Our bank is considering phasing out old ATM cards and replacing them with our standard debit card. My assumption is that we do not need any type of authorization from the customer as they initially applied for the card and this should qualify as a substitution under 205.5a(2), right? We will provide at least 21 days notice that this is coming and supply them with our current Reg E disclosure if we go forward. Anything else I am missing?

Thanks in advance!

I wouldn't believe that the card change requires a 21 day notice as the changes are not adverse to the consumer.

"A financial institution shall mail or deliver a written notice to the consumer, at least 21 days before the effective date, of any change in a term or condition required to be disclosed under §205.7(b) if the change would result in:

(i) Increased fees for the consumer;
(ii) Increased liability for the consumer;
(iii) Fewer types of available electronic fund transfers; or
(iv) Stricter limitations on the frequency or dollar amount of transfers."

If they'll have new PINs, yes they need to be separated and you should have a STRONG procedure to activate the new cards after verifying your customer is the on the receiving end. I would tout the new accessibility features to offset the inconvenience of getting a new PIN.

Andy,
We're doing the same, but we're not supplying new PIN's. We're allowing the customer to keep their old PIN. To activate the new debit card, we require input of the old PIN and new card number. Is this sufficient to validate our customer's identity in order to activate the new card?

you may be more concerned with how well this is received by the consumer. We did this several years ago on 12,000 or so cards, we had about a 30% dissatisfaction rate. People who did not want "upgraded" to a debit card for whatever reason. That created a lot of extra work.

Picking up on XODUS' comments - you should consider sending an advance notice to your customers and let them know what you will be doing before you send the replacement card. At a minimum, you should have a calling tree prepared with some Q&A's to help your employees handle the phone calls you will get from complaining customers. There will definitely be some percentage (hopefully small) of your customer base that will be unhappy with your decision. You should be prepared to deal with complaining customers.

I'd say yes, and no. Yes because they should have this confidential PIN which is a security protection. And it sounds like you're substituting a new card for an old one.

No, for partially the same reason. People give out their PINs. So I see this as a weakness, but not to the same level as my "yes" answer, meaning "yes" wins in my opinion book. I haven't researched this in detail though.

My opinion from the customer service perspective would be to ask them, for some of the reasons noted above. I don't have a debit card, just an ATM card requiring a PIN. I like the security better. But more and more debit is more widely accepted. I may have to bite the bullet and get the debit card. But at my bank there is a fee for that. I hate fees.

The following is a shameless plug: If you want the 101 on Reg. E, including disclosures, cards and claims, check out my webinar coming up the 10th. http://calendar.bollearningconnect.com/main.php?view=event&eventid=1173781974101

Like Andy, I have only an ATM card at my option. My bank waived the fee since a) I had the ATM card and account for over 15 years and b) I haven't requested a new card in 10 years. Mine finally, literally, wore out.

The PIN ID method is OK, except with it isn't. That is, you can use it to verify a customer's identity to comply with the regulation's requirements for sending unsolicited cards, but if someone ELSE gets hold of a new card and happens to know your customer's PIN, and validates it, your customer never accepted the new card, and you aren't going to get away with laying off any liability on the customer.

Chances slim? Probably. But, as Andy points out, family members or roommates may have obtained access to the PIN at some time, and might intercept the new plastic to go on a little spending spree.

Thanks John. Do you feel that activating a card at an ATM would constitute an "oral or written request" to activate the card? I think this is where we are hung up- calling in, that's oral. But, is inputting a PIN considered "written"? That might be stretching it.....

Thoughts?

Yes. I would consider an ATM transaction record to be a writing.