Happy Monday, compliance friends. I hope everyone had a good weekend and enjoyed World Laughter Day, which was yesterday! I know one group of people who shouldn’t get the last (evil) laugh: fraudsters who trick members out of their access devices to make unauthorized transfers!
I’m going to revisit one of our previous Regulation E blogs, but go further into detail into one type of error. That blog explains that under Regulation E, an unauthorized electronic fund transfer (EFT) is defined as any EFT from an account initiated by someone without authority to initiate the transfer and from which the member receives no benefit. Unauthorized EFTs include transfers using an access device that was obtained by robbery or fraud, and transfers a member was forced to initiate. It does not include transfers where the member acted fraudulently or when the member gave someone else permission to use her access device.
Let’s take a look at one of the examples given in that blog: A fraudster calls Amy pretending to be her credit union and Amy provides the fraudster with her account information. The fraudster uses her information to initiate EFTs from her account. The EFTs are unauthorized because the information was obtained via fraud, even though Amy voluntarily provided her information to the fraudster.
Regulation E’s rules and commentary support this conclusion because the definition of unauthorized transfer includes the situation in which an access device was obtained through fraud. Sometimes this is confusing because no debit card was involved and credit unions often associate the term access device with a debit card. After all, debit cards are pretty common access devices used by members to make electronic transfers. However, it’s important to remember that an access device is also a “code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.”
continue reading »