Regulation E and Payment Obtained by Fraud

Issue/Inquiry

The Bank has a customer who was scammed while trying to purchase concert tickets. He authorized the transaction and provided his personal and debit card information to Google Pay to make the purchase. Once he found out it was a scam, he disputed the charge. In response to a request by the issuer of the debit card (i.e., MasterCard), Google Pay provided documentation showing that the customer approved the transaction. Since Google Pay has declined to make a refund, is the Bank required under Regulation E to reimburse this customer for the money lost?

Response Summary

While the customer may have been defrauded because he did not receive the concert tickets he paid for, such a transaction is not considered an unauthorized electronic fund transfer (“EFT”) for the purposes of Regulation E. The party defrauding the customer did not obtain the customer’s access device through fraud and did not initiate the EFT from the customer’s account. Since the customer authorized the EFT himself, no error occurred and the Bank is not required to reimburse the customer’s account.

Response Detail

Under Regulation E, a financial institution is required to investigate errors brought to its attention by a customer. If a financial institution determines that an error occurred, it must correct the error, including the crediting of interest and the refunding of any fees imposed by the institution, where applicable. 12 CFR §1005.11(a)(i),(c); Official Interpretations, 1005.11(c) – 6.

The meaning of the term “error” includes an unauthorized electronic fund transfer. An “unauthorized electronic fund transfer” is an EFT from a consumer’s account that is initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. 12 CFR §1005.2(c),(m).

An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery. An “access device” is a card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate EFTs. 12 CFR §1005.2(a)(1); Official Interpretations, 1005.2(m) – 3.

In this case, the customer was apparently defrauded, as he paid for concert tickets that he never received. Nonetheless, the transaction does not meet the definition of an unauthorized EFT for the purposes of Regulation E:

• The party defrauding the customer did not obtain the customer’s access device, whether through fraud or otherwise
• The party defrauding the customer did not initiate the EFT from the customer’s account
• The customer himself authorized the EFT to Google Pay, as documented by Google Pay.

The Bank should report the outcome of its investigation to the customer in accordance with the requirements of Regulation E. The Bank would state that it determined no error occurred due to the fact that the transaction in question had been authorized by the customer.

Since there is no error, the Bank is not required under Regulation E to reimburse the customer’s account for the money subject to the EFT. The customer’s claim is with Google Pay or MasterCard, according to the terms of its agreement with him, or with the party that defrauded him.

This entry was posted on Monday, November 5th, 2018 at 6:00 am.