If there was no access device involved -- you didn't indicate the type of transaction in your question, Paris -- and if you determine the transactions were, in fact, not authorized by the customer (and that the customer received no benefit from them, etc.), the customer's responsibility would be $0, since you said the transactions all occurred in a two-day period.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8