Hi All,
I am still new to Reg E (and compliance in general) and feeling things out. I appreciate any input
An issue that seems to occur frequently is that a client will get scammed/phished/etc. by a fraudster to provide their Online Banking access credentials and to get past multi-factor authentication. Once the fraudster gains access to Online Banking, the fraudster sends unauthorized Zelle EFTs. If it ended there, I think that the EFTs would be unauthorized, and therefore covered by Reg E, since the client did not authorize the transaction and the transfer was initiated by a person who obtained the access device from the client through fraud.
However, in order to complete the Zelle transaction, the client must confirm the transaction by text message to the phone number associated with the individual's account.
The client did not authorize the transaction at the time he provided the access credentials to the fraudster, nor at the time when the fraudster initiated the fraudulent transaction. However, the client did authorize the transaction through the text message prior to the EFT being completed. Without that step the EFT would not have been sent. Is this type of authorization by the client enough to remove the EFT from the realm of unauthorized transactions?