Warren: Comerica fraud shows need for security fix in prepaid program

Sen. Elizabeth Warren, D-Mass., wants the Treasury Department to enhance fraud protection in the Direct Express prepaid program — now a partnership between the Texas-based Comerica Bank and the U.S. government — when the program's contract is rebid in 2020.

In a letter to be sent Thursday to Treasury Secretary Steven Mnuchin, Warren said hundreds of federal benefits recipients were victims of fraud in the program administered by Comerica. Direct Express allows users without bank accounts to access their funds through prepaid cards.

“The fraud detection and reimbursement process in the Direct Express program need to be examined with close scrutiny,” Warren wrote in the letter, a draft copy of which was obtained by American Banker.

Sen. Elizabeth Warren, D-Mass.
Senator Elizabeth Warren, a Democrat from Massachusetts, greets attendees during an organizing event in Des Moines, Iowa, U.S., on Saturday, Jan. 5, 2019. Warren took a major step last week toward an all-but-certain 2020 White House run, seeking to become the Democratic nominee to challenge President Donald Trump on a message of economic equality and fighting corruption. Photographer: Daniel Acker/Bloomberg
Daniel Acker/Bloomberg

American Banker first reported in August that Comerica had shut down its Cardless Benefit Access feature after fraudsters drained accounts belonging to retirees who receive Social Security benefits and veterans who rely on disability payments. The cardless feature had allowed Direct Express users to withdraw their funds if they lost their card or were away from their home state.

Comerica’s Direct Express program disperses roughly $3 billion in Social Security and disability payments to 4.5 million Americans who do not have bank accounts but who receive federal benefit payments electronically on prepaid debit cards.

Cardholders have alleged that Direct Express routinely refused to reimburse them after money was stolen from their prepaid debit card accounts. Federal regulations require that consumers be given provisional credit if they file a complaint and have the prepaid card in their possession.

In all, Comerica identified 480 cases of fraud and roughly $460,000 in money stolen from beneficiaries over a one-year period beginning in August 2017, when the Cardless Benefit feature was first introduced, Warren wrote.

Though Comerica has oversight of the Direct Express program through a contract with the Bureau of Fiscal Service, an arm of the Treasury Department, the bank outsources the main call center function to Conduent, a publicly-traded conglomerate in Florham Park, N.J.

Warren's six-page letter also was sent to Commissioner Kim McCoy of the Bureau of Fiscal Service.

The senator wrote that despite Comerica's claims that all the fraud victims have been made whole, the complaints by consumers about how the bank handled their account inquiries should get scrutinized.

"Comerica maintains that all 480 cardholders affected by the fraud schemes have received full reimbursement, but claims from my constituents and victims continue to raise questions," she wrote. "Victims maintain that Direct Express never contacted them about the fraud, there are hundreds of complaints on the Consumer Financial Protection Bureau’s Complaint Database and the Better Business Bureau’s website alleging unprofessional customer service and difficulties in the fraud reporting and reimbursement process."

In November, the Bureau of Fiscal Service said that it was rebidding the Direct Express contract. The contract was first awarded to Comerica in 2008, and was renewed in 2014 despite some criticism over how the program was being run.

Warren had previously pressed Comerica CEO Ralph W. Babb Jr. in October to respond to complaints from consumers over how the bank handled fraud complaints.

Comerica had claimed that accounts were not compromised through a cybersecurity breach of the bank, but rather that beneficiaries likely had their private identifiable information stolen from third parties, according to briefings Warren received from Comerica and Treasury’s OIG.

“Comerica was not the victim of a cybersecurity breach,” Warren wrote.

A spokesperson for Comerica was not immediately available for comment.

Comerica created the Cardless Benefit Access feature, originally called “Emergency Cash,” to help cardholders who had left their cards behind in the aftermath of Hurricanes Harvey and Maria request and transfer money to a MoneyGram location.

“The systems set up to prevent fraud under the Cardless Benefit Access program were not robust enough to prevent fraud when criminals obtained [private identifiable information] from other sources," Warren wrote. "While no program is entirely fraud-proof, it is possible that a better designed program could, and would in the future, reduce the risks of this type of fraud.”

Warren also wrote that officials with the Social Security Administration and Veterans Administration as well as the public were not adequately informed of the fraud. She asked Mnuchin to ensure that officials at the Social Security Administration and the Department of Veterans Affairs are notified promptly of any fraud affecting the program.

Warren also asked Treasury to guarantee that fraud issues “are resolved quickly with no cost of loss of benefits for program beneficiaries.”

Warren, who has formed a presidential exploratory committee, has vowed to shine a spotlight on banking issues including data breaches while casting herself as an advocate of the working class.

“The Direct Express program was designed for individuals who don’t have bank accounts, and for many of these Americans their federal benefits are their sole source of income that keep a roof over their head, pay for life-saving medications, and put food on the table,” Warren wrote.

For reprint and licensing requests for this article, click here.
Card fraud Payment fraud Fraud detection Digital payments Prepaid cards Elizabeth Warren Treasury Department Comerica Bank
MORE FROM AMERICAN BANKER