IBA Compliance Connection

Your go to source for compliance!

The Official Interpretations for Regulation E note that an unauthorized electronic fund transfer (EFT) includes a transfer made by a consumer at an ATM who was “induced by force to initiate the transfer.” Does similar logic apply when other types of electronic payments are initiated by threat or force? For example, would a customer held at gunpoint and forced to make an EFT using a mobile payment app (such as Venmo) be considered unauthorized?

by

admin

In our view, an electronic payment initiated by a consumer through a third-party mobile app like Venmo under threat or force technically would not be considered an “unauthorized transaction.” However, while a consumer may not be eligible for a legally mandated reimbursement for such a transaction, your bank could voluntarily reimburse the customer based on concerns for relationship or reputational risk or other considerations.

Based on Venmo’s publicly available user agreement, it processes person-to-person (P2P) transfers as automated clearing house (ACH) transactions. According to a white paper published by NACHA, Venmo initiates an ACH WEB debit to collect funds from the sending consumer, followed by an ACH WEB credit to send funds to the receiving consumer. Consequently, such transfers are covered by the NACHA rules and Regulation E.

The NACHA rules treat an ACH debit as “authorized” if the authorization is “readily identifiable as an authorization,” stated in “clear and readily understandable terms,” and the consumer has the ability to revoke the authorization. The Venmo user agreement provides that transfer requests made through the Venmo app “constitute your authorization,” which appears to meet NACHA’s authorization requirements, even if requested under threat or force. (The NACHA rules also require a bank to recredit a customer’s account for an unauthorized debit entry, provided that the customer meets NACHA’s notification and timing requirements.)

Regulation E’s definition of an “unauthorized electronic funds transfer” generally does not cover transactions initiated by a customer under threat or force. The definition covers transactions “initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.” As noted in your question, this definition is accompanied by an official interpretation stating that a forced initiation at an ATM is “unauthorized,” even though it technically is initiated by the consumer. However, the official interpretation was adopted in 1996, before the existence of mobile banking and P2P platforms such as Venmo, and it only covers ATM transactions.

While both the NACHA rules and Regulation E appear to exclude forced transactions through Venmo from their reimbursement rules for unauthorized transactions, it nonetheless may be advisable to consider reimbursing customers in these situations, since doing so would track the logic of Regulation E’s official interpretation involving ATM transactions. In addition, combined with other factors, such as elder abuse, arguably it could be viewed as unfair or abusive, or at least pose a reputational risk, to treat a Venmo or other P2P payment as “authorized” when your customer was induced by force to initiate the transfer.

We also note that Venmo’s service agreement may provide your customer with the right to obtain a reimbursement directly from Venmo. Under Venmo’s service agreement, an “unauthorized transaction” is defined as “a type of error that occurs when money is sent from your account that you did not authorize and that did not benefit you.” This language may cover the forced initiation of a funds transfer. To seek coverage for their losses, your customers would need to follow Venmo’s notification requirements for reporting an unauthorized transaction.

Please note, however, that while our guidance may apply to P2P platforms other than Venmo, we cannot comment on other platforms without more information regarding their rules and operations.

For resources related to our guidance, please see:

  • Venmo User Agreement, Section B(1)(e)(iv) (“When your checking account is used as your payment method, you are requesting that we initiate on your behalf an electronic transfer from your bank account. For these transactions, Company will make electronic transfers (via the Automated Clearing House (‘ACH’) of NACHA – The Electronic Payment Association (‘NACHA’)) from your bank account in the amount you specify. You agree that such requests constitute your authorization to Company to make the ACH transfer, and once you have provided your authorization for the transfer, you will not be able to cancel the electronic transfer and Company may resubmit any ACH debit you authorized that is returned for insufficient or uncollected funds, except as otherwise provided by NACHA’s ACH rules (collectively, the ‘ACH Rules’), or applicable law.”)
  • NACHA White Paper, Leveraging the Mobile Channel for ACH Payment Innovation (2015), page 25 (A P2P via Nonbank Provider, including Venmo, “effects the transfer of funds from the sending consumer’s account to the receiving consumer’s account using the split transaction model with two discrete ACH transactions: 1) an ACH WEB debit to collect the funds from the sending consumer, and 2) an ACH WEB credit to send funds to the receiving consumer.”)
  • NACHA Rules (2018), Section 3.11.1 (“An RDFI must promptly recredit the amount of a debit Entry to a Consumer Account of a Receiver, regardless of the SEC Code of the debit Entry, if it receives notification from the Receiver in accordance with Section 3.12 (Written Statement of Unauthorized Debit), and such notification is received in time and in a manner that reasonably allows the RDFI to meet the deadline for Transmitting an Extended Return Entry as provided in Section 3.13 (RDFI Right to Transmit Extended Return Entries).”)
  • NACHA Rules (2018), Section 2.3.2.3 (“An authorization must: (a) be readily identifiable as an authorization; (b) have clear and readily understandable terms. . . . ; and (c) provide that the Receiver may revoke the authorization only by notifying the Originator in the time and manner stated in the authorization. . . .”)
  • Regulation E, 12 CFR 1005.2(m) (“‘Unauthorized electronic fund transfer’ means an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. The term does not include an electronic fund transfer initiated: (1) By a person who was furnished the access device to the consumer's account by the consumer, unless the consumer has notified the financial institution that transfers by that person are no longer authorized; (2) With fraudulent intent by the consumer or any person acting in concert with the consumer; or (3) By the financial institution or its employee.”)
  • Regulation E, Official Interpretations, Paragraph 2(m)(4) (“Forced initiation. An EFT at an ATM is an unauthorized transfer if the consumer has been induced by force to initiate the transfer.”)
  • Regulation E, Official Interpretations, Paragraph 2(m) (3) (“Access device obtained through robbery or fraud. An unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.”)
  • Final Rule, Regulation E, 61 Fed. Reg. 19678, 19687 (May 2, 1996) (Adopting official interpretation for Paragraph 2(m)(4), Forced initiation.)
  • NACHA Guidelines (2018), Chapter 48 (“The manner in which the consumer Originator funds its bank or service provider for the credit WEB entry transmitted on the consumer’s behalf is not addressed as part of these P2P credit WEB rules. These transactions are handled in accordance with the agreement between the consumer originator and the bank or P2P service provider.”)
  • Venmo User Agreement, Section D(11)(a) (“An ‘Unauthorized Transaction’ is a type of error that occurs when money is sent from your account that you did not authorize and that did not benefit you. For example, if someone steals your password, uses the password to access your account, and sends a payment from your account, an Unauthorized Transaction has occurred. However, if you give someone access to your account (for example, by giving them your login information) and they conduct transactions without your knowledge or permission, you are responsible for any resulting use. Such transactions are not considered Unauthorized Transactions.”)
  • Venmo User Agreement, Section D(11)(a) (“When an Unauthorized Transaction (defined below) or Other Error (defined below) occurs in your account, including Unauthorized Transactions that occur because your Venmo mobile-activated phone has been lost or stolen, Company will cover you for the full amount of every eligible Unauthorized Transaction or Other Error as long as you follow the procedures discussed below.”)