CU Responsible for Member’s Loss to Phishing Scam?

Answered by:

Question:

We have a member who fell for a phishing e-mail. The credit union listed on the e-mail was not us. However, our member gave them everything to do with her account with us. Name, social, birthdate, debit card number, pin number, you name it. Are we responsible for crediting her account the $3,000 loss she suffered?

Answer:

Credit Unions are subject to Reg. E, the Electronic Funds Transfer Act as shown here on the NCUA web site. If the phished funds were taken electronically, subject to the requirements of Reg. E, then an investigation would be in order and it is very likely that the institution will pay most or all of this amount back to the consumer. Their acting irresponsibly does not take away rights they have under this regulation or increase their liability.

http://www.ncua.gov/GuidesManuals/examiners_guide/chapters/chapter19.pdf

First published on BankersOnline.com 10/17/2005

CU Responsible for Member’s Loss to Phishing Scam?

Related Q&As

Red Flag Program as Part of Information Security Program

About a Separate Identity Theft Prevention Program

Man-in-the-Browser

Related Tools View All

Privacy Police Tools

Clean Desk Policy & Privacy Citation and Commendation

Information Security Access Assessment

OFAC Updates View All

Sanctions List Search

Specially Designated Nationals List (SDN)

Sanctions Programs and Information

Search Topics