Isn't it true that when a customer is scammed into supply ATM card number & PIN that they have no liability under Reg E when that unfo is used as a POS? The transaction is both unauthorized and the transaction is not an "accepted access device" under Reg E.

Correct. The liability rules are negated when the access device is not authorized.

Would the same principal hold true if a customer had their wallet stolen and their login for internet banking was among the items stolen? The custoemr would not be liable for any transfers, transactions, wires, etc initiated by the fraudster as a result of the theft?

If those transfers are subject to Reg. E, the login credentials are a form of access device. If the access device is stolen, the tranfers are not authorized.

If the accounts are business accounts, they aren't covered.

If they are consumer accounts, the transfers are covered.