Skip to content

Reg. E Unauthorized Use & Had PIN

Question: 
A mother gives a son her ATM card and her PIN to use. The son and his wife steal the card a week later and over the weekend withdraw $951.00 from the mother's account. The brother, who is not on the account calls to report the card lost and the card is placed on hot card status. The CSR is a neighbor and insists we give her money back immediately. Does the bank have any basis for not returning the money when according to REG E it was reported within the time frame? Is there any way that we can use the fact that we were told that the mother had previously given the son her card and number? Where can I find more information concerning the liability of the bank in such cases?
Answer: 

This is a difficult scenario because of the initial authority to use the card and PIN. In the definition of an "unauthorized EFT," quoted below, we see that a transaction is not considered unauthorized if it was done by someone who had authority to use an access device, even if the specific transaction in question was not approved by the cardholder, if the cardholder had not contacted the bank to terminate the authority.

There is also information, in the Staff Commentary to the regulation, that says that an EFT made by someone who steals an access device is unauthorized.

Here is your cite for authorized/unauthorized use:
Section 205.2(m) Unauthorized electronic fund transfer means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated:

(1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized;

And here is the OSC cite addressing theft:
3. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.

Regulation E is decidedly a consumer protection regulation. When there are apparent conflicts, we should lean in the consumer's favor. In this case, we believe that the theft trumped the earlier grant of authority.

If the card had not been returned to the customer after she gave it to her son, there would not have been a theft, and we would argue that the transactions were authorized under Section 205.2(m), if completed by the son.

The fact that the unauthorized transaction claim was made by the brother (not involved in the account) is immaterial.

First published on BankersOnline.com 05/3/04. Revised 12/16/04

First published on 05/03/2004

Last updated on 12/16/2004

Filed under: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics