Posted: December 02, 2024 | Updated: January 10, 2026 at 9:32 PM
In late 2024, the CFPB finalized a rule to extend federal supervision to popular digital payment platforms. The Consumer Financial Protection Bureau (CFPB) has escalated its oversight of digital payment services, implementing a new rule that brings Big Tech payment platforms under stricter federal supervision. This move, finalized in November 2024, targets widely-used services such as PayPal, Apple Pay, Google Pay, Venmo, Cash App, and others that handle over 50 million transactions per year.
By treating these nonbank payment providers more like traditional banks, the CFPB aims to protect consumer data, reduce fraud, and prevent unfair account freezes in an industry that now processes over 13 billion transactions annually. Digital wallets and peer-to-peer (P2P) payment apps have evolved from novelties into everyday financial tools, even rivaling credit and debit cards for daily transactions. With an estimated three-quarters of U.S. adults using P2P apps – especially among younger and lower-income consumers – regulators are responding to the growing importance of these platforms in Americans’ financial lives.
In late 2024, the CFPB finalized a landmark rule expanding its supervisory authority to cover large digital payment app providers. Effective January 9, 2025, the rule defines “larger participants” in a new market category of “general-use digital consumer payment applications.” In practical terms, this means any nonbank company facilitating at least 50 million consumer payment transactions per year now falls under CFPB supervision.
The Bureau estimated this threshold captures the seven largest providers, including Google Pay, Apple Pay, Samsung Pay, PayPal (and its P2P service Venmo), Block’s Cash App, and Meta’s Facebook Pay, collectively accounting for about 98% of the nonbank payments market. Notably, the CFPB raised the threshold from an initially proposed 5 million transactions – thereby excluding smaller fintechs and cryptocurrency wallets – and limited the scope to payments in U.S. dollars (explicitly omitting crypto transactions).
Under this rule, the CFPB can now conduct examinations and oversight of these tech companies’ payment operations similar to how it oversees large banks. Examiners will review compliance with consumer financial laws – such as the Electronic Fund Transfer Act (Regulation E) and Gramm-Leach-Bliley Act privacy rules – ensuring that payment apps adhere to protections against fraud, unauthorized transfers, data misuse, and unfair or deceptive practices. According to CFPB Director Rohit Chopra, digital payments have shifted from being a mere curiosity to an everyday essential—and regulatory scrutiny needs to keep pace with that change. It emphasizes that big tech firms handling billions in transactions should be held to the same standards as banks and credit unions.
The Bureau stressed that supervision would help guard consumer privacy, prevent fraud, and stop illegal ‘de-banking’ – the abrupt closure of accounts without explanation. Regulators and consumer advocates argue this closing of the oversight gap is long overdue. Payment apps rapidly gained popularity, a trend accelerated by the pandemic – by 2022 about 76% of Americans had used a major mobile payment app, and some surveys put digital payment usage as high as 90% of consumers.
These services collectively now process hundreds of billions – even trillions – of dollars annually. For example, Zelle (the bank-operated P2P network) alone reported handling 3.6 billion transactions worth over $1 trillion in 2024, a 25% jump in volume from the prior year. Rival services like Venmo processed $275 billion in 2023, and overall transaction volume across nonbank payment apps neared $893 billion in 2022, a figure projected to reach $1.6 trillion by 2027. With so much money flowing outside of traditional banking rails, concerns mounted about consumer protections on these platforms. Key issues include fraud and scams (losses to P2P payment scams surged 62% from 2021 to 2023, according to Consumer Reports), data privacy, and potential regulatory arbitrage by tech firms offering quasi-banking services without bank-like oversight. Supporters of the CFPB’s action say it fills a regulatory vacuum. Unlike banks, fintech payment providers until now faced no routine federal supervision of their consumer protection practices.
Banks and credit unions already undergo CFPB exams for their payment services, so bringing big tech under supervision “levels the playing field”, as traditional financial institutions had long urged. Consumer advocates likewise hailed the rule as closing a loophole: it ensures popular payment apps can be held accountable for issues like mishandling fraud claims or misusing personal data. “It closes a loophole that permits non-bank payment app companies to operate without supervisory reviews,” noted Consumer Reports in praising the move.
Without such oversight, users complaining about problems might be “left with little recourse beyond asking a chatbot for help,” warned the Consumer Federation of America, which stresses that supervision is essential to protect consumers in the Wild West of fintech.
When the rule took effect in early January 2025, the CFPB gained the authority to begin examining the targeted companies. In practice, this meant those firms would need to bolster compliance programs and prepare for CFPB audits. Legal advisors noted that providers designated as “larger participants” should enhance their compliance management systems and be ready to demonstrate robust policies and procedures during CFPB exams.
The Bureau signaled it would be scrutinizing areas such as how these apps handle fraud reports, protect users’ data, and decide to freeze or close accounts. Notably, CFPB examiners could potentially look beyond just the payment app itself – if a company also offers related financial products (like credit cards, buy-now-pay-later loans, or crypto features linked to the app), those could come under review as well.
This comprehensive oversight approach put Big Tech firms on notice to tighten up controls across their fintech offerings. Even before any routine examinations began, the CFPB wasted no time in flexing its enforcement muscle on issues the rule was designed to address. In January 2025, the Bureau took action against Block, Inc., the operator of Cash App, for mishandling fraud disputes on its platform. The CFPB announced a consent order on January 16, 2025, requiring the Cash App operator to pay up to $175 million in restitution and penalties.
According to the CFPB’s findings, the company had systematically failed to adequately investigate and resolve consumer fraud claims – for years it lacked sufficient live customer support, had weak fraud detection procedures, and often misdirected scam victims by telling them to seek chargebacks from their banks instead of investigating complaints itself.
These practices violated Regulation E’s error resolution requirements, with the CFPB citing multiple breaches: not timely investigating fraud reports, not providing provisional credits during investigations, and not explaining denial decisions to customers. Under the settlement, Block’s Cash App must implement 24/7 live customer service, improve fraud monitoring, refund at least $75 million to defrauded users, and pay a $55 million civil penalty.
This enforcement action – one of the largest of its kind – underscores the CFPB’s resolve to crack down on fraud and customer service failures in peer-to-peer payment platforms. It also reinforces why the new supervisory rule matters: had the rule been in place earlier, regulators might have spotted Cash App’s issues sooner through exams rather than relying on after-the-fact enforcement. CFPB officials have emphasized protecting consumers from P2P fraud as a top priority, noting that consumers reported losing over $210 million to scams via payment apps in 2023 (median loss of $500).
Through supervision, the Bureau intends to ensure companies are proactively preventing fraud and treating victimized customers fairly – for example, by not unfairly blaming customers or denying relief when scams occur.
If the rule survives, we can expect the CFPB to conduct regular examinations of the likes of PayPal, Apple, Google, and others, and to demand corrective action where it finds legal violations. That said, the implementation of the rule hit a sudden pause in early 2025 due to shifting political winds. Following a change in administration in January, new CFPB leadership temporarily hit the brakes on enforcing the new oversight authority. In a March 2025 court filing, the Bureau told a federal judge it “doesn’t intend to use its new supervisory authority” under the rule for at least 60 days while the agency’s new leaders review the policy.
This came as the CFPB requested more time to respond to an industry lawsuit (filed in January – detailed below), noting that fresh leadership needed to reconsider various late-stage regulatory actions.
Effectively, the CFPB put examinations on hold through spring 2025 as it re-evaluated the rule amid the legal and political challenges. This creates some uncertainty – depending on the outcome of those challenges, the CFPB’s ambitious oversight program for payment apps may either ramp up later in 2025 or never fully materialize.
Apple Pay advertisement – Tech companies argue that services like Apple Pay simply transmit payment credentials and should not be regulated like banks. The CFPB disagrees, citing the need for accountability as these wallets become ubiquitous. The CFPB’s bid to regulate Big Tech payment platforms provoked an immediate backlash from the tech industry and its allies, setting the stage for a fight on multiple fronts. Less than two months after the rule was finalized, a coalition of technology companies led by trade groups TechNet and NetChoice filed a lawsuit on January 16, 2025, to block the rule.
These two industry associations – whose members include giants like Apple, Google, Meta, PayPal, and others – argue that the CFPB overstepped its authority and acted arbitrarily in imposing bank-like regulation on digital wallets. The complaint asserts that digital wallet apps (like Apple Pay or Google Pay) merely pass along a user’s credit or debit card details to facilitate a purchase, rather than directly handling the payment themselves.
Therefore, the plaintiffs claim, “it isn’t Google Pay or Apple Pay making the payment,” – and lumping these services together with full-fledged payment processors is an “unlawful power grab” outside the CFPB’s remit.
By grouping different models of payments (from stored-balance apps like Cash App and Venmo to credential-pass-through wallets like Apple Pay) under one umbrella, the suit alleges the Bureau is “regulating outside the bounds of the law.” Industry representatives did not mince words. Chris Marchese, litigation director at NetChoice, called the rule “an unlawful power grab that could stifle innovation, reduce competition, and raise prices.” Carl Holshouser, Executive VP at TechNet, similarly criticized the CFPB for overreaching and trying to turn itself into a “general technology regulator instead of a financial one,” arguing the rule doesn’t demonstrably benefit consumers.
The lawsuit (TechNet et al. v. CFPB) seeks to have the rule vacated as a violation of the Administrative Procedure Act, claiming the Bureau failed to show sufficient evidence of consumer harm to justify the new supervision. Tech firms also worry the CFPB’s broad definition could let examiners probe “all aspects of their business,” possibly even beyond payments into areas like e-commerce or taxes, which they say goes beyond the CFPB’s mission. Spokespeople for Apple and Google declined to comment publicly on the litigation, but the legal action speaks to Big Tech’s strong interest in stopping the rule. On the other hand, consumer advocates have blasted the lawsuit as a thinly veiled attempt to evade accountability through semantics, noting that regardless of technical mechanisms, these companies interface with consumers’ money and data and thus bear responsibility for keeping those safe.
At the same time, opponents of the CFPB’s rule launched a parallel effort in Congress to nullify the regulation. In February 2025, Republican lawmakers introduced resolutions in the House and Senate under the Congressional Review Act (CRA) – a fast-track process to overturn recent federal regulations. Senator Pete Ricketts and Representative Mike Flood of Nebraska sponsored the measures (S.J.Res. 28 and H.J.Res. 64) specifically aimed at rescinding the CFPB’s “Larger Participant” rule on digital payment apps.
These resolutions quickly gained traction in the new Congress. On March 5, 2025, the Senate voted 51-47 to disapprove the CFPB rule, with all Democrats (and one Republican, Sen. Josh Hawley) voting against the repeal. The following month, on April 10, 2025, the House of Representatives approved the companion resolution on a near party-line 219-211 vote (all Democrats opposed).
This legislative push was backed by the same industry groups suing in court – TechNet and NetChoice lauded the Senate and House votes, suggesting that a successful CRA override would render their lawsuit moot.
“Today’s vote is a win for consumers, small businesses, and the future of financial innovation,” declared Penny Lee, CEO of the Financial Technology Association (another fintech lobby group), celebrating Congress’ rejection of an “overreaching and duplicative” rule. NetChoice’s Chris Marchese applauded lawmakers “for sticking up for American innovators over power-hungry Biden bureaucrats.”
On the flip side, consumer advocates and some policymakers decried the rollback effort. Just before the Senate vote, Consumer Reports warned that voiding the rule would “create a blind spot” in oversight, leaving users of payment apps with scant recourse when things go wrong.
After the House vote, the Consumer Federation of America lamented that Congress was “cementing a regulatory blind spot” for Big Tech payment apps, effectively ensuring that “no one is watching when they move fast and break things.” Despite these warnings, the momentum in Congress signaled that the rule was in serious jeopardy. Under the CRA process, once both chambers pass a disapproval resolution, all that remains is the President’s signature to officially repeal the rule.
The then-incoming administration had already indicated support for the repeal –, on the day of the Senate vote, President Donald Trump stated he would sign the resolution if it reached his desk. This suggests that the CFPB’s new authority over digital wallets could be short-lived. (Notably, a CRA repeal not only nullifies the current rule but also blocks the CFPB from issuing any “substantially similar” rule in the future, barring Congress from reintroducing oversight via rulemaking down the line.)
Even as the legal and political battles play out, the push for tighter regulation has already prompted robust debate about the impact on the payments industry and its customers. From the perspective of fintech companies and tech platforms, the CFPB’s rule represents a significant new compliance burden. Covered firms would need to invest in beefed-up compliance teams, documentation, and possibly adjust product features to meet regulators’ expectations. Industry groups argue that these costs could ultimately raise prices or limit innovation for consumers.
For example, if payment apps are forced to take on greater liability for fraud losses (similar to how banks reimburse unauthorized transactions), companies might respond by introducing more fees or friction in P2P transfers to cover those risks. The Financial Technology Association warned that the CFPB’s one-size-fits-all approach might inhibit the rollout of new features and payment products by making experimentation riskier.
Smaller fintech startups (even if currently under the 50-million transaction threshold) have also watched warily, as they could be swept in later or face higher compliance expectations due to standards set by this rule.
On the consumer side, however, many believe the rule’s potential benefits outweigh the costs. Greater regulatory scrutiny could pressure companies to improve their customer service and fraud response, as evidenced by the hefty CFPB action against Cash App for its past failures. If the rule were enforced, users might see more responsive support and fairer dispute resolution when reporting a fraud or error on these platforms. Additionally, CFPB oversight might deter some of the more opaque data-sharing practices; payment apps would know examiners are checking whether they properly disclose and limit how they use consumers’ financial data.
Another possible outcome is increased consistency in protections. Today, whether a consumer is made whole after a scam on a payment app can depend on the company’s policies, which vary widely. Under supervisory oversight, the CFPB could push all major providers toward stronger, standardized protections akin to those banks follow, such as investigating fraud claims within 10 days and providing provisional credits for disputed transactions.
Simply put, advocates see the rule as a path to bring accountability and trust to an industry that has outgrown the old caveat emptor (buyer beware) approach. It’s important to note that the CFPB’s move is part of a broader effort to modernize financial rules for the digital age. In mid-2023, as a precursor to the rule, the CFPB issued a consumer advisory warning that funds stored on P2P apps may lack federal deposit insurance, unlike money in bank accounts. That advisory highlighted the risks if a payment company were to fail, and it urged users to transfer excess balances to insured bank accounts.
The Bureau also pointed out that usage of payment apps had quadrupled from 2018 to 2022 in dollar volume, and hinted that regulators were “sharpening their focus” on tech firms that “sidestep safeguards” traditional banks adhere to. Now, with the supervision rule, the CFPB took a concrete step to apply those safeguards, only to encounter the current resistance. The outcome remains to be seen. If the CRA repeal is finalized and the rule is struck down in court, the CFPB may have to explore alternative avenues (such as targeted enforcement or new legislation from Congress) to address the consumer protection issues in digital payments.
On the other hand, if the rule survives (against the odds), payment companies will be entering a new era of federal oversight, likely requiring some adjustments but potentially resulting in a safer ecosystem for the millions of people who use these services daily.
The CFPB’s rule extending supervision over large digital payment apps reflects a growing recognition that services like PayPal, Apple Pay, and Cash App now function as critical financial tools for millions of Americans. While the rule was designed to close a regulatory gap and ensure consumers receive protections similar to those offered by banks, it has faced stiff resistance from both the tech industry and lawmakers.
The outcome of this fight, currently playing out in courts and Congress, will determine whether digital payment platforms remain largely self-regulated or become subject to regular federal oversight. Regardless of how the legal and political challenges unfold, the debate has already highlighted major concerns around fraud, customer service, and data privacy in an industry that has seen explosive growth but limited accountability. Whether through this rule or another path, pressure is mounting for stronger consumer safeguards in the digital payments space.
