You have to look at the first transaction that the customer claims was not authorized, no matter how old it is. If you determine that it was not authorized, and that later transactions the customer is claiming were not authorized are related to that first unauthorized transaction:
1. Determine when you sent the customer the account statement showing the first transaction. If there isn't a lost or stolen card involved in the claim, add 60 days to that date, and consider that the coverage limit date. Let's assume it's 9/30/2020.
2. Any of the claimed transactions that you determine were unauthorized that posted on or before the coverage limit date (9/30) will be refunded to the customer.
3. Any of the claimed transactions that appear to be connected to those unauthorized transactions and that post after the coverage limit date (9/30//2020) may, in fact, be unauthorized, but the customer is responsible for them and you do not have to refund them. The customer failed to check statements and notify you of the unauthorized transactions, and you could have prevented them if you had been notified by that coverage limit date, so the customer is not entitled to a refund for them.
John S. Burnett
Fighting for Compliance since 1976
Bankers' Threads User #8