Skip to content
BOL Conferences
Thread Options Tools
#2276573 - 10/12/22 02:24 PM REG E and Recurring payments
IAandComp Offline
New Poster
Joined: Aug 2015
Posts: 10
Under 1005.2(m)(1) the bank can state the recurring payment dispute, although customer stated they cancelled with the merchant, is outside of REG E. The REG E requirements do not have to be followed.

If the above is used to consider this dispute outside of REG E, what happens if the recurring charge occurs again? The customer had already said they notified the merchant and since they had filed a dispute with the bank, they had notified the bank at that time. A stop payment wasn't requested at the time. (The dispute with Visa also wasn't done as the customer did not provide the bank with the information Visa needed for chargeback).
Does it become REG E only IF the customer notifies the bank again that the recurring charge occurred? At that time the bank would have been informed previously.

example: January 1st customer says they notified merchant and still pulling payment. Bank decided it wasn't REG E and went straight to VISA requirements. The bank requested the necessary information but the customer never responded. A stop payment was not requested.

February the bank sees the recurring charge occurred again. What liability does the bank have at that time since that had been previously notified but a stop payment wasn't requested? Or does the bank wait for customer to contact them again, which at that point it would be REG E.

There is some confusion in this area. Any help would be appreciated!
Thank you

Return to Top
General Discussion
#2276603 - 10/12/22 06:39 PM Re: REG E and Recurring payments IAandComp
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
On what basis do you claim this is not a Reg E scenario? If a consumer has given a merchant (let's say its a gym) a standing authorization for a monthly $10 debit card charge, those transactions are subject to Regulation E, and, because they are recurring on a regular basis with no further authorization needed from the consumer, they meet the Reg E definition of "preauthorized electronic fund transfer" (or PEFT).

If the consumer cancels the authorization, and the gym keeps on charging the $10 each month, the consumer has a bona fide error claim under Reg E. The bank can accept a stop order for the next payment. It can also accept a stop order for the future debits and ask for documentation of the revocation, canceling the future stops if the consumer doesn't provide that documentation in 14 days.

The bank made its first mistake when it decided in January that Reg E was not in play. It was a Reg E error claim. It may involve VISA charge-backs, etc., too, but it is still a Reg E claim of an unauthorized EFT (UEFT).

In February, the bank could have been proactive and contacted the consumer rather than wait for the consumer to realize they were charged again (consumers often are slow to review their bank statements). That assumes that, in February, someone at the bank actually remembered the consumer had notified the bank of the previous month's UEFT.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2276617 - 10/13/22 03:33 AM Re: REG E and Recurring payments IAandComp
IAandComp Offline
New Poster
Joined: Aug 2015
Posts: 10
Thank you for the answer. I think the decision to treat recurring payments outside of Reg E was based on an answer similar to the below. I didn’t know how to link so I copied/pasted. See bottom of answer. So I am misunderstanding and it should be treated as Reg E? I admit I’m totally confused..

Reg E Cancelled Recurring Transactions

Answered by: Brian Crow
Question:
June 15, 2011 titled Debit Cards - Error Resolution Problems Solved. In that training, there were slides on cancelled recurring transactions that stated that these types of transactions were not covered by Reg E. Could you please provide the reference in Reg E where it supports that a transaction that occurs after the recurring transaction is cancelled is not considered unauthorized and therefore not covered by the regulation.
Answer:
The example provided in the training is based on the staff interpretations to Section 1005.10(c) Preauthorized transfers - Customer's right to stop payment.

2. Revocation of authorization. Once a financial institution has been notified that the consumer's authorization is no longer valid, it must block all future payments for the particular debit transmitted by the designated payee-originator. But see comment 10(c)-3. The institution may not wait for the payee-originator to terminate the automatic debits. The institution may confirm that the consumer has informed the payee-originator of the revocation (for example, by requiring a copy of the consumer's revocation as written confirmation to be provided within 14 days of an oral notification). If the institution does not receive the required written confirmation within the 14-day period, it may honor subsequent debits to the account.

3. Alternative procedure for processing a stop-payment request. If an institution does not have the capability to block a preauthorized debit from being posted to the consumer's account—as in the case of a preauthorized debit made through a debit card network or other system, for example—the institution may instead comply with the stop-payment requirements by using a third party to block the transfer(s), as long as the consumer's account is not debited for the payment.

When cancelling a recurring authorization, the bank is required to block the payment if the cardholder provides notice to the bank that they are terminating the merchant's authorization. If the bank allows a recurring transaction to post after it has been notified by the cardholder that such transactions are not authorized, the recurring payment would be considered a Reg E error.

However, in the example provided in the training, the customer claims to have notified the merchant directly that they were cancelling services, but did not notify the bank and could not provide proof that they had notified the merchant. Consequently, the bank was free to treat this as a "merchant dispute" to be resolved outside of the Reg E requirements.

In hindsight, it is better for me to say that a recurring payment dispute COULD be covered by Reg E if the bank permits a recurring charge to hit an account AFTER it has knowledge that the authorization has been revoked.

First published on BankersOnline.com 12/10/12

Return to Top
#2276633 - 10/13/22 03:23 PM Re: REG E and Recurring payments IAandComp
BrianC Online
Power Poster
BrianC
Joined: Nov 2004
Posts: 6,694
Illinois
Perhaps a better way for me to have phrased that response is that for the initial cancellation, you performed a Reg E investigation and concluded that no error occurred. (This is an 11 year old source that you have cited.) Regulatory commentary in subsequent years has put significantly more of a burden on financial institutions when it relates to investigations.

By claiming that the the authorization was cancelled, the consumer is providing notice to the institution under 1005.11(b) that a transaction is unauthorized. Although the commentary to 1005.10 notes that we can honor subsequent debits if the consumer fails to provide confirmation that they notified the merchant that they revoked the authorization, the current CFPB FAQs published in June 2021 substantially limit our ability require additional information when investigating a Reg E claim.

"QUESTION 4:
Can a financial institution require a consumer to file a police report or other documentation as a condition of initiating an error resolution investigation?

ANSWER (UPDATED 6/4/2021):
No. A financial institution must begin its investigation promptly upon receipt of an oral or written notice of error and may not delay initiating or completing an investigation pending receipt of information from the consumer. See Comments 11(b)(1)-2 and 11(c)-2. In the past, Bureau examiners found that one or more financial institutions failed to initiate and complete reasonable error resolution investigations pending the receipt of additional information required by the institution. These examples can be found in the Bureau’s Summer 2020 edition of Supervisory Highlights and Fall 2014 edition of Supervisory Highlights. The Bureau cited similar violations in 2019-BCFP-0001.

To summarize: The consumer's notice under 1005.11(b) that they revoked and authorization and were subsequently charged meets the definition of an unauthorized EFT under 1005.11(a) requiring that we investigate. The CFPB says we cannot delay an investigation while waiting for a customer to provide evidence that the authorization was revoked nor can we deny the claim solely on the basis of the customer claim. We can attempt to contact the merchant either through the chargeback process or directly to aid our investigation into determining whether or not an error occurred, and then approve or deny the claim based on what we find. If we conclude that no error occurred 1005.10 allows us to continue honoring debits from that merchant, but operationally, I would likely cancel the debit card and issue a new one after the customer informed me of unauthorized charges. If we kept the card active and the customer never did provide evidence of cancellation, we are allowed to honor subsequent debits since there were determined to still be authorized.
_________________________
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!
www.tcaregs.com

Return to Top
#2276735 - 10/17/22 07:56 PM Re: REG E and Recurring payments BrianC
IAandComp Offline
New Poster
Joined: Aug 2015
Posts: 10
Thank you so much for the clarification!

Return to Top
#2279938 - 01/18/23 05:01 PM Re: REG E and Recurring payments IAandComp
Inspector Offline
Gold Star
Joined: Apr 2016
Posts: 283
Revisiting this point, and I admit I may be reading this wrong, but Reg E seems to indicate that if the consumer has a recurring transaction that they would need to notify the bank that they cancelled the transaction, otherwise it would not meet the definition of an unauthorized EFT. Does a consumer need to notify the bank every time they cancel a subscription in order to be covered under Regulation E? This sounds very off to me but I am going in circles trying to understand what this language means given that "person" and "access device" are defined broadly under the regulation.

(m) “Unauthorized electronic fund transfer” means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated:

(1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized
_________________________
Opinions expressed are my own and do not reflect legal advice or the opinions of my employer.

Return to Top
#2279941 - 01/18/23 05:27 PM Re: REG E and Recurring payments IAandComp
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,227
Galveston, TX
They do not "furnish the access device" to someone that processes a reoccurring payment. So, I am confused.

You finish an access device to someone by, for example, giving your debit card and PIN to your boyfriend or girlfriend.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2279954 - 01/18/23 07:33 PM Re: REG E and Recurring payments IAandComp
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
This is the problem with using a regulation (and its enabling statute) drafted 40 years ago to govern transactions that didn't exist at that time.

Is a debit card not present transaction - every internet transaction - conducted with an "access device"? Or is it conducted without an access device? The answer has significant ramifications. An access device doesn't have to be physical; it can be a code or other information that can be used to initiate an EFT. OSC 1 to 1005.2(a) says that the term includes "personal identification numbers (PINs), telephone transfer and telephone bill payment codes, and other means that may be used by a consumer to initiate an electronic fund transfer (EFT)."

If the card info is in fact an access device, does the cardholder who gives a merchant (or a P2P provider) the card info and authorizes the merchant or P2P provider to initiate future debits to the cardholder's account "furnish the access device and grant authority" to the merchant or P2P provider such that for purposes of the FI's liability, all transfers initiated by the merchant or P2P provider are not "unauthorized."

You can make good arguments that the answer to those questions is yes. There are also arguments to the contrary. But the CFPB hasn't seen fit to engage in such analysis.
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top
#2279964 - 01/18/23 08:21 PM Re: REG E and Recurring payments IAandComp
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
But the definition of unauthorized EFT in 1005.2(m) complements the treatment of stop orders on preauthorized EFTs where the cardholder can stop an individual payment or declare that a standing authorization was revoked and stop payment on all future transactions by the same acquirer (merchant, for example). The cardholder can be required to document the revocation for the care issuer.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top
#2279967 - 01/18/23 08:44 PM Re: REG E and Recurring payments IAandComp
rainman Offline
Power Poster
rainman
Joined: Nov 2004
Posts: 3,237
That's true for transfers that fit the definition of "preauthorized." But it doesn't address the issues for transfers that fall outside of that category. A significant chunk of the EFT fraud claims being made in today's environment involve non-recurring (i.e. not pre-authorized) transfers initiated by P2P services and transmitted to FIs over Visa/MC rails, in response to transfer requests initiated using the P2P app.

But the analogy is strong: if the FI is not liable for preauthorized transfers processed before the consumer notifies the FI that authorization has been revoked, why should the same reasoning not apply to transfers initiated pursuant to an ongoing authorization? But again, the CFPB doesn't even ask the question, let alone answer it.
_________________________
Nobody's perfect, not even a perfect stranger.

Return to Top