The NCUA's consumer compliance area has said that among the most common complaints it receives are those related to Regulation E, which governs electronic funds transfers.
Recently, I taught a session on Regulation E at a debit card school in Boston hosted by debit consulting firm PayFusion. The participants, each of whom represented credit unions, had varying levels of experience with unauthorized transactions on debit cards. As well, they had a wide range of policies and procedures in place to investigate these occurrences.
One issue we discussed at the school was this: If a member's debit card has been stolen and he claims that someone is using his card to make unauthorized transactions, what steps must we take?
First, get out your Reg E error resolution procedures. The member's story may or may not be true, and that's what you have to find out. Check to see that you have all the information you need from the member (name, account number and details of the error) because you can't investigate if you don't know what you are looking for.
If the member's notice includes the necessary info and was timely (within 60 days of the statement on which the error appeared), you can begin to follow your error resolution procedures and investigate.
It's important to understand, however, that you only have a limited amount of time to do so. Generally speaking, you have 10 business days to investigate whether an error occurred (you have more time for new accounts or if you grant provisional credit).
Keep in mind that you are not allowed to require your member to complete an affidavit or a police report before you begin the investigation. You may request that he do so, but you cannot require it as a condition of investigating the error.
If you find that an error occurred (i.e. the member's card was stolen and unauthorized transactions were conducted), you need to correct the error and notify the member.
If you find that no error occurred (the transactions were authorized), you also need to notify the member of the results of your investigation. Regulation E provides specific timeframes in which these actions must be taken.
It's critically important for credit unions to have policies and procedures in place to address Regulation E complaints. Just as important is an effort to track and document your timely responses.
This type of discussion is almost always followed by a second, bigger question – If indeed the transactions were unauthorized, how much liability does the member have?
There are three tiers of liability under Reg E with respect to unauthorized transfers. If an access device is involved (for example, a member's debit card), the liability may be up to $50 or up to $500, depending on when the member notifies the credit union.
Moreover, if the member does not report an unauthorized EFT that appears on the member's periodic statement within 60 days of the statement being sent, the member could have unlimited liability for transactions that occur after the 60 days and until the member notifies the credit union.
In addition, VISA and Mastercard, as well as state law, may impose less liability on the member than Reg E. Thus, the best answer as to what is a member's liability under Reg E for unauthorized transfers really is “it depends.”
Andrea Stritzke is vice president of compliance for PolicyWorks in Des Moines, Iowa.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
