Cardholder Liability for Negligence

Answered by:

Question:

If a customer supplies card number, name, address, PIN, CVV values and expiration date via an email to someone who asks for it, and then that person creates a card and uses it to withdraw funds from an ATM, does the cardholder have any liability due to negligence? If not, given today's fraud environment is light year's beyond what was envisioned when Reg E was enacted, should the regulations be updated to define some standard of cardholder liability for negligence?

Answer:

It would be important to know why the customer provided this information. It would seem it would be to have that data used, but not abused.

That said, providing such detailed information may be interpreted as analogous to providing the access device and allowing its use for one or more transaction(s). In these instances I would invoke 2(m)2 of the OSC 205.2.

12 CFR Section 205.2 Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.

Does Reg. E need changes, that depends on if you are the bank (who is reported to be producing record earnings) or the customer. Some years ago there was an attempt to increase liability to $500 for customers who had PINs on their cards. Seen as anti-consumer, it was defeated.

First published on BankersOnline.com 01/19/04