Mobile app fraud and Regulation E

Over the past several months, more and more consumers have turned to mobile payments. Whether to send money to a family member out of work or to pay for groceries at the local market, contactless payments are on the rise. Fraudsters have also caught on to this trend and some credit unions have seen an increase in fraud claims for payments made via mobile apps. As a result, the NAFCU Compliance team has gotten some questions from credit unions on resolving these claims.

We’ve covered some issues with mobile payment apps in previous blogs. This blog post discusses the overlapping error resolution responsibilities between the credit union and the app provider and clarifies a credit union is not permitted to require members to attempt to resolve the claim with the app provider first. This blog post explains how it is up to the credit union to prove a transaction was properly authorized before it may deny a fraud claim. NAFCU has also met with the CFPB on this issue and continues to advocate for more clarity. For a general refresher on unauthorized EFTs under Regulation E, check out this article.

Today’s post covers another FAQ on mobile app fraud and Regulation E. Here’s the scenario and question at issue:

Jane adds her debit card information to a mobile payment app and that information is stored in the app. John hacks into her payment app account and uses the stored credentials to initiate transactions. Jane submits a notice of error to her credit union stating the transactions initiated by John through the app are unauthorized EFTs. As Jane provided her debit card information to the app provider and authorized the provider to initiate transactions, would all transactions made through the app be considered authorized EFTs regardless of whether Jane or John initiated an individual transfer?

 

continue reading »