Skip to content

P2P Transactions Using Bank App on Phone

Answered by: 

A customer called to report two person-to-person (P2P) transactions as unauthorized. The transactions were done using a mobile phone and our bank app. The customer stated that she recently purchased a new phone and traded in her old phone. She also stated that she did not clear her old phone of personal information before trading it in. Our Digital Services User Agreement states that we (the bank) will not be held liable if the customer provides their password or other access info to any other person. Therefore, the customer's case was denied. Would we be in violation of Reg. E for denying this case? These were the only P2P transactions ever on this customers account, and the mobile login history shows a login on the date of the charges with one phone, then a login with a different phone a few days later.

First, I will emphasize that Reg E is a consumer protection regulation and that more often than not, the consumer wins in unauthorized electronic funds transfer claim. In the case of Reg E, if a consumer writes a PIN on their debit card and loses it, the bank cannot impose a greater liability on the consumer than is allowed under Reg E.

I would say that while negligent your customer has done the equivalent with their phone. The PIN was in plain sight or saved somehow and the passcode to enter the phone in the first place was removed I assume because it was traded in or sold. But I would also opine that the date the phone was delivered for this transaction the customer now had knowledge of the loss of their device. They may not have completely realized their information was exposed, but they certainly knew it was there and was now open for viewing. It's quite irresponsible, but that isn't a Reg E factor. It could be with some other branded cards, but here it was used in the bank app. Still, I would maintain sans evidence from the consumer that they potentially have a greater liability based on when it was reported and when they advised the bank of the loss.

Using an acid test, your customer neither did the transaction, authorize it or benefited from it so it can easily be a valid claim. Some may believe that leaving the phone unlocked was an authorized use for anyone finding it. I go back to the initial Reg E example of having a PIN on a card so I disagree with that in this context. In that light, I recommend verifying that the bank can enforce this "(the bank) will not be liable" clause. Reg E has not kept up with technology, but I see the similarity in your problem and the existing rule. Because of that, I would not automatically deny the claim.

If the customer did this phone sale transaction with a friend and could identify who completed the transaction, I would look hard this may have been an authorized use in some way just to protect the bank. If there was any fraud or collusion, the customer would have benefited from it in some way.

First published on 08/04/2019

Filed under: 
Filed under compliance as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics