Regulation E Dispute Concern

Posted By: SO

Regulation E Dispute Concern - 03/12/21 12:51 AM

I have a customer who fell victim to a scam and he provided the scammer with his debit card information as the scammer promised him that if he gave his debit card information, he could make "easy money". The customer, being a young college student, honestly didn't know any better and thought he was getting himself into something legitimate. To make a long story short, there were $29k of debits that went through his account associated with his debit card as part of the fraud, and $5k in credits that were made to his account as a result of the scam. The customer reported the activity to us within the 60 days of the statement which contained the first fraudulent transaction.

Does the bank need to file Regulation E disputes for the fraudulent debits?
Posted By: BrianC

Re: Regulation E Dispute Concern - 03/12/21 02:15 AM

Congrats on your first post. Regulation E continues to be a challenge to financial institutions.

I don't have quite enough information to asnwer your question so we may need to go back to our customer depending on how much of the story you have.

You mention $5K in credits that were made along with a large volume of debits. At first blush, your situation sounds like your customer participated in a Card cracking scam. If your cardholder admits to giving their access device to a third party who then exceeded the authority given, then your customer is liable for their participation. See the definition of unauthorized EFT and supporting commentary to 1005.2(m).

(m) “Unauthorized electronic fund transfer” means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated:

(1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized;

(2) With fraudulent intent by the consumer or any person acting in concert with the consumer; or

(3) By the financial institution or its employee.

On the other hand, a customer who falls for a phishing email and gives away their card information online would be protected under Reg E based on the commentary.

3. Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

Your customer liability will be based on your assessment of which of the above circumstances applies. Regardless of your conclusion, remember that you do not have to reissue your customer another card.
Posted By: SO

Re: Regulation E Dispute Concern - 03/12/21 04:00 AM

Thank you so much for explaining. It makes more sense. I do have one other question though, what if the bank failed to request written notification from the customer and the bank did not provisional credit at all? Does this mean the bank forfeits their right to an investigation and has to provide permanent credit of the entire loss?
Posted By: SO

Re: Regulation E Dispute Concern - 03/12/21 04:47 AM

I forgot to add, the PC wasn’t provided within 10 days and we are now 3 weeks out from customer’s notification.
Posted By: Andy_Z

Re: Regulation E Dispute Concern - 03/18/21 02:05 PM

I would say you violated Reg E and could be penalized for that by the appropriate authority. It does not mean the consumer gets all the money (especially $29K) if the claim is not valid. If your claim is still pending, pay provisional now and reduce the harm to the consumer. You still have a violation, but it isn't getting worse. Once discovered, you corrected it in this case and hopefully are working to prevent it from happening again.

If you have made a final decision, deny the claim or pay it and move on, again correcting your procedure and recognizing you found a violation that should be noted in your audit reports. It looks better for your compliance program to have self-discovered the error, corrected it as best you could, and corrected the problem itself.

You can't go back in time and do it right, you can only fix what you can and do your best in the future, learning from this error.