Skip to content
BOL Conferences
Page 1 of 3 1 2 3
Thread Options
#2168726 - 03/16/18 06:57 PM Authorized or Not?
1995Banker Offline
100 Club
Joined: Apr 2002
Posts: 241
Our customer got her first computer and got a virus. An alarming and forceful message popped up that basically said, "This is Microsoft and we can clean the virus from your pc." She called the number and gave them her debit card information to pay for the cleanup.

Reg E 1005.2(m) says: “Unauthorized electronic fund transfer” means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated: (1.) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized; (2.) With fraudulent intent by the consumer or any person acting in concert with the consumer; or (3.) By the financial institution or its employee.

The commentary goes on to say: (3.) Access device obtained through robbery or fraud. - An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

Question: Would this be considered obtaining access through fraud? Or, since she gave the fraudster her info, would you consider it an authorized transaction?

Many thanks!
_________________________
Just when I think I understand....I regain consciousness!!!

Return to Top
eBanking / Technology
#2168733 - 03/16/18 07:01 PM Re: Authorized or Not? 1995Banker
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,226
Galveston, TX
She authorized the transaction.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2168735 - 03/16/18 07:04 PM Re: Authorized or Not? rlcarey
1995Banker Offline
100 Club
Joined: Apr 2002
Posts: 241
10-4...thanks Randy!
_________________________
Just when I think I understand....I regain consciousness!!!

Return to Top
#2168867 - 03/19/18 12:47 PM Re: Authorized or Not? 1995Banker
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
She is a victim of fraud, but in that she made a bad purchase decision and for a fraudulent service. The bank followed her orders for payment. She didn't have a gun to her head nor did someone steal her card, they defrauded her on the purchase.

Reg E doesn't care that the consumer is happy with the product or service, but that they did the transaction, authorized it or benefited from it.

Subsequent charges made after the cost of the cleanup could be valid claims, but this one is not, she paid for an education. I would reissue the card so this group can't sell off the card data.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#2264067 - 12/28/21 03:01 PM Re: Authorized or Not? 1995Banker
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Hmmm. Tough call to me. A similar situation would be a scam where a customer purchased something from a non-existent entity. I'm not so sure these are so easily dismissed as an authorized transaction. At the end of the day in both scenarios the following is true:

(3.) Access device obtained through robbery or fraud. - An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

The debit card information is obtained via fraud, i.e. the person saying "hey, this is Microsoft, I can clean up your PC if you give me your debit card number." If the person said, "hey, this is a scammer and I can't really do anything to fix your PC, but give me your debit card number anyways," then it is highly unlikely the customer would do so. @Andy - Gun to the head/stolen card are both robbery scenarios. What scenario would be "fraud" as mentioned in the commentary in your understanding if this is not an example of it?
Last edited by Compliance NABW; 12/28/21 03:02 PM.
Return to Top
#2264073 - 12/28/21 05:03 PM Re: Authorized or Not? 1995Banker
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,226
Galveston, TX
If the perps used the card information that she provided to purchase other items, then the access device could be considered obtained through fraud. But if they told her that it was going to be $79.99 to clean up her PC and she authorized it, then it was not fraud. It would be no different than if she ordered a dozen boxes of girl scout cookies and they never showed up. She may have a claim through other card issuer protections, but not through Regulation E.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2264074 - 12/28/21 06:07 PM Re: Authorized or Not? 1995Banker
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
Randy's point is a critical one that goes to proper interpretation of the portion of the OSC quoted by Compliance NABW: "An unauthorized EFT includes a transfer INITIATED BY a person who obtained the access device from the consumer through fraud or robbery."

Who initiated the transaction in this case? It wasn't the fraudsters; it was the customer. She was tricked into initiating the transaction, but she still initiated it. Thus, by definition it can't be unauthorized.
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2264087 - 12/28/21 08:52 PM Re: Authorized or Not? 1995Banker
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Yeah, IDK, it's a tough call. They still "initiate" the transfer in terms of they are plugging the card number in to the system to transact the EFT. I do not see it similar to the girl scout cookie scenario if you are dealing with a legitimate business that truly sells Girl Scout cookies. In that case you have an entity/person that you can have a merchant dispute with. In the case of a scammer, there is no person or entity to dispute with. You order Nike's from the online Nike store and they don't show. The Nike store actually has Nike's to provide you. That's not fraud. A scammer has no actual goods. It's strictly fraud to get the debit card information.

Return to Top
#2264093 - 12/28/21 11:13 PM Re: Authorized or Not? 1995Banker
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
By your definition, no one ever "initiates" a transaction with their own card - only the merchant does it. But that's not how Reg. E sees it - the definition of "access device" is that it can be used by the consumer to initiate transfers. If I give my debit card to the cashier at the grocery store, I'm still initiating the transfer. The store is not initiating it. I don't have to contact my bank after each time I visit a merchant to tell the bank the merchant isn't allowed to do any more transfers in order for me to avoid liability for those subsequent transfers under 1026.2(m).

And I'd disagree with your last sentence, which again gets to the crux of the matter. It's not fraud "to get the debit card information." It's fraud to get the consumer to pay the fraudster; the debit card just happens to be the way they get the money from the consumer. To go back to Randy's post - if the fraudster used the card info to initiate OTHER transactions in addition to the initial one, those would be unauthorized. And those would be transactions based on fraud "to get the debit card information."
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2264099 - 12/29/21 04:07 PM Re: Authorized or Not? 1995Banker
Valley girl Offline
Gold Star
Joined: Aug 2014
Posts: 394
TX
I agree with both rainman and Compliance NABW which makes me wishy-washy.

We have members that have called "fake Cash App" and the fraudster "helps them" with their account and then has the member perform a "test" transaction. The member does so and of course the money is gone.

What are the thoughts on these transactions?

Return to Top
#2264322 - 01/05/22 06:29 PM Re: Authorized or Not? rainman
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
If you are in the grocery store and you swipe your card, that is an obvious example of the customer initiating their transaction. If you are right there with the cashier and you hand them your card, then there is no force or fraud in initiating the transaction. It is authorized. If you admit that it's obtained by fraud to do subsequent transactions, then how is it not obtained by fraud for the initial transaction? That doesn't make sense to me. Again, if the customer knew it was a scam, then they would not be handing over the information.

Return to Top
#2264323 - 01/05/22 06:34 PM Re: Authorized or Not? 1995Banker
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
@Valley Girl - I think your scenario is similar to what we are discussing. I would be of those that would consider this an unauthorized EFT. The customer is being duped by a non-existent entity. There is no legitimate merchant to do any kind of dispute with. It's total fraud.

Return to Top
#2264324 - 01/05/22 06:39 PM Re: Authorized or Not? 1995Banker
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
The question for Reg. E is not whether the customer was scammed. The question for Reg. E is whether a particular transaction was authorized or not. If the customer provides their card information to a merchant (real or otherwise) to do a $50 charge to the customer's account, it's authorized. (I would also say it's initiated by the customer, just like an Amazon online purchase.) But if the "merchant" then keeps the card info and uses it to do subsequent transactions, those subsequent transactions are unauthorized. But those subsequent unauthorized transactions don't alter the fact that the customer authorized the first transaction (even if the customer never got goods or services in exchange for that first transaction).
Last edited by rainman; 01/05/22 06:44 PM.
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2264390 - 01/06/22 06:24 PM Re: Authorized or Not? 1995Banker
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
We'll probably have to end up not agreeing here, but, I am not disputing the customer "authorized" the transaction. However, in the very definition of unauthorized EFT, you have the following:

(3.) Access device obtained through robbery or fraud. - An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

So, although practically speaking the transaction was authorized by the customer, by the definition of Reg. E you do not have an authorized EFT because it was obtained by fraud.

Let's do a robbery scenario - Bad guy points a gun at customer and says "give me your debit card." Or, bad guy points a gun at customer and says "withdraw cash from ATM." Although in both cases, the transaction was "authorized" by the person using the debit card, it was obtained via robbery; therefore, it is an unauthorized EFT. If you can explain to me why a robbery scenario is different that a fraud scenario, please feel free to do so. I don't see this as any different than "give me your debit card number to fix your computer" and the person saying that has no ability to provide that service. If fraud only applies to subsequent transactions, I would love to see somebody support that. I highly doubt "fraud" as a category is that limited by Reg. E such that you have to get initially duped and then get stuck again for you to actually have some rights under 1005.11.

Does the bad guy have to take you to another ATM and point the gun at your head again for the robbery rights to kick in?
Last edited by Compliance NABW; 01/06/22 06:30 PM.
Return to Top
#2264391 - 01/06/22 06:27 PM Re: Authorized or Not? rainman
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Originally Posted by rainman
The question for Reg. E is not whether the customer was scammed. The question for Reg. E is whether a particular transaction was authorized or not. If the customer provides their card information to a merchant (real or otherwise) to do a $50 charge to the customer's account, it's authorized. (I would also say it's initiated by the customer, just like an Amazon online purchase.) But if the "merchant" then keeps the card info and uses it to do subsequent transactions, those subsequent transactions are unauthorized. But those subsequent unauthorized transactions don't alter the fact that the customer authorized the first transaction (even if the customer never got goods or services in exchange for that first transaction).

It does contain an aspect of whether the customer was scammed, as by the very definition of an unauthorized EFT it includes transaction where the customer is scammed, i.e. fraud occurs.

Return to Top
#2264392 - 01/06/22 06:34 PM Re: Authorized or Not? 1995Banker
BrianC Online
Power Poster
BrianC
Joined: Nov 2004
Posts: 6,689
Illinois
Here's the key phrase

Quote
initiated by a person who obtained the access device from the consumer

1. You trick me into giving you my card or card number and you use my access device for unauthorized charges. - Reg E covers this as it was obtained through robbery or fraud.

2. You trick me into thinking I'm buying a puppy from you and I initiate a cash app/paypal transfer to send you money. I initiated the transfer so Reg E does not protect me and there are no chargeback rights since I received the services I authorized (the merchant in this case is cash app/paypal)

3. You trick me into authorizing a charge over the phone which you key into a merchant terminal. I initiated the transfer so Reg E does apply but since the fraudsters used a merchant terminal, the bank has chargeback rights for merchandise/services not received.
_________________________
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!
www.tcaregs.com

Return to Top
#2264393 - 01/06/22 06:40 PM Re: Authorized or Not? 1995Banker
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
Quote
the very definition of an unauthorized EFT it includes transaction where the customer is scammed, i.e. fraud occurs.

I will disagree with your characterization of the regulation which appears to be that whenever the consumer is scammed, the transfer is unauthorized. But that's not what the regulation (or more accurately, the official staff commentary) actually says. It says that "An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery."

If you go to the grocery store and use your debit card to purchase groceries, who is initiating the transfer - you or the store? If you make an online purchase from Amazon charged to your debit card by inputting the debit card info on their site, who is initiating the transfer - you or Amazon? If a scammer convinces you to go to www. nottherealamazon. com and use your debit card to "purchase" something that you never receive (because it's a scam), who initiated that transfer - you or the scammer?
Last edited by BrianC; 01/07/22 04:03 PM. Reason: Remove hyoer link to "hypothetical" fraud site
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2264409 - 01/06/22 09:22 PM Re: Authorized or Not? 1995Banker
Valley girl Offline
Gold Star
Joined: Aug 2014
Posts: 394
TX
To me, the cash app scenario is like the scams where the consumer purchases gift cards and then gives the gift card information to the fraudster. We don't process those disputes as Reg E (or merchant disputes). The fraudster never handles or has access to the access device in either scenario. I understand that no regulation can fit every situation, but a clearer definition of "initiated" and "obtained" would be nice.

Because the regulation isn't clear, I have given final credit on the "cash app" scenario rather than risk run afoul of the reg.

Return to Top
#2264548 - 01/10/22 09:33 PM Re: Authorized or Not? BrianC
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Originally Posted by BrianC
Here's the key phrase

Quote
initiated by a person who obtained the access device from the consumer

1. You trick me into giving you my card or card number and you use my access device for unauthorized charges. - Reg E covers this as it was obtained through robbery or fraud.

2. You trick me into thinking I'm buying a puppy from you and I initiate a cash app/paypal transfer to send you money. I initiated the transfer so Reg E does not protect me and there are no chargeback rights since I received the services I authorized (the merchant in this case is cash app/paypal)

3. You trick me into authorizing a charge over the phone which you key into a merchant terminal. I initiated the transfer so Reg E does apply but since the fraudsters used a merchant terminal, the bank has chargeback rights for merchandise/services not received.

I believe I came to a similar understanding at a previous point in time regarding this topic. It sounds like you do agree with me as far as the initial post in the thread. If the lady gave her debit card number to the person on the phone and they take the card number to give themself money, then would you agree this is a Reg. E Error? You would consider that the scammer obtained the debit card number by fraud and initiated the transaction?

Return to Top
#2264549 - 01/10/22 09:36 PM Re: Authorized or Not? rainman
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Originally Posted by rainman
Quote
the very definition of an unauthorized EFT it includes transaction where the customer is scammed, i.e. fraud occurs.

I will disagree with your characterization of the regulation which appears to be that whenever the consumer is scammed, the transfer is unauthorized. But that's not what the regulation (or more accurately, the official staff commentary) actually says. It says that "An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery."

If you go to the grocery store and use your debit card to purchase groceries, who is initiating the transfer - you or the store? If you make an online purchase from Amazon charged to your debit card by inputting the debit card info on their site, who is initiating the transfer - you or Amazon? If a scammer convinces you to go to www. nottherealamazon. com and use your debit card to "purchase" something that you never receive (because it's a scam), who initiated that transfer - you or the scammer?

I still don't think the customer "initiates" the transaction at notthrealamazondotcom. Nothing happens with the card at the fake site other than your number and info being captured to use to take the funds.

Return to Top
#2264550 - 01/10/22 09:44 PM Re: Authorized or Not? 1995Banker
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,226
Galveston, TX
And just who provided that number and info - the consumer. You can give away the bank if you choose to - most choose not to give away more than what is already required.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2264558 - 01/11/22 02:24 PM Re: Authorized or Not? rlcarey
Compliance NABW Offline
Diamond Poster
Joined: Oct 2015
Posts: 1,668
Originally Posted by rlcarey
And just who provided that number and info - the consumer. You can give away the bank if you choose to - most choose not to give away more than what is already required.

Yes, due to fraud. Just like they provide the card if somebody points a gun at them.

Return to Top
#2264565 - 01/11/22 03:36 PM Re: Authorized or Not? 1995Banker
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,226
Galveston, TX
The consumer willingly used the fake website - nobody was holding a gun to their head.

Were they stupid, yes.

Does Regulation E protect against such stupidity - no.

Maybe their card issuer rules might cover it if they ordered merchandise that has failed to show up, for example, but we are not talking about card rules. They authorized the charge and that is really the end of the story as far as Regulation E is concerned.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2264599 - 01/11/22 07:36 PM Re: Authorized or Not? 1995Banker
RockChucker, CAMS Offline
Diamond Poster
Joined: Jul 2013
Posts: 1,700
The Country
I'm with Randy, this is not a Reg E protected situation based on the scenario presented.
_________________________
A successful man is one who can lay a firm foundation with the bricks others have thrown at him.
-David Brinkley

Return to Top
#2264607 - 01/11/22 08:29 PM Re: Authorized or Not? 1995Banker
Adam Witmer Offline
Power Poster
Joined: Sep 2010
Posts: 2,658
Over the last year, the CFPB has issued two sets of FAQs - June 2021 and December 2021 - that appear to be more consumer friendly than the approach some have taken in the past.

For example, the answer to current FAQ 5 (Section: Error Resolution: Unauthorized EFTs) says this: "Similarly, when a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT under Regulation E."

In addition, the answer to current FAQ 6 (Section: Error Resolution: Unauthorized EFTs) says this: "A consumer who is fraudulently induced into providing account information has not furnished an access device under Regulation E."

That said, the FAQs seem to sort of tip-toe around the specific "initiated" discussion found in this thread. I understand that the FAQs are not regulations, but I do think Compliance NABW has a good point on the "obtained through robbery or fraud" argument, which I have always felt could be interpreted more consumer-friendly than many bankers often do.

At the end of the day, this is ultimately becoming a risk management decision. On one hand, being conservative and erring on the side of the consumer will avoid examiner criticism (and help the consumer). On the other, taking a traditional Reg E "initiated" stance will save the bank money. I will be curious to see if future CFPB FAQs address this topic.
_________________________
Adam Witmer, CRCM

All statements are my opinion, not those of my employer, and should not be taken as legal advice.
www.compliancecohort.com

Return to Top
Page 1 of 3 1 2 3

Moderator:  Andy_Z