Skip to content

Cardholder Liability for Negligence

Answered by: 

If a customer supplies card number, name, address, PIN, CVV values and expiration date via an email to someone who asks for it, and then that person creates a card and uses it to withdraw funds from an ATM, does the cardholder have any liability due to negligence? If not, given today's fraud environment is light year's beyond what was envisioned when Reg E was enacted, should the regulations be updated to define some standard of cardholder liability for negligence?

It would be important to know why the customer provided this information. It would seem it would be to have that data used, but not abused.

That said, providing such detailed information may be interpreted as analogous to providing the access device and allowing its use for one or more transaction(s). In these instances I would invoke 2(m)2 of the OSC 205.2.

12 CFR Section 205.2 Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.

Does Reg. E need changes, that depends on if you are the bank (who is reported to be producing record earnings) or the customer. Some years ago there was an attempt to increase liability to $500 for customers who had PINs on their cards. Seen as anti-consumer, it was defeated.

First published on 01/19/04

First published on 01/19/2004

Filed under: 
Filed under technology as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics