CFPB vs. Block, Inc.: What the Cash App Case Means for Consumers
Understanding the CFPB and state enforcement actions against Block, Inc. and what Cash App users can learn from this landmark case.
Block, Inc., the company behind Cash App, faces one of the most significant consumer protection and compliance actions in the digital payments space. Federal and state regulators have ordered the company to pay substantial monetary relief and overhaul how it handles fraud, consumer disputes, and financial crime risks. This article explains what regulators found, the penalties imposed, and what it all means for consumers who rely on peer-to-peer (P2P) payment apps.
1. Background: Who Is Block, Inc. and What Is Cash App?
Block, Inc. is a large financial technology company that operates several payment products, including the Cash App mobile application used by tens of millions of people in the United States. Cash App allows consumers to:
- Send and receive money electronically between individuals.
- Receive direct deposits, such as paychecks or government benefits.
- Use a branded prepaid debit card (Cash Card) for purchases and ATM withdrawals.
- Store funds and, in some cases, invest or access other financial services.
Digital wallets and P2P payment services like Cash App are subject to a range of laws, including:
- The Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, which set rules for handling unauthorized electronic transactions and error resolution.
- The Consumer Financial Protection Act (CFPA), which prohibits unfair, deceptive, or abusive acts or practices in consumer financial products.
- The Bank Secrecy Act (BSA) and anti-money laundering (AML) laws, which require firms to monitor for suspicious activity and prevent illicit use of the financial system.
2. What Regulators Found: Key Failures at Cash App
In 2025, the Consumer Financial Protection Bureau (CFPB) and a coalition of state financial regulators announced coordinated enforcement actions against Block, Inc. The agencies identified a pattern of problems affecting Cash App users and the broader financial system.
The Future of AI: Preventing a Big Tech Monopoly >
2.1 Weak response to unauthorized transactions
Under federal law, when consumers report unauthorized electronic fund transfers, companies must investigate and, if appropriate, provide refunds or provisional credits within set timelines. Regulators concluded that Block:
- Failed to adequately investigate many consumer reports of unauthorized Cash App transfers.
- Improperly closed disputes in the company’s favor using incomplete or flawed investigation processes.
- Directed affected users back to their banks to reverse transfers, even when Cash App had its own legal responsibilities to handle the dispute.
These practices undermined consumer protections built into the EFTA and Regulation E, which are designed to shield users from financial loss due to fraud or unauthorized access.
2.2 Inadequate customer service and access to help
The CFPB found that Cash App users often could not obtain timely, effective assistance when something went wrong.
- Although a phone number was printed on the Cash Card and listed in the terms of service, it did not connect users to live customer support for years.
- Consumers were largely forced to rely on in-app messaging or U.S. mail, which often produced delayed, confusing, or inaccurate responses.
- The lack of accessible support was especially harmful for users facing fraud or locked accounts, who needed urgent assistance to prevent further losses.
Regulators viewed these service gaps as an unfair practice under the CFPA because consumers had limited ability to avoid harm and suffered significant financial and practical injury.
2.3 Exposure of customers to fraudsters posing as support
Because Cash App’s own help channels were difficult to reach, many consumers tried to find customer service using internet search engines. According to regulators, criminals exploited this gap by posing as Cash App representatives online and tricking people into revealing passwords and other sensitive information.
- Fraudsters created fake support phone numbers and websites, luring users who were desperate for help.
- Block was aware that users were being targeted in this way but did not take timely and effective measures to mitigate the risk, such as clearer warnings or better routing to legitimate support.
This environment increased the likelihood that Cash App customers would suffer losses due to scams and identity theft.
2.4 Deceptive statements about consumer protections
The CFPB’s consent order concludes that Block made representations that were likely to mislead reasonable consumers about the availability of phone support and how unauthorized transfers would be handled, in violation of the CFPA’s ban on deceptive practices.
- Information on cards and in terms of service suggested meaningful phone-based help that, in practice, was not available as promised over a long period.
- Consumers could reasonably expect that the company would follow the law in investigating disputes, but investigation practices did not consistently meet federal requirements.
2.5 Bank Secrecy Act and AML compliance failures
Separately from the CFPB, a group of 48 state financial regulators investigated Block’s compliance with the BSA and AML laws, which require financial institutions to identify customers, monitor transactions, and report suspicious activity.
State regulators found that Block’s BSA/AML program associated with Cash App had deficiencies that could allow:
- Inadequate customer due diligence or identity verification for certain accounts.
- Insufficient monitoring of high-risk transactions or accounts for potential money laundering or terrorist financing.
- Gaps in reporting suspicious activity to authorities as required by law.
Although regulators did not publicly detail every technical shortcoming, they concluded that the weaknesses created a meaningful risk that Cash App could be used for illicit financial activity.
3. Monetary Penalties and Consumer Redress
The combined enforcement actions involve substantial payments and mandated reforms for Block, Inc.
3.1 CFPB-ordered refunds and penalties
According to the CFPB, Block must provide significant relief to harmed Cash App users and pay a civil money penalty.
- Up to $120 million in refunds and other redress for consumers whose unauthorized transfers were not properly investigated, who did not receive required refunds, or whose accounts were improperly locked or delayed.
- A minimum of $75 million in redress is required, with the CFPB overseeing compliance to ensure users receive compensation.
- A $55 million civil penalty paid into the CFPB’s victims relief fund.
Consumers do not need to take immediate action to benefit from this CFPB arrangement; the Bureau will supervise the redress process.
3.2 State-level BSA/AML penalties
In a parallel action, state regulators ordered Block to pay an $80 million penalty for BSA/AML violations and to implement corrective measures.
- The penalty will be distributed among participating state agencies for enforcement purposes.
- Block agreed to hire an independent consultant to review its BSA/AML program, report to the states within nine months, and correct identified deficiencies within 12 months of the report.
| Regulator | Key Focus | Monetary Amount | Main Remedies |
|---|---|---|---|
| CFPB | Consumer protection, unauthorized transfers, customer service, deceptive acts | Up to $120M redress + $55M penalty | Refunds to users, improved investigations, 24/7 live support |
| State regulators (48 states) | BSA/AML compliance, financial crime risk | $80M penalty | Independent AML review, corrective action plan |
4. Required Reforms: How Cash App Must Change
Beyond financial penalties, the orders impose structural changes aimed at preventing similar problems in the future.
4.1 Strengthened customer service and access to help
The CFPB requires Block to upgrade Cash App’s support systems so users can obtain meaningful assistance when issues arise.
- Creation of 24-hour, live-person customer service accessible to Cash App users.
- Clearer, accurate information about how to reach support and what to expect during the dispute process.
- Processes that ensure prompt attention to reports of fraud, account locks, and other urgent problems.
4.2 Robust investigation of unauthorized transfers
To comply with the EFTA and Regulation E, Block must implement more rigorous procedures for handling disputes involving unauthorized electronic fund transfers.
- Thorough investigation of consumer reports, rather than automated or cursory denials.
- Timely refunds or provisional credits when required by law.
- Recordkeeping and internal controls that support compliance and allow regulators to verify performance.
4.3 Stronger protections against fraud and scams
Regulators expect Cash App to take more effective steps to protect users from fraudulent schemes.
- Monitoring the platform for suspicious patterns of activity and known scam typologies.
- Clear, proactive warnings to users about imposter support scams and other common fraud risks.
- Enhanced identity and device controls designed to prevent unauthorized access to accounts.
4.4 Enhanced BSA/AML program
Under the state settlement, Block must bring its BSA/AML compliance in line with regulatory expectations for money services businesses operating at scale.
- Independent evaluation of its AML risk assessments, policies, and monitoring systems.
- Stronger customer due diligence rules for higher-risk users and transactions.
- Improved suspicious activity monitoring and reporting to relevant authorities.
5. Why This Case Matters for Consumers and Fintech
The Block/Cash App case has implications far beyond a single company. It illustrates how traditional consumer protection and AML rules apply to modern payment platforms and sets expectations for how digital finance should work.
5.1 Reinforcing legal protections in P2P payments
The enforcement action underscores that P2P payment apps must follow the same core regulations that cover bank accounts and debit cards when it comes to unauthorized transfers and error resolution. Consumers using these apps retain important rights, including:
- The right to have unauthorized transfers investigated promptly.
- The possibility of refunds or credits when fraud occurs and is properly reported.
- Protection from unfair or deceptive practices in how services are marketed and administered.
5.2 Incentives for better platform design and oversight
Fintech firms are on notice that rapid growth and innovation do not exempt them from compliance responsibilities. Regulators expect companies to:
- Build compliance and customer protection into products from the outset.
- Scale customer service and dispute-handling processes in line with user growth.
- Invest in AML systems capable of monitoring large transaction volumes and complex patterns.
5.3 Lessons for everyday users
For individuals who use Cash App or similar services, the case highlights practical steps to reduce risk:
- Enable strong authentication, such as device locks and app-specific security controls, to prevent unauthorized access.
- Use only official in-app or website channels to contact customer support, and be wary of phone numbers found through web searches.
- Report suspected unauthorized transfers quickly to preserve your legal protections under the EFTA.
- Monitor your account activity regularly, especially if you use P2P apps for direct deposits or to store significant balances.
6. Frequently Asked Questions (FAQs)
Q1: I use Cash App. Will I automatically get money from this settlement?
Not every Cash App user will receive a payment. The CFPB’s order targets consumers who were harmed by specific issues, such as unauthorized transfers that were not properly investigated, missing refunds, or accounts that were improperly locked. The Bureau will oversee how Block identifies and compensates eligible users, and affected consumers will not need to take action at this stage.
Q2: What are my rights if someone makes an unauthorized transfer from my account?
Under the Electronic Fund Transfer Act and Regulation E, you generally have the right to have unauthorized electronic transfers investigated and, when conditions are met, to receive refunds or provisional credits. You must notify your provider promptly after spotting an unauthorized transaction, and different time limits may affect how much you can recover.
Q3: How can I avoid fake Cash App support scams?
Use only official contact options available inside the Cash App or listed on the company’s own website. Avoid phone numbers or sites you find through search engines or social media unless you can verify they are legitimate. Never share your password, full verification codes, or recovery phrases with anyone claiming to be support, and be cautious if someone asks to take remote control of your device.
Q4: What does BSA/AML compliance mean for a payment app?
BSA/AML compliance requires payment services to establish programs that identify customers, monitor transactions, and report suspicious activity related to money laundering, terrorist financing, or other crimes. For users, a strong AML program can mean more identity checks or transaction limits, but it also helps keep the financial system safer.
Q5: Where can I verify if a nonbank financial company is properly licensed?
State regulators recommend using official tools such as NMLS Consumer Access, which allows the public to confirm whether certain financial service providers are licensed in their state and to review enforcement histories. Consumers can also contact their state financial regulator for additional information or to file complaints.
References
- CFPB Orders Operator of Cash App to Pay $175 Million and Fix Its Failures on Fraud — Consumer Financial Protection Bureau. 2025-01-16. https://www.consumerfinance.gov/about-us/newsroom/cfpb-orders-operator-of-cash-app-to-pay-175-million-and-fix-its-failures-on-fraud/
- State Regulators Issue $80 Million Penalty to Block, Inc., Cash App for BSA/AML Violations — Conference of State Bank Supervisors. 2025-01-16. https://www.csbs.org/newsroom/state-regulators-issue-80-million-penalty-block-inc-cash-app-bsaaml-violations
- Michigan Joins $80 Million Enforcement Action Against Block, Inc., Cash App for BSA/AML Violations — Michigan Department of Insurance and Financial Services. 2025-01-15. https://www.michigan.gov/difs/news-and-outreach/press-releases/2025/01/15/michigan-joins-80-million-enforcement-action-against-block-inc-cash-app-for-violations
- Consent Order: Block, Inc. — Consumer Financial Protection Bureau. 2025-01-16. https://files.consumerfinance.gov/f/documents/cfpb_block-inc-consent-order_2025-01.pdf
Read full bio of medha deb





