Please someone explain to me 1005.2(m)
An unauthorized electronic funds transfer under the official interpretation states:


2.Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.
But under fraud the customer's claim is valid and the claim is not contingent on a police report.
3.Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

Why would anyone contact the bank? When you issue a debit card you tell the customer to secure their card and not tell anyone their PIN. We don't educate them to call if they do. So therefore any time a person used their card that may have previously had permission it would fall under robbery and fraud, correct? I've read several different scenarios on here and some state that since they didn't call they are liable and others say that they follow the robbery/fraud option. Since Reg E is a consumer protection Reg do you just pick the reason that fits.
Thanks in advance for your help.

Regulation E was originally written back in the 1980s and some parts of it could still be brought more current. This definition is one of the problem areas that could certainly use some commentary, but it also falls under the general caveat I issue to all compliance officers: "Be careful what you wish for," which is one reason that I imagine there isn't a long line of compliance officers begging the Bureau for some clarity on this issue.

I happen to take the consumer-centric view that these one-off authorizations end when the access device is returned to the cardholder's control. However (and here's the rub) the access device doesn't have to be the plastic card. The card number, expiration date and security code constitute the access device in the case of telephone or internet initiated transactions. So there is an argument that sometimes the authorization is ongoing even after the card is returned.