A customer responded to an email that said he had won $500 and of course the company requested to charge $1.00 to their account in order to confirm the account to then send the $500. Thereafter, the customer had 2 transactions on their account which they did not recognize that they attribute to their mistake in answering that email.

Staff attempted a dispute but it came back that the transaction was 3D Secured and so there are no chargeback rights.

For Reg E purposes, is this considered an unauthorized EFT initiated by a person who obtained a consumer's access device through fraud or robbery?

Also, does 3D Secure require some additional action on the customer's part? How does a fraudster perform that action assuming they do not have access to the customers phone or computer or whatever else is needed to perform the additional step for verification?

Thanks in advance!

I'm not familiar with 3D. If someone wants to describe that I'd be thankful.

But the scammer got information to send money and never an authorization to debit any. They should have only had a routing and account number. Anything else just made their job easier, but the charge would be unauthorized in my book. It was not authorized.

3D Secure is Visa's replacement for "Verified by Visa."

Regarding VBV - some processors allow an issuer to allow a card holder to bypass VBV registration x times. If your system is set up this way and fraud happens because VBV registration was bypassed--ou will be liable to your account owner for the unathorized charge, and you will not have chargeback rights because your configuration of VBV had the weakest security. I would check with your processor and if the cardholder is allowed to bypass VBV registration x times, I would change the setting so your cardholder can bypass the registration zero times.

Also, some scammers are sophisticated enough that they might have social engineered the info needed to register for VBV or the cardholder's VBV password. You're still liable for the transaction in that scenario.