Hello Reg E experts!
I'm preparing some training material to illustrate the confusing provisions of Reg E's consumer liability tiers. Could y'all take a look at these examples and make sure I got them right? I have the hardest time with Reg E (I think it is a mental block) and the last thing I want to do is train inaccurately! Consumer liability tiers for FRAUD (205.6): Note:
Consumer negligence cannot be used by the bank for imposing greater liability than is permissible under Reg E (outlined below). Any consumer behavior that may constitute negligence (such as writing the PIN on a card or piece of paper kept with the card) does not affect their liability for unauthorized transfers. Additional Note:
VISA has a Zero Liability policy, which means the consumer isn’t out anything, unless they have been “grossly negligent or engaged in fraud”. However, this policy does not apply to ATM transactions. So, if the customer’s Debit Card is lost/stolen, you must figure their ATM transactions separately from debit card transactions. The ATM transactions ARE subject to these liability tiers. Final Note:
These rules also do not apply to transactions that didn’t involve an access device (like a card, PIN, password, etc.). If you have fraudulent transactions that are not “access device” related, do not follow these tiers, but see comments on next page. 1. Up to $50:
Consumer notifies us of lost/stolen card within 2 business days of learning of loss/theft. These two days do NOT include the day the consumer learns of it. Also, the customer gets more than 2 days (it is extended to a “reasonable period”) if extenuating circumstances, such as extended travel or hospitalization, occur.
The consumer is only liable for $50 or the amount of unauthorized transfers, whichever is less. Example 1
: Customer notifies us that they just noticed their ATM card is gone, and they didn’t make the $20 transaction that posted yesterday. They are responsible for all $20, and will not receive any refund. Example 2
: Same situation, but the transaction was $80, not $20. They would get $30 back, because they are responsible for the first $50.2. Up to $500:
Consumer notifies us of lost/stolen card after 2 business days, but up until 60 calendar days of statement date.
The consumer is liable for the first $50 worth of unauthorized transactions in the first two days, plus the sum of unauthorized transactions made until notification, up to a collective total of $500. Example 1
: Card is stolen on Monday. Consumer learns of it that same day, but doesn’t report it until Friday. A $100 unauthorized transfer was made on Tuesday, and a $600 unauthorized transfer on Thursday. The total liability is $500 ($50 of the $100 transfer plus $450 of the $600 transfer). Example 2
: Same situation as above, but the $600 unauthorized transfer occurred first, on Tuesday, and the $100 transfer occurred on Thursday. The total liability is $150 ($50 of the $600 transfer plus all of the $100 transfer).3. Unlimited liability applies:
Consumer notifies us of loss after 60 calendar days of statement date.
Consumer faces unlimited liability for all unauthorized transfer made AFTER the 60-day period. Their liability for unauthorized transfers up to the 60 day mark is determined based on the first two tiers described above.Transfers not involving an access device (a card, PIN, password, etc.):
The first 2 tiers do NOT apply to unauthorized transfers made without an access device – there simply isn’t any consumer liability if they report it within 60 days of their statement date. However, if the consumer fails to report anything within 60 calendar days of the statement date, they may be liable for any transfers occurring AFTER the close of the 60 days and before notice is given.Example 1
: Consumer’s account is electronically debited for $200 without authorization and by means other than a card transaction. If they notify us within 60 days, they have NO liability. Example 2
: Same circumstance, but notification comes on 62nd day. They still aren’t liable for the $200, but they are completely liable for any non-card transactions occurring after day 60. If there was a $400 unauthorized transaction on day 61, they are liable for all of it.