Skip to content
BOL Conferences
Thread Options
#2101568 - 10/04/16 01:30 PM Reg E
ComplianceGuru89, CRCM Offline
Member
Joined: Sep 2015
Posts: 85
Customer gives his card and pin to someone, that persons decides to go to multiple ATMs and conduct several POS trans. Customer didn't notify the bank that he had given the person permission and also did not state when they revoked permission... Is the bank liable for all these charges? Seems like this would be the customer's liability

Return to Top
Deposits and Payments
#2101867 - 10/05/16 04:27 PM Re: Reg E ComplianceGuru89, CRCM
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
If the card/PIN were provided, all transaction by that person are authorized. Look at the definition of "Unauthorized Electronic Funds Transfer" in §1005.2(m). It states:
"The term does not include an electronic fund transfer initiated . . .
By a person who was furnished the access device to the consumer’s account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized;"
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#2101872 - 10/05/16 04:32 PM Re: Reg E ComplianceGuru89, CRCM
burkemi Offline
Platinum Poster
Joined: Nov 2013
Posts: 549
We have always looked at this situation with the assumptions that "evergreen authority" does not exist. Here is a breakdown of how we generally decide liability.

1) From Reg E commentary 2(m)2...Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.

You give me your card and PIN and ask me to get you $50. While getting your $50, I help myself to $50. Then stop at 3 more ATMs along the way back and withdraw $50 each time. I return, give you your card and your $50, while I pocket the rest. If this is the end of the story, then you (the customer) are liable for all transactions and your only recourse is to come after me.

2) From Reg E commentary 2(m)3...Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

You give me your card and PIN and ask me to get you $50. I return, give you your card and your $50. Tomorrow I decide I need some extra cash to buy a new trinket, so I sneak and take your card because I already know your PIN. Then I go and help myself to $200 and replace your card without your knowledge. In this case, the fact that you previously gave me permission does not apply. I had to steal your card to perform the transactions and the bank is liable minus any timing requirements and the $50.
Last edited by burkemi; 10/05/16 04:41 PM.
_________________________
I reject your reality and replace it with my own.

Return to Top
#2101974 - 10/05/16 09:00 PM Re: Reg E ComplianceGuru89, CRCM
David Dickinson Offline
10K Club
David Dickinson
Joined: Nov 2000
Posts: 18,762
Central City, NE
I agree with you, burkemi. While not perfectly spelled out in Reg E, I believe the 2nd scenario is robbery and the customer is not liable.
_________________________
David Dickinson
http://www.bankerscompliance.com

Return to Top
#2121437 - 03/10/17 03:04 PM Re: Reg E ComplianceGuru89, CRCM
KeKe Offline
Junior Member
Joined: Sep 2015
Posts: 39
Midwest
Similar scenario - Grandmother allows teenage grandson to purchase online games from Amazon; Google; Microsoft - "when Grandson is at her home" - Grandson then places online orders for fast food that the Grandmother is disputing - "saying" she did not authorize Grandson to make those purchases - only the online gaming. Grandson has the debit card and PIN number in his possession for online use - it couldn't be robbery since he never "gave" the card back and then "stole" it from Grandma - he just went beyond the initial authority given for use of the card.

We have declined the disputes related to the fast food orders.

Return to Top
#2121438 - 03/10/17 03:06 PM Re: Reg E KeKe
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
She gave him the access devices. She never told you to disable them. The charges are authorized.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2122296 - 03/16/17 06:17 PM Re: Reg E Elwood P. Dowd
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
Originally Posted By Ken_Pegasus
She gave him the access devices. She never told you to disable them. The charges are authorized.
But you have been put on notice now. How will you be able to police a "only when he's here buying games" authorization from Grandma? You can't. You have to tell Grandma that her Golden Boy can't use the card any more, or that you will have shut down her card access entirely.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2122696 - 03/20/17 05:42 PM Re: Reg E John Burnett
kbcomply Offline
New Poster
Joined: Sep 2016
Posts: 13
We have a similar situation: Grandmother gives grandson permission to use her debit card (or her husband's card) to purchase iTunes. She receives her February statement and is now disputing some, but not all of the iTune charges to their account. She says that her grandson did not conduct all of them. We don't know who conducted the transactions, but I'm assuming she really doesn't know either. Are we obligated to refund the charges that she's disputing?

Return to Top
#2122932 - 03/21/17 07:29 PM Re: Reg E ComplianceGuru89, CRCM
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
Granny can't give the kid her husband's authority to use his card. She can only let him use hers. But assuming it's her card in question. She has every right to dispute any charge that she believes was not completed by the kid. Her authorization for the kid to use the card can't be used by anyone else.

I'd be telling Granny she needs to stop letting the kid use her card, or you'll shut it down.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2198805 - 11/20/18 07:56 PM Re: Reg E ComplianceGuru89, CRCM
Matt_B Offline
Diamond Poster
Matt_B
Joined: Sep 2011
Posts: 1,648
A CU, Where Regs Don't Apply
Similar question with a bit of a twist, so going to toss it in here.

Daughter and mom joint on account. Daughter (under 18) gives boyfriend her card and pin, he in turn gives it to someone else who deposits about $2,000 in bad checks. Claim is that it's unauthorized. Here's the kicker, she was the one that withdrew the cash from the account from those bad checks, with who we believe is boyfriend and other guy in the car. So, she knew the funds were in there (brand new account, very low balance), withdrew them, and either benefited directly, or gave all the funds away.

I think we could make a case to deny, however mom already has a lawyer involved. (though based on court records, that may be because another local financial is suing her)

Had this been a card transaction, we would probably be stuck, but based on the facts, I think she had every reason to know what was going on and chose not to, but doesn't want to be held liable. Thoughts?
_________________________
Someone's about to get horned!

Return to Top
#2198810 - 11/20/18 08:10 PM Re: Reg E ComplianceGuru89, CRCM
Adam Witmer Offline
Power Poster
Joined: Sep 2010
Posts: 2,658
You don't specifically say if the deposit (from friend of boyfriend) and withdraw (from daughter) were electronic funds transfers. Were they EFTs or in-person transactions?

If they weren't EFTs, the transaction doesn't appear to be subject to Regulation E.

If they were, then you still might have a case for denying the transaction according to this:

"The term does not include an electronic fund transfer initiated:
(2) With fraudulent intent by the consumer or any person acting in concert with the consumer; or"
_________________________
Adam Witmer, CRCM

All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com

Return to Top
#2198821 - 11/20/18 09:09 PM Re: Reg E ComplianceGuru89, CRCM
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
"Here's the kicker, she was the one that withdrew the cash from the account from those bad checks, with who we believe is boyfriend and other guy in the car."

If by "she" you mean daughter, then you really don't need to go further. If she did the withdrawal, it's unquestionably authorized. Don't get hung up on the deposit - if it was authorized, fine. If it was unauthorized, then the account was credited and the account was subsequently debited (for the returned checks); no harm from that. The harm was from the withdrawal, which was authorized.
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2198824 - 11/20/18 09:14 PM Re: Reg E ComplianceGuru89, CRCM
Matt_B Offline
Diamond Poster
Matt_B
Joined: Sep 2011
Posts: 1,648
A CU, Where Regs Don't Apply
Fair point. Checks deposited at an ATM, cash withdrawn in person by her. If I had to really guess, I'd bet she was present at the ATM deposit also, but we have no way to prove that without a subpoena and a cooperating private business.
_________________________
Someone's about to get horned!

Return to Top
#2198908 - 11/21/18 07:17 PM Re: Reg E ComplianceGuru89, CRCM
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
Even if she was present at the ATM (and I am guessing she was, too), you don't have a Reg E claim here. This is strictly fraud (the deposit) and an overdraft. It could be complicated by the fact that daughter is under 18 and there might be minor owner contract voiding issues. You could be left with the option of trying to duke it out with mom (a sympathetic defendant) in a nasty legal battle.

Without question, I'd show the door to these customers and then try to sort things out.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2245716 - 11/19/20 11:04 PM Re: Reg E ComplianceGuru89, CRCM
Red Raiders Offline
Diamond Poster
Red Raiders
Joined: May 2013
Posts: 1,069
Compliance Land
Let's say customer has ATM $400 withdrawal on 11/6. Doesn't notify us of her debit card being "stolen" until 11/13. We see from her online banking activity that she had logged in each day from 11/5 to 11/13 so she likely knew of the "stolen" card and $400 transaction when it occurred. Can we deny this claim or is she due some amount back? This part of Reg E confuses me.
_________________________
How long until retirement?? smile

Return to Top
#2245717 - 11/19/20 11:12 PM Re: Reg E ComplianceGuru89, CRCM
BrianC Offline
Power Poster
BrianC
Joined: Nov 2004
Posts: 6,685
Illinois
There are two factors at work here.
First, the $500 liability tier of 1005.6(b)(2) does not retroactively apply to transactions that occur within the first two business days after a customer learns of the loss or theft of the access device as you could not have prevented them. Even if the cardholder knew the card was stolen on 11/5, they would have had until 11/8 to notify you (since 11/6 and 11/7 are not business days due to the weekend). The cardholder's liability for transactions during that timeframe is $50.

The liability would increase to $500 for any withdrawals that occurred on 11/9 and after. Again...that is assuming that the cardholder LEARNED of the loss or theft of the access device on 11/5. Consider the commentary to 1005.6

"2. Knowledge of loss or theft of access device. The fact that a consumer has received a periodic statement that reflects unauthorized transfers may be a factor in determining whether the consumer had knowledge of the loss or theft, but cannot be deemed to represent conclusive evidence that the consumer had such knowledge."

The fact that I signed into online banking doesn't prove that I saw the $400 charge. Maybe I was signing in to verify that my direct deposit came in or that a check had cleared and did not review my entire transaction history.

Based on the sequence of events you describe, if your investigation determines the charge is unauthorized, the customer's liability would be limited to $50 and you would own them $350.
_________________________
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!
www.tcaregs.com

Return to Top
#2250154 - 03/05/21 08:17 PM Re: Reg E ComplianceGuru89, CRCM
Skittles Offline
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
Different scenario - wife gives husband a debit card to use. A transaction took place in December. Wife disputed this transaction with the bank after 60 days from previous statement. Wife said she didn't authorize the transaction - and husband said he didn't authorize the transaction. The card, chip and PIN were used. Are we required to refund the money? Since they haven't reported the loss of an access device I'm leaning toward the customer is liable for the transaction.

Also - I'm going to strongly recommend we do not issue a new card.
_________________________
My Opinions Only

Return to Top
#2250155 - 03/05/21 08:30 PM Re: Reg E ComplianceGuru89, CRCM
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,219
Galveston, TX
Is not when they report it, it is when the transaction happened.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2250220 - 03/08/21 07:51 PM Re: Reg E ComplianceGuru89, CRCM
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
It doesn't matter how old that transaction is. The customer has the right to claim lack of authorization, and, if the bank cannot determine that it was authorized (this is not a legal proof; it's the result of the bank's investigation), the consumer gets their money back. All of it, if there isn't a lost or stolen debit card involved.
Last edited by John Burnett; 03/09/21 03:23 PM. Reason: punctuation correction
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2253500 - 05/05/21 05:29 PM Re: Reg E ComplianceGuru89, CRCM
Angela Offline
Junior Member
Joined: Sep 2014
Posts: 31
I have a scenario for you. Customer calls wanting to dispute $17,000 worth of debit card transactions performed via Cash App. He acknowledges having Cash App and a phone that does not have a security lock/passcode set up, he says he had roommates in the recent past. We utilize REDi with our debit card transactions, where he was sent text messages for transactions, which he approved, however we can't prove that HE approved them since his phone security is not set up...it could have been his roommates conducting the Cash App transactions and approving the text messages. These transactions happened April 13-30 but he did not notify the bank until May 3rd. He logs in daily to his online banking account. Is the bank on the hook to give his money back? We did ask him to dispute the transactions with Cash App but we have not heard back from him.

Return to Top
#2253510 - 05/05/21 06:38 PM Re: Reg E ComplianceGuru89, CRCM
Skittles Offline
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
So your customer's CashApp withdrawals all came out of his account using his debit card?
_________________________
My Opinions Only

Return to Top
#2253518 - 05/05/21 07:36 PM Re: Reg E ComplianceGuru89, CRCM
Angela Offline
Junior Member
Joined: Sep 2014
Posts: 31
Skittles - yes that is correct

Return to Top
#2253519 - 05/05/21 07:37 PM Re: Reg E ComplianceGuru89, CRCM
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
Unfortunately, Regulation E doesn't recognize a customer's daily online access to an account as significant to anything. The only key dates are the date the customer learns an access device is lost or stolen (not applicable here), the date of the first unauthorized EFT and the date the statement is sent showing the posting of that first unauthorized EFT.

I've seen some suggestions that setting up his debit card on Cash App is giving CashApp authorization to use the access device (debit card). That could be an overreach.

There is definitely a bias in favor of the consumer in the regulation concerning carelessness. If writing the PIN on the back of the card can't be held against the customer as aggravated negligence to increase his liability, leaving an unsecured cell phone lying about with the Cash App tied to the debit card is only marginally more negligent.

BUT, it's very unlikely that there is a contractual agreement between the bank that issued the debit card and Cash App. For that reason, and despite what I consider a misinformed unofficial opinion from some nameless functionary at the CFPB, under §1005.14 of Reg E, Cash App, not the bank, should be the party responsible for complying with the error resolution and limits on consumer liability in sections 1005.11 and 1005.6. Cash App could construct its app so that a user name and password is required every time the app is used, but apparently it hasn't (I have never used the app, and never will).
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top

Moderator:  John Burnett