Topic: Electronic Fund Transfer Act (EFTA)
-
Is a bank required to give business customers 14 days to report errors regarding electronic fund transfers, including ACH transactions? We have seen this 14-day deadline in business account disclosures at several other banks. We think those banks may be pulling the 14-day deadline from the Regulation E provision regarding a stop payment order on a preauthorized transfer. However, it is our understanding that Regulation E does not apply to businesses, and a bank may establish its own error notification deadlines for business accounts. Is that correct?
—
by
You are correct that Regulation E — including its error resolution deadline — does not apply to businesses. Regulation E applies only to consumer accounts. The term “consumer” means a “natural person.” The term “account” is defined as “a demand deposit (checking), savings, or other consumer asset account . . . established primarily for personal,…
-
We have an ad hoc overdraft program. In which order should we pay overdrawn checks: High-to-low or low-to-high?
—
by
This question does not have an easy answer. Illinois law has long granted banks the freedom to post checks in any order they choose, without regard to the order in which they were received. However, as discussed below, the federal banking agencies have issued guidances that discourage the use of high-to-low posting orders (without explicitly…
-
A business customer requested a stop payment order on a preauthorized ACH debit to his account. We know that Regulation E requires consumers to provide three business days of notice to stop payment. Does this rule also apply to business customers?
—
by
No, Regulation E — including its timeframes for stop payment orders — does not apply to business customers. The Uniform Commercial Code states that banks may establish their own cut off time for receiving orders to cancel the payment of a funds transfer. Consequently, we recommend reviewing your account agreement with your customer to determine…
-
The Visa Account Updater (VAU) program took effect October 1, 2016. Our core operating system obtained an extension to implement the VAU on March 31, 2017. Once the VAU program takes effect, all customers will automatically be enrolled. Are we required to inform our customers that they can opt out of the VAU program? Our core operating system provider said we are. Our Visa account representative said Visa has not established any rules on how issuers must inform their cardholders of the opt-out option, and that decisions about notifications are left up to issuers.
—
by
In our view, it would be prudent to notify customers of their right to opt out of the new VAU program, although notification may not be expressly required. Neither Regulation E nor Regulation Z, nor any other law or rule we are aware of, expressly requires you to notify customers of the addition of the…
-
We believe that Regulation E does not require us to reimburse customers for disputed transactions when a customer waits more than 60 days after the transmittal of the account statement to report the error. Is that true? Also, under Regulation E, what is the definition of “transmittal of the statement”? Is it the date that we generate the account statement containing the error or the date that the customer receives it?
—
by
First, it is important to clarify that you may be required to reimburse customers for unauthorized transactions that occur within 60 days after you transmit the periodic statement containing the errors, even when customers fail to provide notice within that timeframe. Under Regulation E, when a customer fails to report an unauthorized transaction within 60…
-
A few months ago, our system generated a fraud alert regarding the activity on one of our customer’s checking account. We contacted her about the suspicious activity, and she came into the bank, reviewed the transactions, and confirmed that she authorized them. However, now (a little over 60 days after we sent her the account statement containing those charges) she has submitted a formal dispute. What are our obligations under Regulation E at this point?
—
by
We are not aware of any law, regulation, or guidance that clearly establishes your obligations under these circumstances. However, in our view, you may treat this as a reassertion of error, in which case you have no further obligations under Regulation E. Regulation E permits a customer who has withdrawn an allegation of error to…
-
One of our customers has a freestanding ATM that recently was converted to be a payout device connected to a gaming machine. He is registered with the Illinois Gaming Board. Does he also need to keep the ATM registered with the state? What kind of due diligence is required?
—
by
Yes, if the ATM terminal continues to dispense cash from customers’ bank accounts, your customer should maintain its registration as a nonbank ATM with the Illinois Department of Financial and Professional Regulation. Because your customer now is operating a video gaming terminal, we do recommend some heightened monitoring due to the many requirements in the…
-
Can we change our rules to require all customers to enter a PIN when using a debit card as a credit card? If so, do we need to disclose the change? Would this create any fair lending concerns?
—
by
No, we do not believe that a blanket policy of requiring all customers to use debit card PINs would raise any concerns under the fair lending laws, since it would apply equally to all of your debit card customers. If your bank does proceed with this contemplated change, we recommend providing at least 21 days…
-
Certain geographic areas have more instances of debit card fraud than others. Can we change our rules to require customers living in those areas to use a PIN when using a debit card as a credit card? If so, do we need to disclose the change?
—
by
Requiring the use of debit cards PINs only for customers residing in particular geographic areas (here, areas with higher crime rates) could raise concerns under the fair lending laws. Although residents located in specific geographic areas are not per se protected classes based on their locations, a practice singling out particular geographic areas could result…
-
If we discover that one of our ATMs has a skimming device, what is our potential liability? Would we have some sort of mass liability outside of fraudulent charges on our customers’ cards? We have upgraded our ATMs to accept chip cards.
—
by
It theoretically is possible that ATM users would sue your bank after a data breach stemming from a skimmer installed on one of your ATMs, but it is difficult to predict the chances of such a lawsuit hitting your bank, not to mention estimating the potential liability and costs. (An ATM skimmer is a device…