Answer by David Dickinson:Just because my son steals my card and knows my PIN (because he watched me use it one time) doesn't mean I gave it to him or that he has my permission. If they didn't give the family member permission to use the card, your customer is not liable (except for $50) and the bank is liable for the remainder.
Answer by Andy Zavoina:I agree with David, assuming the time-line meets the $50 liability requirement. While many will cite comment 2(m) 2 in the Reg E Commentary and claim that providing the access device and PIN is providing evergreen authorization until it is revoked by notification to you, I do not believe that is the case. Comment 2(m) 3 tells us that if the access device was taken by fraud or robbery, those are not authorized transfers. Unofficial discussions with FRB attorneys have indicated that evergreen authority does not exist and once the customer has re-acquired the access device, there is no longer an implied authorization. This is where the family member taking the card shifts the liability to you and a little toward the customer.
I also look at it this way. If I can write my PIN on the card and not have any greater liability, why should I be penalized if I gave it orally to only one trusted person, who gave it to no one else? Had I written the PIN on the card, anyone could use it. At least now we narrowed it down to that one person.
First published on BankersOnline.com 7/03/06