1005.14 and Visa / Mastercard zero liability

1005.14 states that "The account-holding institution need not comply with the requirements of the Act and this part with respect to electronic fund transfers initiated through the service provider...."
So debits out of bank accounts by Paypal, Square, Venmo, etc. are not subject to Reg. E recredit by the bank.
However, where does that leave things with Visa and Mastercard zero liability rules? We are a Mastercard bank. My understanding would be if the debit card was used to initiate the debit, and the service provider won't refund the customer for whatever reason, we must recredit the customer. Yes?
Also, if a debit card was used, does Mastercard permit us to refer the customer back to the service provider first before recrediting under zero liability rules?

The use of a third party does not automatically negate the bank's responsibility under Reg E. You still have to understand what happened.

1. My debit card number was compromised and the bad guys used the stolen access device the bank issued to originate unauthorized EFTs using one of the above platforms. - Regulation E and VISA/MC Zero Liability define this as an error that the bank must investigate because it was your access device that was compromised.

2. I have $100 parked in my online wallet through one of the above platforms and my ID & password for that online wallet is compromised resulting in the unauthorized transfer of that $100. - 1005.14 applies since it was not the bank issued access device that was stolen and the service provider is responsible for investigating. Also Zero Liability does not apply because the theft was not the result of a lost, stolen or compromised VISA/MC.

3. I don't have any money in my online wallet, but I have my debit card saved as an a default method of payment. My ID & Password for that online wallet is compromised resulting in unauthorized transfers from my checking account connected to the debit card. - 1005.14 applies since it was not the bank issued access device that was stolen and the service provider is responsible for investigating. Also Zero Liability does not apply because the theft was not the result of a lost, stolen or compromised VISA/MC.

The issue you will have with scenario 3 is that the only way we know that the customer's online wallet password was compromised rather than their debit card was compromised is if they tell us so including a discussion of the particulars during the initial interview is important. Absent that information, we'll have to process scenario three as a Reg E claim to determine what actually happened and whether or not we conclude an error occurred for which we are liable.