I'm needing some help here. We have a customer who has reported her card was stolen by her daughter. She contacted local police and voluntarily filed a police report prior to contacting the bank about the charges. The customer is out over $700, most of which are ATM withdraws. Through speaking with the customer, she informed us that she has given her daughter her access device and PIN in the past to make purchases, but she has always been present. She insist that the card was stolen.

In reviewing CFR 1005.2(m)(2) my customer had furnished the access device and PIN to the daughter for previous purchases, but she had not notified the bank that she was revoking her permission to the daughter to use the access device. I'm questioning if the customer had reacquired the access device, does 1005.2(m)(2) constitute grounds to deny the claim? From a previous webinar, I believe that it does not constitute grounds for a denial, but I'm unsure.

We are meeting tomorrow with the customer to discuss when she learned that her card was missing and such.

Although the customer was certainly negligent with her card and PIN, the staff interpretations to 1005.6 note that we cannot use negligence as a reason to increase customer liability. The authorization to use the access device terminated with mom re-secured that card.

Had she given the card to daughter and asked her to run to the store and the fraudulent charges occurred at that time, 1005.2(m) could be used as a reason to deny the claim. Since the card was re-secured, note 3 in the staff interpretations applies as opposed to note 2. (Operationally speaking regardless of the outcome of this claim, I would not be giving this person another card.)

2. Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.

3. Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

Hi Brian,

Thanks for the contribution. In talking with the customer she was clearly negligent with safeguarding her card and PIN, but Reg E benefits the customer, and negligence can't be used for a denial.

I didn't think Note 2 would apply in this case, but I was struggling to find a case study that would confirm my thoughts.

At the end of the day, this customer is planning to prosecute her daughter. Sadly she's a minor and it's like a slap on the wrist. I hope she turns herself around for the sake of her future.

Thank you!

Pre-CFPB I confirmed with an FRB attorney that re-securing the card was key and there was no evergreen authorization in Reg E. Getting the card back is key, not calling the bank and saying the daughter no longer has authorization. The daughter stole the card and used it.

Brian's cites are spot on as are you noting that the bank is on the hook for likely most of this, depending on the timing of discovery and notice to the bank. If there is negligence, it's moot under E. The consumer may have some liability even under zero liability rules if you can cite negligence applicable under V/MC rules.

And I agree that I hope the daughter learns a lesson, and I hope mom locks up her card and never shares her PIN.

This "case" differs a bit from similar questions about giving the card to a third party with authorization, then getting it back, etc. In this case, the OP says that Mom was always there when daughter used the card and (presumably) got the card back each time. So really, Mom never lost control of the card until it was "lifted" without authority. So, in this case, I don't think there is any gray area to argue over. The transactions that Mom is concerned about are unauthorized (unless the bank can get a photo of Mom making one of the withdrawals, or looking over daughter's shoulder as it's being completed).

I don't have any problem agreeing with the opinion that temporary authority ends when the access device is returned to the cardholder's control. But in today's environment, "return to control" becomes questionable, since the card number, expiration date and CVV or its equivalent can often be used in online, in-app, and telephone purchases just as if the card were present and, in my mind, are collectively the access device. The plastic is just a convenient vehicle for providing the access device data to an ATM or merchant. That's where the issue of "return to cardholder's control" gets murky.

I don't know whether some additional commentary for the regulation might clear up the issue. But I'd sure like to see the Bureau try.

I'd like to see Reg E completely overhauled as it hasn't kept up with the times at all and at some point the customer should have to assume more liability IMO for certain things they allowed/did.

Somehow I do not see the Consumer Financial Protection Bureau making a change to a regulation that would put more liability on consumers.

I know. It's a pipe dream but a gal can still wish.