I was trying to research the very question posed above (what if a user name and password are stolen....).
I guess I would have thought the $50/$500 rule would be in place since a user name/password would be considered an "access device" as defined in 205.2(a)(1). Anything outside of the $50/$500 would be (unfortunately) the bank's loss.
I am looking for all the assistance on this issue I can get.
The reason I was researching this issue stems from an article I came across this morning on the MSNBC website. I will try and post the link (I've never done it before, so I hope it works.)
http://www.msnbc.msn.com/id/6713753Based on the article, it appears the customer is out. Unless there are other circumstances not included in the article, I would like to know why?
Just curious what others think.