Skip to content

Reg E Fraud- EFT Claim

Answered by: 

We have received an EFT claim where the customer allowed the girlfriend to use his debit card to pay his bills while he was in the hospital for a month, Nov 23 - Dec 23. Unfortunately the girlfriend did not pay bills, she helped herself by using FB Pay and transferred about $9,000 to herself. Customer gets out of the hospital and girlfriend will not let him have access to his phone, the bank, or anything as she is the one "taking care of him". Finally, if the story is true, he managed to get out of the car while near the bank when she was driving, parked at a stop sign. He then learned why she wouldn't give him any of his account info. Even though she exceeded her authorization he granted, the customer is liable since he gave her authorization, correct? My concern is more so about the transactions that occurred after Dec 23, as she continued to use the account. He took his card back on Dec 23 when he got back home; however, the information was stored in the device for the P2P transfers and she continued to use it through January. Are we liable for those transactions? Is it a concern that the customer was unable to contact the bank since he was hospitalized? He was unable to contact us even after he got home because she wouldn't allow him access to his phone. What do you suggest we do on this claim?

I'd suggest you tread a bit lightly here. If the story about hospitalization and not being able to contact the bank once he got home is true, make note of §1005.6(b)(4) - "If the consumer's delay in notifying the financial institution was due to extenuating circumstances, the institution shall extend the times specified above to a reasonable period," and comment 6(b)(4) - 1 - "Examples of circumstances that require extension of the notification periods under this section include the consumer's extended travel or hospitalization." While those words are associated with the timeliness of the consumer's notice to the bank of unauthorized transactions or loss or theft of an access device, I think it's pretty easy to see how they might apply to the alleged facts in your scenario.

Also, of course, we have the fact that the physical card is not the only access device here. The stored information in the FB Pay app was also an access device. That supports a position that the consumer's authorization "lived on" even after the card was returned to him.

But then there is the "she wouldn't let me have my phone back" defense from the customer, so he couldn't contact the bank until his purported "escape."

One thing only is certain here -- the consumer should be off the hook for any of his former girlfriend's transactions that may have occurred after he escaped her bullying (that is what it was, if it happened), and told his tale of woe to the bank.

First published on 05/02/2021

Filed under: 
Filed under compliance as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics