Zelle, Venmo, Cash App, and the P2P landscape

"Peer-to-peer payment" describes a category of consumer-facing app that moves money from one person to another. The category has grown explosively in the past decade — the leading services now process trillions of dollars of consumer payment volume per year — and has become the default for splitting restaurant bills, paying rent contributions, and many small commercial transactions. What is often invisible to users is that the different P2P apps are structurally very different products: where the funds live before and after the transfer, what payment rail moves them, and what happens if something goes wrong all vary considerably.

This article describes the three principal U.S. P2P services — Zelle, Venmo, and Cash App — and the smaller but distinct landscape around them. The treatment is structural; we describe what each app is rather than which to use. For the underlying payment rails, see ACH and real-time payments; for the consumer-protection framework, see Regulation E in detail and disputing a fraudulent transaction.

Zelle: a bank-rail directory service

Zelle is operated by Early Warning Services, a company owned by a consortium of large U.S. banks. It is structurally a directory service: when a Zelle user enrolls, they associate their email address or phone number with a bank account at a participating institution. To send a Zelle payment, the sender enters the recipient's email or phone number; Zelle looks up the recipient's bank, and the funds move via the bank's back-end rail (originally via the FedACH same-day network and increasingly via RTP) from the sender's account to the recipient's account.

Importantly, Zelle does not hold funds. The funds move bank-to-bank in the consumer's name; both endpoint accounts are insured deposit accounts at FDIC-insured banks (assuming the participating banks are insured, which is the standard case). There is no Zelle wallet that holds a balance between sender and recipient; the funds are debited from the sender's bank account and credited to the recipient's bank account, either immediately (where both banks support real-time) or within an hour or two via same-day ACH.

The advantage of the bank-rail structure is that funds reach the recipient's checking account directly and become available for use immediately, without an intermediate transfer step. The disadvantage is that Zelle transfers are functionally as final as the underlying rails — RTP transfers in particular are non-reversible — and Zelle does not offer the merchant-dispute machinery of a card transaction. For unauthorized Zelle transactions, Regulation E governs and the bank bears the loss; for authorized-but-fraudulently-induced Zelle transactions, the consumer typically bears the loss.

The CFPB and several state attorneys general have pursued enforcement and litigation against the major Zelle-participating banks over the handling of authorized-push-payment fraud. The CFPB filed a high-profile action in late 2024 against three large banks and Early Warning Services itself; the resolution of that and related cases is ongoing as of mid-2026. The substantive question of who should bear authorized-fraud losses on bank-rail P2P transfers remains unresolved.

Venmo: a stored-value wallet on top of bank rails

Venmo, owned by PayPal, is a different structure. A Venmo user's primary balance is held by PayPal as a stored-value account; funds added to Venmo (by linking a bank account, debit card, or credit card and pulling funds in) sit in the Venmo wallet until the user sends them, withdraws them, or pays a merchant.

The Venmo wallet balance is not a bank deposit. PayPal holds the funds as a money transmitter under state licensing; the underlying balance is reflected on PayPal's books and (under PayPal's disclosures) is held in deposit accounts at partner banks. FDIC pass-through coverage may apply to those underlying deposits under defined conditions, but the pass-through coverage rules require specific recordkeeping; verify the disclosure on the specific product before relying on pass-through coverage. Funds held in a Venmo wallet are not in the user's own bank deposit account and are not directly FDIC-insured to the user in the way a bank deposit would be.

A Venmo transaction between two Venmo users is, mechanically, an internal book entry on PayPal's ledger — the funds simply move from one user's wallet to another's. No external payment rail is involved unless the recipient transfers the balance out to their bank account, which is itself a separate transaction (free for standard ACH withdrawal in 1-3 business days; for a fee through Venmo's instant-transfer feature, typically using the card networks' Visa Direct or Mastercard Send capabilities).

For purchases at merchants who accept Venmo, the underlying rail varies; for "goods and services" transactions, Venmo offers limited purchase-protection rights similar to PayPal's, with terms set by PayPal's user agreement rather than by Regulation E.

Cash App: a wallet plus a banking layer

Cash App, owned by Block (formerly Square), is structurally similar to Venmo in that it operates a stored-value wallet, but it has added a more substantial banking-layer overlay. The Cash App balance is held by Block; Cash App users can also opt into "Cash Card" — a Visa debit card linked to the wallet — and a "savings" feature that, depending on the user's election, may route funds to a partner bank's deposit account in the user's name.

As with Venmo, the user's primary Cash App balance is not directly FDIC-insured. The deposit accounts associated with Cash Card and certain Cash App banking features are held at partner banks (Sutton Bank and Lincoln Savings Bank, historically), and FDIC pass-through coverage applies to those deposits under the standard pass-through rules. The line between the wallet portion (not directly insured) and the bank-deposit portion (insured at the partner bank) is in Cash App's disclosures.

Cash App also supports Bitcoin and stock-trading features that introduce additional non-bank functionality not covered here; those features have their own legal frameworks (SEC for the brokerage, money-transmitter licensing for Bitcoin) that overlay the wallet.

What changes with each structure

The structural differences among Zelle, Venmo, and Cash App produce several practical consequences:

• Where the funds live between sender and recipient. Zelle: nowhere (bank to bank). Venmo / Cash App: in the operator's stored-value system, backed by partner-bank deposits or by money-transmitter-license funds.
• FDIC insurance. Zelle: directly on the user's bank deposit at each end. Venmo / Cash App: pass-through coverage on the partner-bank deposits at the operator's discretion and subject to recordkeeping rules; not directly attached to the user's stored-value balance.
• Reversibility. All three: limited. Zelle's bank-rail transfers are typically final; Venmo and Cash App offer somewhat more flexibility through their internal-ledger reversals but cannot recover funds that have been withdrawn from the wallet.
• Consumer-protection framework. All three: Regulation E governs unauthorized transactions; authorized-but-fraudulently-induced transactions are typically not covered by Reg E and follow the operator's voluntary policies.
• Fees. Zelle: typically free to send and receive; the participating banks fund the service. Venmo / Cash App: typically free for standard ACH funding and withdrawal; fees apply for instant transfers, for credit-card funding (typically 3%), and for some business and Bitcoin features.

The Reg E framework and the authorized-fraud gap

Regulation E governs unauthorized electronic transfers from consumer accounts. For a P2P transfer that the consumer did not authorize — for example, a transfer made by a fraudster who has gained access to the consumer's account — Reg E provides a $50 maximum consumer liability (with limits increasing to $500 if not reported within two business days and to unlimited if not reported within 60 days). The bank or wallet operator must investigate and either repay or substantiate the denial.

For a transfer that the consumer did authorize — even when the consumer was deceived into doing so by a fraudster — Reg E provides no remedy. This "authorized push payment fraud" category includes romance scams that end with the victim sending money to a fictitious romantic partner, fake "tech support" payments to a fraudster impersonating Microsoft or another company, invoice-fraud payments to fraudsters who have impersonated a legitimate vendor's billing department, and many similar patterns. The consumer typed the transfer, the bank or app executed it as instructed, and the funds reached the fraudster's account — at which point recovery is typically impossible.

The U.K. addressed this gap with the Contingent Reimbursement Model (now mandatory under the Payment Systems Regulator's 2024 rule), which requires payment service providers to reimburse most APP-fraud victims. The U.S. has no equivalent federal framework. Some U.S. banks and wallet operators have introduced voluntary reimbursement programs of varying scope; the CFPB has pressured the industry to expand coverage; pending litigation and rulemaking activity may produce more substantive protection in the next several years.

Limits and uncertainty

The P2P landscape is structurally simple and stable: three principal services with the three different back-end models described here. Live questions include the resolution of the authorized-push-payment fraud question, the effect of continued FedNow expansion on Zelle's underlying economics, and the ongoing regulatory scrutiny of pass-through coverage and recordkeeping in fintech/wallet products. The principal services are not going away; how they handle fraud loss and the structure of pass-through insurance for wallet balances are likely to evolve over the next several years.