Warning: Gray Area (like so much of Reg E's authorized/unauthorized provisions)
One could argue that, when the basis of the entire "friendship" is fraudulent (romance scams, for example), the access device (the number, code, etc.) is obtained fraudulently, and all the transactions by the "friend" are unauthorized.
On the other hand, when the basis for the relationship isn't fraudulent (college roommate, family member, drinking buddy, BFF, and so on), and the cardholder initiates the sharing of the access device, I think the old Reg E rule about an individual exceeding his/her authority before the cardholder notifies the bank that the individual is no longer authorized to use the card fits the situation.
Of course, figuring out where the boundary between those scenarios lies is the challenge.
Last edited by John Burnett; 11/13/19 02:42 PM.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8