
addressed by rulemaking or guidance from the CFPB, though
Congressional action would be faster and less subject to
challenge.
------
RESPONSE TO WRITTEN QUESTION OF SENATOR BRITT
FROM PAUL BENDA
Q.1. As part of the bipartisan Taxpayer First Act of 2019,
Congress required the Internal Revenue Service (IRS) to
implement updates to modernize its Income Verification Express
Service (IVES). The IVES system permits financial services
providers to submit Form 4506-C to verify a credit applicant's
income, helping to prevent fraud and ensure accurate
underwriting.
On January 2, 2024, the IRS issued a notice that it intends
to limit the use of the entire IVES system to only mortgage
loan
applications. Given that the IVES has been a useful tool in
combating fraud, including in helping to identify whether a
credit card applicant is a legitimate person, it seems short-
sighted to restrict access to this tool for financial
institutions working to combat fraud. The IRS was directed by
Congress to modernize the system so that it would no longer be
fax machine-based and instead could be accessed electronically.
However, the IRS decided to also limit access to this useful
system. This is counterintuitive, financial systems should have
every possible tool at their disposal to fight fraud.
Could you share your thoughts on this decision by the IRS
to limit financial services providers' access to a useful and
effective fraud prevention tool?
A.1. ABA appreciates your attention to this important matter.
The use of tax transcripts as a mechanism to obtain income and
asset information from consumers is crucial to bank efforts on
multiple fronts, including accurate income verification, fraud
detection and continued efforts to propel real-time application
innovation programs that benefit consumers and are desired by
the industry.
The Income Verification Express Service (IVES) program
provides financial institutions direct access to tax
transcripts and is currently used by consumer and commercial
lenders and Government agencies such as the Small Business
Administration (SBA) to confirm the income of a borrower during
the processing of a loan application. Lenders request tax
transcripts from borrowers for various reasons:
Income Verification: Tax transcripts provide an
official record of the borrower's income, helping
lenders verify the accuracy of income stated on loan
applications.
Accuracy and Consistency: Comparing loan
application data with tax transcripts ensures income
consistency and accuracy.
Fraud Prevention: Tax transcripts aid in detecting
and preventing income fraud by confirming reported
income matches IRS records.
Regulatory Compliance: Obtaining tax transcripts
may be mandated by regulatory authorities to ensure
compliance with lending regulations and guidelines.
Risk Assessment: Reviewing tax transcripts helps
assess a borrower's financial stability and ability to
repay loans, indicating consistent income over time.
A most important benefit of the IVES program is that it
guarantees direct access to a primary source document--the tax
transcript--and such access is crucial in validating the
legitimacy of information received. For instance, IVES will be
used to verify a consumer's W2 form electronically when making
a loan, allowing the bank to verify a consumers self-reported
income. Using primary sources such as IVES serves as a highly
effective disincentive to fraudulent behavior because: (a)
applicants cannot access documents that can be potentially
altered, and (b) bank staff are able to immediately review and
recognize inconsistencies in documents that are standardized
and therefore easily reviewed for inconsistencies or defects.
Our bank operations professionals stress that the absence of
current abilities to verify tax returns in commercial and
residential lending originations would affirmatively invite
illicit actors to commit financial crimes--in short, if
potential fraudsters know that application submissions cannot
be verified with primary sources, it will trigger new avenues
for illicit schemes.
The most important types of information that would be
denied to financial institutions if IRS were to limit financial
services providers' access to IVES include the following:
Gross Income: The total income reported by the
taxpayer, including wages, salaries, tips, and other
sources of income. This information is crucial for
income verification and assessing the borrower's
ability to repay the loan.
Adjusted Gross Income (AGI): AGI represents gross
income minus specific deductions, providing a more
accurate reflection of the borrower's financial
situation. Lenders often use AGI for income
verification and regulatory compliance purposes.
Taxable Income: Taxable income is the amount of
income subject to taxation after deductions and
exemptions. It helps lenders assess the borrower's
financial stability and repayment capacity.
Tax Filing Status: The taxpayer's filing status
(e.g., single, married filing jointly, married filing
separately) provides context for interpreting income
information and ensures regulatory compliance.
Tax Year: The tax year for which the transcript is
issued is essential for lenders to match the income
information with the borrower's application timeline
and verify recent financial status.
These are key pieces of information that enable lenders to
conduct essential income verification, fraud prevention, and
regulatory compliance checks while still maintaining the
integrity of the lending process.
------
RESPONSE TO WRITTEN QUESTION OF SENATOR BUTLER
FROM JOHN BREYAULT
Q.1. Ann Booras, a teacher from East Bay had $20,000 snatched
from her by a scammer who called her, pretending to be from her
bank, Wells Fargo, and claimed to be investigating fraud. She
was asked to wire $20,000 and $5,000 from her account; the wire
for transfer for $5,000 was recovered but the larger sum was
not. Sadly, Ann's story of wiring her hard-earned money to
criminals is not an isolated one. When she received the scam
call, her caller ID even said Wells Fargo bank. Ann realized
what had happened and contacted Wells Fargo, her request for
reimbursement was denied on the grounds that she had authorized
the transaction.
Mr. Breyault, as scammers use technology to fool consumers,
what are financial institutions doing to inform their customers
about these scams?
A.1. Financial institutions typically do try to put in place
procedures and educational materials to mitigate these scams.
For
example, the American Bankers Association has their
#BanksNeverAskThat campaign. \1\ Many banks also train their
tellers to spot potential red flags for fraud and put warnings
on their websites, materials, and payment apps. However, at the
National Consumers League we have limited insight into the full
extent of measures banks may take to inform their customers
about scams.
---------------------------------------------------------------------------
\1\ American Bankers Association. ``ABA and America's Banks Launch
4th Annual #BanksNeverAskThat Consumer Awareness Campaign'', Press
release. (October 2, 2023) Online: https://www.aba.com/about-us/press-
room/press-releases/banksneveraskthat-2023-launch.
---------------------------------------------------------------------------
Consumer education alone will not make a meaningful impact
in preventing the tens of billions of dollars lost to fraud
each year. We have found that scammers quickly recognize and
adapt to the warnings that banks put in place. Many victims
report that the criminals coached them through the process,
guiding them to ignore and bypass the banks' advisories. Any
strategy to eliminate fraud will be ineffective if it relies on
educational programming while failing to establish incentives
for financial institutions to implement greater antifraud
measures. We must stop scams before they can be executed in the
first place. Banks are the parties in the financial system best
positioned to accomplish this.
Additional Material Supplied for the Record
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]