One of our customers notified us of suspected fraudulent pinned transactions. Of the approximately 35 transactions she claimed as fraudulent, we had video of her performing one of them, and her signature on another. When confronted with that information, she backpedaled slightly and claimed some transactions may be hers, some may not, and she has no way to be sure. We sent her an account in good standing letter.

A few weeks later (5/5/10) we received a fax from her with a reduced list of fraudulent transactions (down to approximately 25 transactions). One of the transactions listed is again one where we have video of her performing the transation.

Is it reasonable/allowable to close our investigation within the 10 day period allowed without providing any credit to her because she is continuing to claim a legitimate transaction as fraudulent? In other words, are we under any obigation to provide her with provisional credit for any of the transactions where we don't have video proof that she made them? Can her continued fraudulent claim invalidate her entire request? Thanks.

All Reg E requires is that you investigate. As this is not a court of law, you don't have the same burden of proof. Based on your investigation, if you have a reasonable belief to deny the claim, you are within your rights to do so. Also, given this pattern of behavior, I would consider revoking her card privledges to avoid any "misunderstandings" in the future.

In my particular situation, my customer had a roommate who took her card while she slept. The roommate knew her pin number. My customer volunteered her pin number when her roommate had run errrands for her in the past. Now, the roommmate went off on a spending spree with my customer's card. The bulk are pin based transactions. In our disclosures, unauthorized pin based transactions are not given provisional credit unless you can demonstrate you have exercised reasonable care in safeguarding your cad from the risk. The pin was freely given.

Rebecca, customer negligence is not an allowable reason to deny a claim under Reg E. The burden of proof is on you, not the customer. If the customer says the transactions were unauthorized, in order to deny the claim you have to prove they were authorized.

Trust me, we just went through a HUGE overhaul of our Reg E dispute process, because our risk department was denying claims, just like one in your example, and the regulators didn't like it. We (compliance) were ordered to go through all claims last year and identify ones that should have been paid under Reg E. It was a huge process.

Bottom line, yes, she was negligent and let her roommate use her card in the past. She admitted that and she is not disputing those transactions. But due to the fact that later the roommate STOLE her card and used it without your customer's permission (that's the key), the transactions qualify as unauthorized. Unless you can prove that she authorized them, of course.

As STUPID as it is, I agree, as that's the way the law was written.

I disagree (to an extent) here.

Reg E [205.11(c)(1)] reads: "A financial institution shall investigate promptly and, except as otherwise provided in this paragraph (c), shall determine whether an error occurred..."

I don't believe "a burden of proof" exists within this context of the law. I do believe, as Aggs has stated, the examiners will expect your documentation to be credible/plausible to support your "determination" that no error occured.

You been given authority to be both judge & jury (just remember your regulator is the court of appeals ).

Just my two cents.

M Cockrell, I do agree with you. It is up to us to determine if an error occurred. However, this is how our regulators want us to handle it. If the customer claims it's unauthorized and you don't have any evidence to support that it was authorized, you pay the claim. The only evidence for ATM withdrawals, really, would be pictures showing the customer making them or standing in the background. When the pictures showed someone other than the customer making the withdrawals, the regulators' stance was - "you can't prove the customer made or authorized these transactions, you had no valid reason to deny the claim"

Since we were denying based on, for example, "three months ago you gave this person permission to use your card", they did not agree. We had to go back and pay pretty much the majority of our PIN-based claims. Those customers got a nice little surprise in the mail.

I can guarantee that you will get multiple opinions on this particular situtation.

The commentary to Reg E states

"Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized."
There are some that will say that giving the roommate the PIN and card in the past in sufficient to be covered by this clause and therefore you can deny the customer's claim.

However, I personally side with Reg E guru Andy Zavoina that in your situation, you customer had resecured the card and it was later stolen. As a result the transaction would be unauthorized, and assuming your customer reported the theft within two business days of discovering the theft, the maximum liabilty would be $50.00.

That said, as I noted in my previous post, you don't have to issue your customer another card. Also, while you cannot require your customer to file a police report, make sure she is aware that if she does not, the bank will be and that they will be seeking her help in tracking down the roommate.

Also, you may want to run your disclosures past Compliance as you cannot restrict provisional credit based on consumer negligence.

"2. Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers. (However, refer to comment 2(m)–2 regarding termination of the authority of given by the consumer to another person.)"

I completely agree. I was SO glad to hear Andy Z's opinion during that webinar. We invited our electronic services and risk management people (who handle Reg E claims) because they were fighting us on it. Once he said it, it was like "oh, ok, I guess you were right..." LOL

And yes, I agree that compliance should review your disclosures as you cannot use customer negligence as the sole reason for denial or withholding provisional credit.

Understood. Definitely no disagreement there: right way, wrong way, examiner's way. (Examiner wins every time...well, nearly every time )


Yep, I agree. Gotta have somethin' to justify your stance.

"Evidence to support that it was authorized" can include a lot more than photos showing your customer dipping his card in an ATM card slot. It can also rely on previous transaction patterns of customer-authorized transactions, proximity of the locus of the transaction to the customer's home or place of work or commuter line used, etc. It does not have to meet the "beyond reasonable doubt" standard required in criminal prosecution. It merely has to be a good-faith belief the transactions took place and were authorized by your customer.

Oh, I agree 100%. But you should've heard the examiners we had. To them nothing outside of picture proof was good enough.

We did, however, manage to persuade them that some of the denials were proper when looking at transaction patterns and account history. But we lost enough battles to go through and revise our procedures.

I imagine that the examiners were taking a hardline stance in order to get your institution to correct its procedures. As for those gray areas, I can remember being thankful sometimes they were there, and cursing them at other times for their fuzziness.