{"id":1340,"date":"2018-10-25T16:45:44","date_gmt":"2018-10-25T16:45:44","guid":{"rendered":"https:\/\/albanknews.com\/?p=1340"},"modified":"2018-10-25T16:45:44","modified_gmt":"2018-10-25T16:45:44","slug":"understanding-bank-liability-for-unauthorized-zelle-payments","status":"publish","type":"post","link":"https:\/\/albanknews.com\/?p=1340","title":{"rendered":"Understanding Bank Liability for Unauthorized Zelle Payments"},"content":{"rendered":"

by <\/i><\/span>Brian Malcom, Waller<\/span><\/a><\/p>\n

Zelle, ever heard of it? If you are in the banking industry, the answer is almost certainly yes. Zelle is a service that allows bank customers to instantly send funds to others. In 2017, Zelle handled roughly $75 billion in transfers. Venmo, another peer-to-peer (P2P) payment platform that is owned by PayPal, not banks, also handled billions of dollars in P2P payments in 2017. Plainly, P2P transfers are an important aspect of modern banking.<\/p>\n

So, who is liable for unauthorized electronic funds transfers (EFTs) using mobile phones? The answer is: it depends. Sometimes the law saddles the consumer with some costs, but the bank often absorbs most of the costs. The bank can, however, make a customer contractually responsible for an authorized EFT that the customer mistakenly sends to an unintended recipient.<\/p>\n

Regulatory framework
\n<\/b><\/span>The Electronic Funds Transaction Act (EFTA) and Regulation E establish rules for electronic funds transfers (EFTs) involving consumers and governs transfers by mobile phone apps like Zelle or Venmo. The ground rules, liabilities, and rights of consumers who use EFTs and those who provide EFT services, including financial institutions, are set out in the EFTA and its implementing rule, Regulation E. An EFT is defined as any transaction \u201cinitiated through an electronic terminal, telephone, computer (including online banking), or magnetic tape that instructs a financial institution either to credit or debit a consumer’s account.\u201d<\/p>\n

Proper disclosures help shift some risk for unauthorized EFTs to consumers
\n<\/b><\/span>Most banks qualify as financial institutions under the EFTA. Financial institution is defined under the EFTA as \u201ca State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person who, directly or indirectly, holds an account belonging to a consumer ….\u201d Accordingly, banks allowing electronic transfers through their websites or apps like Zelle, Venmo, or their own mobile banking apps, must provide required disclosures to consumers and must comply with procedures for consumer notifications, investigation of unauthorized EFTs, and resolution of alleged fraudulent or unauthorized EFTs within specific timeframes.<\/p>\n

Reg. E provides that the disclosures be \u201cclear and readily understandable, in writing, and in a form the consumer may keep . . . .\u201d These disclosures can be delivered in electronic form, but the financial institution must comply with the requirements for electronic signature, including the consumer consent rules. These initial disclosures must be made \u201cat the time a consumer contracts for an electronic fund transfer service or before the first electronic fund transfer is made.\u201d The disclosures must include, among other things, the consumer\u2019s liability for unauthorized transfers, the consumer\u2019s right to documentation, telephone numbers and addresses for the consumer to give notice of a suspected unauthorized EFT, the types of transfers the consumer can make, and fees. Importantly, the financial institution must also provide disclosures outlining the error resolution process and the liability of the financial institution to the consumer for the financial institution\u2019s failure to stop certain transfers or make certain transfers.<\/p>\n

Limits of Consumer Liability Under the EFTA
\n<\/b><\/span>A consumer may be liable for some amount of an unauthorized EFT, if the disclosure requirements and other requirements are met. The EFTA and Regulation E limits consumer liability for fraudulent or unauthorized transactions, and the consumer\u2019s liability varies based upon timing of notification to the financial institution. Importantly, a consumer\u2019s liability for unauthorized EFTs may depend on the timeliness of his or her notice to the financial institution. Timeliness is measured from the loss or theft of an \u201caccess device.\u201d Under the EFTA and Reg. E, if an unauthorized purchase is charged to a debit card account and the affected consumer notifies the financial institution within two business days after learning of the loss or theft of the consumer\u2019s \u201caccess device,\u201d the consumer\u2019s liability is limited to the lesser of $50 or the amount of unauthorized transfers that occur before notice. If the consumer fails to notify the financial institution within two business days following the loss or theft of an access device, the consumer\u2019s liability is capped at the lesser of $500 or the $50 that occurred within two business days and the amount of unauthorized transfers after the two business days and before notice to the institution, assuming the financial institution can show that the transfers after the two-day period would not have happened if the consumer had provided timely notice. If a bank violates the EFTA, it may be forced to pay statutory damages and attorney\u2019s fees for a consumer plaintiff.<\/p>\n

Is a mobile phone an \u201caccess device?\u201d In other words, if a consumer loses his or her mobile phone that is signed into an app like Venmo or Zelle, is the consumer required to notify his or her financial institution to limit his or her liability? If the consumer does so, is the consumer afforded the same protections as if a debit card were lost or stolen? The answer to these questions is not currently clear, and the answer to these questions could have a significant impact on a consumer\u2019s liability and, by extension, a bank\u2019s liability for unauthorized EFTs using a consumer\u2019s mobile phone.<\/p>\n

Access device is currently defined as \u201ca card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.\u201d The definition of access device under Reg. E and the staff interpretation example for the same currently supports an interpretation that a mobile phone with stored credentials qualifies as an access device. Thus, if the mobile phone is considered an access device, a consumer can limit his or her liability under the EFTA by giving timely notice to a financial institution that his or her mobile phone is lost or stolen.<\/p>\n

The 60-day rule
\n<\/b><\/span>If an unauthorized EFT appears on a regular statement, the consumer is required to notify the institution that sent the statement within 60 days. This rule applies regardless of whether an access device is lost or stolen and applies to all card-not-present transactions, which includes mobile payments.\u00a0 <\/span>If a consumer fails to notify the financial institution within 60 days of the statement\u2019s transmittal, \u201cthe consumer\u2019s liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period.\u201d<\/p>\n

The power of the customer agreement
\n<\/b><\/span>Financial institutions can insulate themselves against customer claims for refunds following third-party fraud through clear terms in their customer agreements. Banks should provide terms that make customers aware that they are responsible for all EFT payments to recipients using recipient information generated by the customer, even if that recipient turns out to be a fraudster or different than the intended recipient. This will give banks a contractual basis for shifting liability to a consumer for EFTs involving fraud. Bank\u2019s should work closely with counsel when drafting terms and conditions relating to Zelle or other EFT technologies to ensure contractual rights protect the bank as much as possible.<\/p>\n

Brian J. Malcom<\/span><\/a> is a partner at Waller in Birmingham. Top banks and financial institutions seek his counsel in all areas of litigation, including contract disputes, trust and fiduciary litigation, consumer claims, and bond and warrant claims. Brian was profiled in 2017 by the Birmingham Business Journal as one of Birmingham’s Rising Stars of Law. He was also named a Top Attorney for Banking Law in 2018 in Birmingham Magazine’s annual peer-reviewed survey.<\/i><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

by Brian Malcom, Waller Zelle, ever heard of it? If you are in the banking industry, the answer is almost certainly yes. Zelle is a service that allows bank customers to instantly send funds to others. In 2017, Zelle handled roughly $75 billion in transfers. Venmo, another peer-to-peer (P2P) payment platform that is owned by PayPal, not banks, also handled billions of dollars in P2P payments in 2017. Plainly, P2P transfers are an important aspect of modern banking. So, who is liable for unauthorized electronic funds transfers (EFTs) using mobile phones? The answer is: it depends. Sometimes the law saddles […]<\/p>\n","protected":false},"author":1,"featured_media":860,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[32,19,23],"tags":[],"class_list":["post-1340","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-board-briefs","category-breaking","category-publications","has_thumb"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/albanknews.com\/wp-content\/uploads\/2016\/09\/BB-web-header.jpg?fit=1109%2C858&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p4Y3P2-lC","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/posts\/1340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/albanknews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1340"}],"version-history":[{"count":1,"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/posts\/1340\/revisions"}],"predecessor-version":[{"id":1341,"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/posts\/1340\/revisions\/1341"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/albanknews.com\/index.php?rest_route=\/wp\/v2\/media\/860"}],"wp:attachment":[{"href":"https:\/\/albanknews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/albanknews.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1340"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/albanknews.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}