by Randy Carey:
You cannot impose liability on the customer for fraudulent transactions regardless. There is no upside to the bank by allowing them to keep their current card.
by Brian Crow:
To echo Randy's comment, if the bank allows a consumer to keep a compromised card active, the bank accepts the liability risk. Consumers cannot sign away their Regulation E protections. See the commentary to 1005.6(b).
3. Limits on liability. The extent of the consumer's liability is determined solely by the consumer's promptness in reporting the loss or theft of an access device. Similarly, no agreement between the consumer and an institution may impose greater liability on the consumer for an unauthorized transfer than the limits provided in Regulation E