Compliance Blog

Feb 04, 2009
Categories: Accounts

Unauthorized; Newsletter; Uh-oh

With all the text message scams currently taking place, there is a good chance that one of your members will give some crook his or her debit card number, PIN and security code.  With that in mind, some of you may have the following question:

If the member gives his or her personal data away after falling victim to a text message scam, they must be on the hook for any resulting unauthorized transactions.  Right?

Wrong.

Regulation E governs electronic funds transfers (EFTs).  The regulation also governs when consumers will be responsible for unauthorized EFTs.  In the staff commentary to Regulation E, the federal reserve states this:

Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers.

If the member gives his or her debit card information away to a crook over the phone, that might be negligence.  As noted above, however, that negligence means nothing.  The member gave his or her data over the phone because the member thought there was some security-related freeze on their card.  They thought they were authorizing the lifting of the freeze, not the subsequent transactions.  It is a very one-side rule that favors consumers.

(Go here to read the commentary.  Simply search for the word negligence to find the relevant text highlighted above.)

***

NAFCU members, the February compliance newsletter is available here.  (Member log-in needed.)

***

Mandy was laughing a few nights ago.  Here's what she found in the nursery.

I told him he could sleep there whenever he wants, as long as he learns to change diapers.

Uh oh.poe