Answer by Jim Bedsole:Just because the customer still has the card in a PIN based transaction doesn't mean that the customer authorized the transaction. There are many ways of capturing card information and PINs and creating duplicate cards that could then be used. You have to use your best investigative process, including looking at available ATM camera footage, location of the ATM in question compared to the customer's usual patterns, etc., to determine whether an unauthorized transaction took place.
If you determine that an unauthorized transaction did take place, the customer's liability is limited, depending on when the unauthorized activity was discovered and when the customer notified you. Determine the date the customer discovered the unauthorized activity. If you were notified within two business days after that date, the customer's maximum liability is $50. If it was longer than two business days from that date, the customer's liability for everything that took place up until that two business days after is still $50. For everything that occurs after that point until the earlier of the dates you were notified, or 60 days after the statement date where the unauthorized activity first appeared, the maximum liability is $500. For everything that occurs after 60 days from the statement date where the unauthorized activity took place until you were notified, the customer's liability is unlimited.
Answer by John Burnett:There is a school of thought that holds that because a counterfeit card derived from skimming and other nefarious acts cannot be an accepted access device, a bank cannot hold the customer liable for transactions occurring before the sixtieth day following delivery of the statement showing the first such unauthorized transfer.
First published on BankersOnline.com 6/01/09