Regulation E and Electronic Fund Transfer Obtained by Fraud

Issue/Inquiry

The Bank has a customer who claims that he fell for a scam trying to purchase concert tickets. The customer authorized the transaction and provided his personal and debit card information to Google Pay in order to make the purchase, and once he found out that it was a scam, he disputed the charge. In response to a request by Mastercard, the issuer of the debit card, Google Pay provided documentation showing that the customer had approved the transaction. Since Google Pay has declined to make a refund, is the Bank required to reimburse this customer for the money lost under Regulation E?

Response Summary

The customer may have been defrauded in that he did not receive the concert tickets that he paid for. However, such a transaction is not considered an unauthorized electronic fund transfer (“EFT”) for the purposes of Regulation E, as the party who was defrauding the customer did not obtain the customer’s access device through the fraud and did not initiate the EFT from the customer’s account. Since the customer authorized the EFT himself, no error has occurred and the Bank is not required to reimburse the customer’s account.

Nevertheless, while the Bank is not liable to the customer under Regulation E, Mastercard rules may require the Bank to chargeback the amount paid for the tickets and recredit the customer’s account.

Response Detail

Under Regulation E, a financial institution is required to investigate errors that are brought to its attention by a customer. If the institution determines that an error has occurred, then it must correct the error, including the crediting of interest and refunding of any fees imposed by the institution, where applicable. 12 CFR 1005.11(a)(i),(c); Official Interpretations, 1005.11(c) – 6.

The meaning of the term “error” includes an “unauthorized electronic fund transfer”, which is an EFT from a consumer’s account that is initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. 12 CFR 1005.2(c),(m).

An unauthorized EFT also includes a transfer that is initiated by a person who obtained the access device from the consumer through fraud or robbery. The term “access device” means a card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate EFTs. 12 CFR 1005.2(a)(1); Official Interpretations, 1005.2(m) – 3.

In this case, the customer was defrauded because he paid for concert tickets that he never received. However, for the purposes of Regulation E, the transaction does not meet the definition of an unauthorized EFT due to the following reasons:

• The party defrauding the customer did not obtain the customer’s access device.
• The party defrauding the customer did not initiate the EFT from the customer’s account.
• The customer authorized the EFT made to Google Pay himself.

The Bank should report the outcome of its investigation to the customer in accordance with the requirements of Regulation E, and state that it determined no error had occurred since the transaction in question had been authorized by the customer.

In this case, the Bank is not required to reimburse the customer’s account for the money subject to the EFT under Regulation E. However, Mastercard rules may require the Bank to chargeback the amount paid for the tickets and credit the customer’s account. As such, the Bank should review its contract with MasterCard for the issuance of the debit card and determine whether reimbursement is required.

This response is for informational purposes only and is not intended for legal guidance.

This entry was posted on Monday, August 3rd, 2020 at 9:04 am.