What Is Regulation E?
Regulation E applies to any electronic fund transfer in the United States that authorizes a financial institution to debit or credit money from a consumer’s account.
This regulation determines the framework and steps for the dispute process. The Consumer Financial Protection Bureau The Consumer Financial Protection Bureau is a United States government agency. The Consumer Financial Protection Bureau (CFPB) is a 21st century agency that helps consumer finance markets work by making rules more effective, by consistently and fairly enforcing those rules, and by empowering consumers to take more control over their economic lives.
CFPB LINK (CFPB The Consumer Financial Protection Bureau is a United States government agency. The Consumer Financial Protection Bureau (CFPB) is a 21st century agency that helps consumer finance markets work by making rules more effective, by consistently and fairly enforcing those rules, and by empowering consumers to take more control over their economic lives.
CFPB LINK) issues Reg E following the Electronic Fund Transfer Act.
What Transactions Will Fall Under Regulation E?
The following types of transactions are electronic fund transfers and fall under Reg E, according to the CFPB:
- Point-of-sale transfers
- ATM transfers
- Withdrawal of funds
- Debit card transactions
All debits and withdrawals aren’t considered electronic fund transfers. The following transactions aren’t covered under Reg E:
Does Reg E Cover Scams?
A Guest Editorial by PJ Rohall – Fraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.
A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. Subject Matter Expert (SME) at Featurespace | Co-Founder at About-Fraud | Mental Health Mental health, defined by the World Health Organization (WHO), is "a state of well-being in which the individual realizes his or her own abilities, can cope with the normal stresses of life, can work productively and fruitfully, and is able to make a contribution to his or her community". According to WHO, mental health includes "subjective well-being, perceived self-efficacy, autonomy, competence, intergenerational dependence, and self-actualization of one's intellectual and emotional potential, among others". From the perspectives of positive psychology or of holism, mental health may include an individual's ability to enjoy life and to create a balance between life activities and efforts to achieve psychological resilience. Cultural differences, subjective assessments, and competing professional theories all affect how one defines "mental health". Advocate | SCARS Partner
A lot has been said about the Consumer Financial Protection Bureau’s (CFPB) commentary on how Reg E is applied to consumer scams. Here are some quick thoughts on what I find most interesting.
Authorized Push Payment Fraud Authorized Push Payment Fraud (Scams) occurs when a fraudster manipulates a genuine customer into making a payment to an account they control. There are a variety of types of authorized push payment fraud, including romance scams, invoice scams and a handful of others. (APP) still not covered by Reg E
APP fraud happens in all geographies but is talked about most frequently in the U.K. This is because they have over a decade of experience in real-time payments and more recently rolled out the Contingency Reimbursement Model (CRM) which has brought APP fraud front and center. The CRM is a whole article in itself, so let’s set that to the side and focus on APP fraud.
APP fraud is when a consumer is manipulated, through social engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests.", into making a payment into an account that a fraudster A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. controls. It comes in a variety of forms – romance scams, investment scams When a caller claims to have a promising investment opportunity that will help you get rich quick, it's likely a scam., invoice scams, imposter An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors. scams, etc. but it has one common element: the consumer logs in and executes the payment.
The CFPB commentary refers to consumers who are scammed into divulging sensitive information that enables a fraudster to take over their account, and the fraudster executes an unauthorized payment. That is different than APP fraud.
It seems clear to me that the CFPB is stating that Reg E can be applied to scams that lead to account takeovers, not scams that involve genuine customers executing fraudulent payments.
If this scam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost., why not that scam?
Ok, so why does Reg E cover one type of scam but not another? An interesting thread to tug on some more.
When a consumer is manipulated into logging in and making a payment, they are a victim of the same psychological manipulation as when they fork over their log-in information/OTP to allow a fraudster to do it. Does the act of being the one pushing the buttons mean they are in anymore control?
Some will argue, yes. They’ll say, if you’re actually the one logging in and sending the payment you should at some point be aware the payment you are sending may be fraudulent.
But that perspective ignores the fundamental purpose of social engineering. People are not behaving in a manner they normally would. People’s minds and emotions are preyed on systematically and strategically. And that can be applied to instances of logging in and executing the payment.
So, why is the scam that leads to an account takeover Account Takeover (ATO) are the unauthorized access of a user’s account in order to steal identity credentials, execute a fraudulent transaction or engage in varying types of abuse. covered by Reg E, but the APP scam is not? Isn’t the consumer vulnerable to social engineering in both cases?
Let me be clear, I am not arguing for liability one way or the other, I am simply exploring consistency. And on that point… let’s talk negligence. In the CFPB’s commentary, they stated that banks can not consider consumer negligence when determining liability under Reg E. And remember this is the scam where a consumer is being manipulated to give up their information and having their account taken over.
I clearly understand the sophistication of scams, but does that mean a consumer should have no responsibility when taking care of their sensitive information? I don’t think it’s helpful to not allow negligence to be considered at all. When you do this, you remove all responsibility from the consumer and set up an environment where folks are more likely to be careless.
Summing it all up
Determining liability in scams will always be tough, which is why I a