Reimbursing a Customer’s Account for Erroneous EFT Credits and Debits

The CFPB’s FAQs on Electronic Fund Transfers (EFTs) confirm that Regulation E applies to any mobile payment transactions that meet the definition of EFT. Regulation E requires a bank to reimburse a customer for unauthorized EFTs that occurred during the first sixty days after it transmitted a periodic statement showing the initial unauthorized transaction. If a customer fails to report an unauthorized transaction within sixty days after transmittal of the statement showing the unauthorized transaction, the bank still must reimburse the customer for the unauthorized transactions that occurred during the initial sixty-day period after transmittal of the statement.

Accordingly, if your investigation concludes that the debits from the mobile payment service were unauthorized EFTs, you should reimburse your customer for the fraudulent debits in accordance with Regulation E’s requirements and liability protections. In other words, Regulation E does not allow unauthorized credits to offset the reimbursement required for unauthorized debits.

However, as to the fraudulent credits, Regulation E does not require your customer to reimburse your bank for the erroneous transactions. The definition of an “unauthorized EFT” includes transfers from a consumer’s account but does not include transfers to a consumer’s account. Consequently, erroneous credits are subject to Regulation E’s error resolution requirements, but they are not subject to the limitations on liability for unauthorized EFTs. If your investigation concludes that the credits were errors, we recommend reviewing your account agreement with the customer for any provisions governing the resolution of credits or of erroneous EFTs that are not unauthorized EFTs.

Denying an Error Claim Based on Previous Transactions with the Same Provider

We do not recommend denying an error claim based on previous transactions with the same mobile payment service. The CFPB’s FAQs on EFTs state that “[t]he Bureau found that a financial institution did not conduct a reasonable investigation when it summarily denied error disputes if consumers had prior transactions with the same merchant, and the financial institution did not consider other relevant information such as the consumer’s assertion that the EFT was unauthorized or for an incorrect amount.”

By analogy, we believe that the CFPB would not view an investigation as reasonable if you summarily deny a customer’s error claim based on transactions with the same mobile payment service. Of course, you may consider transactions involving the mobile payment service when determining whether an error occurred, along with other relevant information, such as evidence that your customer benefitted from the debit transactions.

For resources related to our guidance, please see:

• Regulation E, 12 CFR 1005.3(b)(1) (“The term ‘electronic fund transfer’ means any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account.”)

• CFPB, Electronic Fund Transfers FAQs, Coverage: Transactions, Question 1 (“What transactions are covered by the Electronic Fund Transfer Act and Regulation E? The term ‘electronic fund transfer’ or ‘EFT’ means any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account. . . . Accordingly, Regulation E applies to any person-to-person (P2P) or mobile payment transactions that meet the definition of EFT, including debit card, ACH, prepaid account, and other electronic transfers to or from a consumer account.”)

• Regulation E, 12 CFR 1005.2(m) (“‘Unauthorized electronic fund transfer’ means an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit.”)

• Regulation E, 12 CFR 1005.6(b) (“Limitations on amount of liability. A consumer's liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows: . . .”)

• Regulation E, 12 CFR 1005.6(b)(3) (“Periodic statement; timely notice not given. A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution’s transmittal of the statement to avoid liability for subsequent transfers. If the consumer fails to do so, the consumer’s liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period. When an access device is involved in the unauthorized transfer, the consumer may be liable for other amounts set forth in paragraphs (b)(1) or (b)(2) of this section, as applicable.”)

• Regulation E, 12 CFR 1005.11(a)(1) (“The term ‘error’ means: . . . (ii) An incorrect electronic fund transfer to or from the consumer's account.”)

• Regulation E, 12 CFR 1005.11(b)(1) (“A financial institution shall comply with the requirements of this section with respect to any oral or written notice of error from the consumer that:

(i) Is received by the institution no later than 60 days after the institution sends the periodic statement or provides the passbook documentation, required by § 1005.9, on which the alleged error is first reflected;

(ii) Enables the institution to identify the consumer's name and account number; and

(iii) Indicates why the consumer believes an error exists and includes to the extent possible the type, date, and amount of the error, except for requests described in paragraph (a)(1)(vii) of this section.”)

• Regulation E, 12 CFR 1005.11(c)(1) (“A financial institution shall investigate promptly and, except as otherwise provided in this paragraph (c), shall determine whether an error occurred within 10 business days of receiving a notice of error. The institution shall report the results to the consumer within three business days after completing its investigation. The institution shall correct the error within one business day after determining that an error occurred.”)

• Regulation E, 12 CFR 1005.11(c)(2) (“If the financial institution is unable to complete its investigation within 10 business days, the institution may take up to 45 days from receipt of a notice of error to investigate and determine whether an error occurred, provided the institution does the following: . . .”)

• CFPB, Electronic Fund Transfers FAQs — Error Resolution, Question 2 (December 13, 2021)  (“What are financial institution’s error resolution obligations under Regulation E? In general, Regulation E requires that after a financial institution receives oral or written notice of an error from a consumer, the financial institution must do all of the following:
  • Promptly investigate the oral or written allegation of error.
  • Complete its investigation within the time limits specified in Regulation E.
  • Report the results of its investigation within three business days after completing its investigation.
  • Correct the error within one business day after determining that an error has occurred.
• The investigation must be reasonable, including a reasonable review of relevant information within the financial institution’s own records. The Bureau found that a financial institution did not conduct a reasonable investigation when it summarily denied error disputes if consumers had prior transactions with the same merchant, and the financial institution did not consider other relevant information such as the consumer’s assertion that the EFT was unauthorized or for an incorrect amount. If the error is an unauthorized EFT, certain consumer liability limits apply.”)