In this Compliance Clip (video), Adam explains the answer to the questions on whether or not certain situations are in fact an unauthorized electronic fund transfer and whether or not a dispute has to be processed under regulation E. To provide the answer, he dives into the regulation, commentary, and additional guidance from the CFPB. This video is a must watch for anyone in your organization who processes Reg E disputes.

Video Transcript

The following is a transcript of this video:

This Compliance Clip is going to talk about unauthorized electronic fund transfers. The question I often see relates to disputes and it relates to whether or not certain situations are in fact an unauthorized electronic fund transfer and whether or not a dispute has to be processed under regulation E in a financial institution. The question I often see is this, “If a third party fraudulently induces a consumer into sharing account access information that is used to initiate an electronic fund transfer from the consumer's account, does the transfer meet regulation E’s definition of unauthorized electronic fund transfer?”

In other words, the customer may have given their “authorization” to a fraudster who maliciously use their information to take money from them. They thought they were authorizing one thing, but it was done through a malicious attempt, really through fraud, and the question is, is that really unauthorized because the consumer gave their authorization to that fraudster who took it in a means of fraud. That's what the question is. 

The answer of course is going to come from Regulation E which is 1005.2, specifically 1005.2(m) is the definition of an authorized electronic fund transfer. We are also going to get some information from the commentary and get information from the CFPB’s Frequently Asked Question number one on electronic funds transfers. It's actually not number one anymore. I think it has changed. Anyway, it's one of the frequently asked questions.

Let's take a look first at the definition under Regulation E at 1005.2(m). What this relates to is the definition section. So 1005.2 is the definition section, (m) is the definition for unauthorized electronic fund transfer. What it tells us here is that an EFT from a consumer's account initiated by a person other than the consumer, without actual authority to initiate the transfer, and from which a consumer receives no benefit is considered an unauthorized electronic fund transfer. The consumer may argue he did initiate this, well, the commentary, it's actually Comment 3 to 1005.2(m) goes on to say that unauthorized EFTs include a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery. It says there that an unauthorized EFT includes a transfer by a person, and a person is defined as more than just the natural person. It could be an entity, but of course it is a natural person. So somebody who obtains the access device from the consumer through fraud or robbery is included in the definition of an unauthorized EFT. But if it's an unauthorized EFT, of course, we would have to conduct an investigation under the dispute process under Regulation E.

Moving on to the frequently asked question. What it says is this, it gives us an example. It says, for example, the CFPB is aware of the following situations where a third party has fraudulently obtained a consumer's account access information: number one, a third party calling the consumer and pretending to be a representative from the consumer's financial institution and then tricking the consumer into providing their account log-in information, texted account confirmation code, debit card number, or other information that could be used to initiate an EFT out of the consumer's account. Another example, number two, a third party using phishing or other methods to gain access to a consumer's computer and observe the consumer entering account login information. EFTs stemming from these situations meet the definition of unauthorized EFT due to the fact that the information was attained through fraud or some other malicious attempt.

As you can see, the answer to our question is, is it an unauthorized electronic fund transfer when the consumer authorizes somebody through certain information, but it's actually through fraud. So it may not be a full authorization, but the consumer may have given information or maybe attained through phishing or through other methods. Then in that case, that is a problem that's considered an unauthorized electronic fund transfer. Therefore, if this is the case in your situation, you would have to consider this under your Reg E dispute process and conduct your dispute and determine if the  consumer has liability or not and potentially refund the consumer. That is the question for today. 

That's all I have for this Compliance Clip.