Legally Handling ATM & Debit Card Claims Under Regulation E
Legally Handling ATM & Debit Card Claims Under Regulation E
TechnologyComplianceFrontline & New Accounts
While Reg E protects your customers, it places a great deal of potential liability on your bank. How do you legally handle ATM and debit card claims under Regulation E? 

Legally Handling ATM & Debit Card Claims Under Regulation E

There are countless ways scammers are working to steal your customer’s ATM and debit card information, especially around the holidays. While your bank cannot stop a thief from making fraudulent electronic funds transfers (EFT), you can shield accountholders with protections supported by Regulation E. Reg E provides a basic framework that establishes the rights, liabilities, and responsibilities of participants in electronic fund transfer systems, as stated by the Federal Reserve.
 
While Reg E protects your customers, it places a great deal of potential liability on your bank. How do you legally handle ATM and debit card claims under Regulation E? Elizabeth Fast, JD & CPA, outlined important requirements to obey with Community Bankers Webinar Network in 2020. One point she stressed most was, “The customer’s liability for an unauthorized EFT depends on whether an access device is used and when the customer notifies the financial institution.” These two factors create a matrix of liability for your bank. Elizabeth gave detailed examples of each tier, plus an easy-to-follow matrix in her webinar toolkit.

Access devices include ATM or debit cards, codes, or any devices used to access an account (even your mobile phone!). There are three tiers of liability when one is used:
  • First Tier — The customer’s maximum liability is $50 when they notify your bank within two-business days of learning about the theft. The two-day period only begins when the customer becomes aware that their card has been lost or stolen, which could be days after the actual incident.
  • Second Tier — The customer’s maximum liability is $500 when they give notification after the two-business day period above, but within 60 calendar days after the first statement showing the unauthorized EFT in question. Fast expressed “this is when it is important to do the math!”
  • Third Tier — The customer’s maximum liability is $500 plus all unauthorized EFTs after the 60-day period detailed in the second tier. It is important to note that the 60-day period begins when your bank sends out the statement either by mail or electronically, with some exceptions.

In cases where no access device is used, such as an ACH transaction or counterfeit card, there are two tiers of liability:
  • First Tier — The customer is not liable for anything if they notify your bank within 60 calendar days of your bank sending the first statement showing an unauthorized EFT made without an access device.
  • Second Tier — If the customer fails to notify your bank after the 60-day period above, they are liable for all fraudulent transfers occurring after that period. “The first 60 days are free,” noted Fast.

Regulation E allows for your bank to provide extra customer protections, like “zero liability”. However, you cannot impose greater liability on the customer by agreement. Your state’s law may also provide additional protection, in which case, the state law becomes the minimum requirement.

What happens after notice has been given for an unauthorized EFT? Elizabeth Fast’s 2020 webinar, Legally Handling ATM & Debit Card Claims Under Regulation E, continues the conversation with error resolution disclosures and procedures, what constitutes an error or unauthorized EFT, how to conduct an investigation, provisional credit, and required deadlines. She also answers questions relating to peer-to-peer payment systems like Cash App and Venmo, and dives into customer negligence and extenuating circumstances.

Contact us to purchase this webinar.

© 2022 FINANCIAL EDUCATION & DEVELOPMENT, INC