Jenny Racioppi was at a family gathering at her North Reading, Massachusetts, home last November when she received a call from Bank of America, informing her of some suspicious activity on her account. That's when Racioppi noticed a series of alarming emails in her inbox.
First, an alert from Bank of America, notifying her of a password change to her online account. Then, another message from the bank, informing her that she had added someone named "Christian Williams" as a Zelle recipient. And within minutes, another email confirming the Zelle transfer of $1,500 from her checking account.
"I was panicked and scared," Racioppi recalled. "I didn't know how someone got into my account or how the bank could let someone take money out of my account."
Until that incident, Racioppi had never used or even heard of Zelle, the rapidly-growing payment platform that allows bank customers to instantly send money to acquaintances.
Advertisements pitch Zelle as an easy way to split the check at a restaurant or pay for things with the touch of a button on a mobile phone when the wallet is not nearby.
Launched to compete with the likes of PayPal, Apple Pay or Venmo, the person-to-person platform is promoted by dozens of the country's biggest banks.
In one ad, the characters rap, "You can send money safely, 'cause that's what it's for. And it's backed by the banks, so you know it's secure."
However, Racioppi's introduction to Zelle provided anything but a sense of security. After graduating from nursing school, she had just landed a job at Winchester Hospital, following the same career path as her mom.
The fraudulent transfer pilfered her account shortly after receiving her first paycheck as a nurse.
"I watched her work so hard to get that job and her first paycheck was stolen. It's just horrible," said her mom, Jami Racioppi. "It's so obvious she was hacked."
But Bank of America's fraud department did not seem to agree. After initially denying a refund, the Racioppi's gathered more documentation to support their case.
Once again, a letter from Bank of America denied their claim.
"Our investigation found that you gave your Online ID or Passcode to a person or entity," the denial letter read. "Under this circumstance, you authorized that person or entity to perform a transaction on your behalf."
The decision stunned the North Reading mother and daughter, who then reached out to the NBC10 Boston Investigators for help.
"I don't understand how criminals can get access into people’s private lives, then you can be stolen from, and you’re blamed for it!" Jami Racioppi said about her daughter's situation.
The refusal of a refund surprised cybersecurity expert Steve Weisman, who said the case seemed like a clear-cut case of fraud. Weisman explained that hackers likely gained access to Racioppi's bank account through online phishing efforts.
Once in control of the account, the cyber thieves take advantage of what Zelle promote: a rapid transfer of funds.
"What they sell is instantaneous. We'll get that money in and out. In this case, it went to one of the bad guys," he explained.
Weisman said it's a perfect illustration why apps like Zelle and Venmo should only be used for friends and family. If something goes wrong, and a consumer authorized the transaction, the money is likely gone.
"You don’t want to use these peer-to-peer payments for commercial transactions," Weisman said. "You're not getting the same protection as you would with a credit card."
Case in point: a Cambridge consumer who reported his experience to the Massachusetts Attorney General's Office.
According to the complaint obtained by NBC10 Boston, the man used Zelle to pay for Boston Celtics playoffs tickets last May.
However, it turned out to be a scam and the tickets never arrived. Because he authorized the checking account transfer, instead of using a credit card, the consumer did not recover the money.
In a recent blog post about best practices, Zelle warns consumers to only use the service with people they know and trust. After a slew of criticism about its security last year, the e-payment platform also told NBC10 Boston it has added additional safeguards to help ensure money gets to its intended recipients.
In Racioppi's case, Zelle was the vehicle used to steal money after her banking account was hacked.
In a statement, Early Warning Services, the network operator behind Zelle, told NBC10 Boston:
"When fraudsters, unfortunately, gain access to a user's online banking account, they may be able to leverage Zelle to transfer money out of the account. In the event unauthorized transaction activity is facilitated through Zelle, we have processes to help consumers resolve the issue with their banks."
After NBC10 Boston contacted Bank of America about Jenny's fraudulent transfer, the banking giant finally agreed to refund the $1,500.
"We apologize for the delay in resolving this claim as internet fraud can be complicated to uncover and these cases require additional investigation before fraud can be confirmed," a Bank of America statement said.
The bank also provided these tips and resources about how to keep account information private and secure.
Racioppi is relieved the $1,500 is back in her checking account but admitted the experience has left her wary of the technology.
"I work so hard for my money and it's crazy that someone can just take it away in one second," she expressed. "This entire thing was so frustrating, stressful and unfair."