Magnify logoSubscribe To Magnify

Reg E and Unauthorized EFT Claims — Who’s Liable?

Article contributor / Diana Kern, Senior Financial Solutions Consultant

For many, it’s natural to trust family, friends, roommates, coworkers or anyone else we have a close relationship with. But trusting them with your debit card or other payment access device calls for additional considerations.

Maybe you just need one more ingredient for the dinner you’re preparing, and they offer to run out and grab it. Are you liable if they include a few things for themself in the purchase without permission and refuse to pay you back?

Let’s review the definition of unauthorized electronic funds transfer from Regulation E, §1005.2, which states:

(m) “Unauthorized electronic fund transfer” means an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated:

(1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized;

(2) With fraudulent intent by the consumer or any person acting in concert with the consumer;

or (3) By the financial institution or its employee.

Reg E excludes EFTs made by someone who used the consumer’s access device with permission. The authority given is further defined in the Official Interpretations section:

2(m)2. Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized.

When unauthorized EFT claims are made, it’s common to ask if the consumer gave someone else permission to use their access device. If the response is “yes,” dig deeper to uncover more details. Then apply those facts to Reg E’s definition of unauthorized.

It’s important to note Reg E doesn’t specify an expiration timeframe on the authority given other than the phrase about notifying the financial institution.

Generally, it’s not interpreted as evergreen authority. That usually means permission given once isn’t permission granted forever.

Source: Code of Federal Regulations: Title 12 / Chapter X / Part 1005