EFT Providers under Reg E?

Posted By: mnbanker09

EFT Providers under Reg E? - 05/10/22 04:36 PM

Are online merchants such as Amazon and Ebay considered EFT providers under Reg E? I did find an error resolution disclosure online for Amazon, so I assume yes?

A customer that disputes unauthorized transactions from these merchants (where debit card was used as payment), and these transactions derived from their respective merchant account, can we defer to that merchant for error resolution? Or do we still have to investigate, and could have potential liability?
Posted By: rlcarey

Re: EFT Providers under Reg E? - 05/10/22 04:49 PM

I am not quite sure what you are saying. Is the customer claiming their Amazon or Ebay account has been hacked?
Posted By: Valley girl

Re: EFT Providers under Reg E? - 05/11/22 03:10 PM

I asked the CFPB this very question. If a member's account with a retailer is used for fraudulent purchases (the purchases show up on the member's purchase history), how can we be liable if the card number was never compromised? The fraudster can't get the card number to use elsewhere because it is either masked or tokenized within the merchant's "payment methods." We have this situation happen all the time anymore with food apps, Uber, food delivery, Amazon, Cash App, etc. We end up cancelling the card because we have no dispute rights if the card is active.

The CFPB responded that they are working on new FAQs. Which frightens me.

We follow our error resolution procedures and investigate/reimburse on these claims because the current FAQs make it pretty apparent that we are responsible for anything that may happen with a debit card. It makes "investigation" fairly easy - basically we are just here to give money back.
Posted By: mnbanker09

Re: EFT Providers under Reg E? - 05/11/22 03:17 PM

rlcarey - yes, in the situation where their merchant account has been hacked, would we have liability under Reg E, or these merchants?
Posted By: mnbanker09

Re: EFT Providers under Reg E? - 05/11/22 03:20 PM

Valley girl - yes I agree that the recent FAQs make it clear that we need to investigate the claims under Reg E. I'm just wondering to the extent our investigation leads to their "Amazon" account being hacked and purchases are made, would those merchants be liable for error resolution (refund the customer) or are we as the FI?
Posted By: Valley girl

Re: EFT Providers under Reg E? - 05/11/22 05:15 PM

No, I don't believe those merchants are liable for error resolution. It still falls on us because the money left the bank account on the debit card rails. The CFPB doesn't care how access was gained to the bank account, just that the consumer did not authorize that transaction. And if an unauthorized transaction is reported to us, we have the liability.

This is what you get when you apply 1970's language to modern systems.
Posted By: Flower123

Re: EFT Providers under Reg E? - 05/11/22 06:41 PM

Valley girl - When was the comment below made, before or after the December FAQs? Just wondering if another set of FAQs are in the works.


The CFPB responded that they are working on new FAQs. Which frightens me.
Posted By: Valley girl

Re: EFT Providers under Reg E? - 05/11/22 07:59 PM

I wrote a rant to "contact us at CFPB" after the latest FAQs and explained how many cards a week we cancel that don't need to be cancelled due to the above types of disputes. I helpfully had an email from Chipotle explaining to our member that although Chipotle could see the member's Chipotle account had been compromised, the member needed to go to their FI for reimbursement. The transactions at Chipotle all exceeded $50 (there were 3 or 4 transactions total) so I wanted to try disputing them to see if the company would pony up the funds. Which led to cancelling yet another card that was never compromised with the impending chip shortage hovering on the horizon.

I was contacted by an attorney from the CFPB that said my email had passed through a lot of people at the CFPB and he was one of the authors of the newest FAQs. He said that they were going to start working on new FAQs. I told him my hope was that they involved experts that could explain how systems work and find a way to lessen the load on us. But I don't hold out much hope if any at all.