Unauthorized use liability: Digital wallets and payment apps

In recent years, the way that consumers are paying for goods and services as well as how they are managing their accounts has been changing rapidly. Mobile payment apps and digital wallets are making payments quicker and easier. However, just like any other form of payment, payments made using apps or digital wallets are also susceptible to fraud. Whether it is someone obtaining your member’s debit or credit card information from her digital wallet or someone hacking a payments app, it is important to understand when these fraudulent transactions are covered by Regulation E or Z’s unauthorized use and liability provisions and when they are not.

There are two main types of payment apps and digital wallets and understanding the difference is the key to determining whether the liability provisions apply. First, there are apps that store the member’s payment information (usually a debit or credit card number) and charge the card each time a good or service is purchased – think Samsung Pay or Uber. These apps are rather straightforward when it comes to unauthorized use liability. As the debit or credit card is charged each time the app is used, each transaction is covered under either Regulation E or Z’s unauthorized use and liability provisions.

Second, there are apps where funds are stored in the app. The member uses her debit or credit card to load a set amount of funds into the app for later use – think Starbucks or Venmo. As users can sometimes use these apps without charging a debit or credit card, not every transaction is covered by Regulation E or Z’s unauthorized use and liability provisions. Instead, whether a transaction is covered will depend on whether it is the “funding” transaction or a post-funding transfer. Let’s go through a couple scenarios that will help illustrate which transactions are covered. In each of the examples below, we’ll use a fictional app called “CU Pay.”

 

continue reading »