I have studied the FAQs and still slice and dice the wording. I believe I know what the CFPB wanted to say and what they actually said to comply with Reg E. As an example, referencing this CNET article (which is a banking topic from not a bank):
https://www.cnet.com/personal-finan...89190&mid=13830933&cid=534696250 It says
"Note that the CFPB's guidance only protects consumers who are unwittingly tricked into transferring money.
If your bank refuses to reimburse you for a Zelle scam, your only recourse (other than pitching your story to local media) is to file a complaint with the CFPB."
I believe if the consumer is tricked into making the transfer, they made the transfer and it's not unauthorized. That is different from being tricked into giving the scammer access info and the scammer makes a transfer. In that case there was no intent to EFT, the consumer didn't do it and that is a valid claim. I still apply the "did the consumer do" the EFT test. If the consumer did it, it is not unauthorized. An exception would be your consumer at the ATM with a gun to their head. That duress calls for self preservation unlike "your Amazon account was hacked..."
I do believe banks will weigh the pros and cons of accepting P2P programs. Do any of your network affiliations require these be accepted? (I'm asking.) Otherwise banks should evaluate those with weak security protocols and explain to customers that the losses are too high from that vendor so the bank won't accept them for the good of the bank and the customers. Similarly, if there are egregious losses on an account, close the customer's account. They don't need a debit card so that can be refused, but perhaps the account itself needs to be closed. I'm a firm believer that a consumer who sees easy money, will come back for seconds. Those are not the customers my bank would need to bank.