Reg E 1005.6 bases the customer's liability on how soon they reported the unauthorized transactions after they discovered the loss or theft of their access device. In this case, the access device that was stolen was the card number (since the physical card is still in the cardholder's possession.)
The question that we are trying to answer here is, "Did the cardholder know that the access device was lost/stolen when they asked to have the card reactivated?"
We cannot increase the customer's liability solely on the basis that they failed to recognize the first transaction as fraud from your phone call. See the interpretations to 1005.6(b). Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers. (However, refer to comment 2(m)-2 regarding termination of the authority of given by the consumer to another person.)
We may want to argue that the customer "should have known" the card was compromised based on the call, however again the interpretations do not put much responsibility on the cardholder.
"Knowledge of loss or theft of access device. The fact that a consumer has received a periodic statement that reflects unauthorized transfers may be a factor in determining whether the consumer had knowledge of the loss or theft, but cannot be deemed to represent conclusive evidence that the consumer had such knowledge."
We must also take into consideration that VISA/MasterCard Zero Liability protections could further reduce the cardholder's liability to zero.
Based on the description of events, it appears that the cardholder did not recognize the fraud until they contacted the bank, which would put their maximum liability at $50.00 for Reg E. VISA/MasterCard Zero Liability would further reduce this to $0.00.
It is up the Bank whether or not it provides this individual with another card.
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!www.tcaregs.com