What Is Regulation E?

Introduction

Regulation E applies to any electronic fund transfer in the United States that authorizes a financial institution to debit or credit money from a consumer’s account.

This regulation determines the framework and steps for the dispute process. The Consumer Financial Protection BureauCFPB The Consumer Financial Protection Bureau is a United States government agency. The Consumer Financial Protection Bureau (CFPB) is a 21st century agency that helps consumer finance markets work by making rules more effective, by consistently and fairly enforcing those rules, and by empowering consumers to take more control over their economic lives. CFPB LINK (CFPBCFPB The Consumer Financial Protection Bureau is a United States government agency. The Consumer Financial Protection Bureau (CFPB) is a 21st century agency that helps consumer finance markets work by making rules more effective, by consistently and fairly enforcing those rules, and by empowering consumers to take more control over their economic lives. CFPB LINK) issues Reg E following the Electronic Fund Transfer Act.

What Transactions Will Fall Under Regulation E?

The following types of transactions are electronic fund transfers and fall under Reg E, according to the CFPB:

• Point-of-sale transfers
• ATM transfers
• Withdrawal of funds
• Debit card transactions

All debits and withdrawals aren’t considered electronic fund transfers. The following transactions aren’t covered under Reg E:

• Checks
• Wire transfers

---

Does Reg E Cover Scams?

A Guest Editorial by PJ Rohall – FraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. Subject Matter Expert (SME) at Featurespace | Co-Founder at About-Fraud | Mental HealthMental health Mental health, defined by the World Health Organization (WHO), is "a state of well-being in which the individual realizes his or her own abilities, can cope with the normal stresses of life, can work productively and fruitfully, and is able to make a contribution to his or her community". According to WHO, mental health includes "subjective well-being, perceived self-efficacy, autonomy, competence, intergenerational dependence, and self-actualization of one's intellectual and emotional potential, among others". From the perspectives of positive psychology or of holism, mental health may include an individual's ability to enjoy life and to create a balance between life activities and efforts to achieve psychological resilience. Cultural differences, subjective assessments, and competing professional theories all affect how one defines "mental health". Advocate | SCARS Partner

A lot has been said about the Consumer Financial Protection Bureau’s (CFPB) commentary on how Reg E is applied to consumer scams. Here are some quick thoughts on what I find most interesting.

Authorized Push Payment FraudAuthorized Push Payment Fraud Authorized Push Payment Fraud (Scams) occurs when a fraudster manipulates a genuine customer into making a payment to an account they control. There are a variety of types of authorized push payment fraud, including romance scams, invoice scams and a handful of others. (APP) still not covered by Reg E

APP fraud happens in all geographies but is talked about most frequently in the U.K. This is because they have over a decade of experience in real-time payments and more recently rolled out the Contingency Reimbursement Model (CRM) which has brought APP fraud front and center. The CRM is a whole article in itself, so let’s set that to the side and focus on APP fraud.

APP fraud is when a consumer is manipulated, through social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests.", into making a payment into an account that a fraudsterFraudster A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. controls. It comes in a variety of forms – romance scams, investment scamsInvestment Scams When a caller claims to have a promising investment opportunity that will help you get rich quick, it's likely a scam., invoice scams, imposterImposter An impersonator is someone who imitates or copies the behavior or actions of another. There are many reasons for impersonating someone, such as: part of a criminal act such as identity theft, online impersonation scam, or other fraud. This is usually where the criminal is trying to assume the identity of another, in order to commit fraud, such as accessing confidential information or to gain property not belonging to them. Also known as social engineering and impostors. scams, etc. but it has one common element: the consumer logs in and executes the payment.

The CFPB commentary refers to consumers who are scammed into divulging sensitive information that enables a fraudster to take over their account, and the fraudster executes an unauthorized payment. That is different than APP fraud.

It seems clear to me that the CFPB is stating that Reg E can be applied to scams that lead to account takeovers, not scams that involve genuine customers executing fraudulent payments.

If this scamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost., why not that scam?

Ok, so why does Reg E cover one type of scam but not another? An interesting thread to tug on some more.

When a consumer is manipulated into logging in and making a payment, they are a victim of the same psychological manipulation as when they fork over their log-in information/OTP to allow a fraudster to do it. Does the act of being the one pushing the buttons mean they are in anymore control?

Some will argue, yes. They’ll say, if you’re actually the one logging in and sending the payment you should at some point be aware the payment you are sending may be fraudulent.

But that perspective ignores the fundamental purpose of social engineering. People are not behaving in a manner they normally would. People’s minds and emotions are preyed on systematically and strategically. And that can be applied to instances of logging in and executing the payment.

So, why is the scam that leads to an account takeoverAccount Takeover Account Takeover (ATO) are the unauthorized access of a user’s account in order to steal identity credentials, execute a fraudulent transaction or engage in varying types of abuse. covered by Reg E, but the APP scam is not? Isn’t the consumer vulnerable to social engineering in both cases?

Negligence

Let me be clear, I am not arguing for liability one way or the other, I am simply exploring consistency. And on that point… let’s talk negligence. In the CFPB’s commentary, they stated that banks can not consider consumer negligence when determining liability under Reg E. And remember this is the scam where a consumer is being manipulated to give up their information and having their account taken over.

I clearly understand the sophistication of scams, but does that mean a consumer should have no responsibility when taking care of their sensitive information? I don’t think it’s helpful to not allow negligence to be considered at all. When you do this, you remove all responsibility from the consumer and set up an environment where folks are more likely to be careless.

Summing it all up

Determining liability in scams will always be tough, which is why I am not arguing one way or the other. However, I do think we should find more consistency in the interpretation of scams. My personal opinion is a scam is a scam, no matter who executes the final payment. Now, where do you draw the lines of responsibility and liability, that’s the million-dollar question. And no matter how you answer you should agree the best option is to prevent it before it happens. Layering education, technology and awareness to proactively stop as many scams as possible will always be the course we can all agree on!

---

A New Reimbursement For U.S. Scam Victims May Be An Option

The implication of Regulation E is clear and for some victims, it may be a way to recover money stolen by scammers.

To qualify you MUST answer these questions:

• Are you a U.S. resident?
• Did you give access or allow your scammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. to have access to your bank account?
• Did the scammer withdraw any money from your account directly – without your direct participation?

IF YOU ANSWER YES TO ALL THREE YOU MAY QUALIFY FOR THIS.

However – there is a ONE-YEAR STATUTE OF LIMITATIONS – meaning this will only work for scammer-enacted withdrawals or transfers within the last YEAR!

The Reg E Dispute Submission Process May Differ From Bank To Bank

Some banks may require you to submit your dispute in writing, even though you already gave it to a representative over the phone.

Some banks, such as First Interstate Bank, have an online form. The form, which is used for debit card and ATM card disputes, asks for information such as:

• the amount of the transaction you’re disputing
• the type of merchandise or service
• the date the transaction was made
• the date the transaction posted to your account
• whether you had lost your debit card

However, the U.S. Federal Reserve also has a dispute reporting process that we recommend that you do simultaneously with submitting it to the bank.

To file a dispute claim through the United States Federal Reserve visit here: What do I do once I’m ready to file a complaint? | Federal Reserve Consumer Help

Follow the instructions exactly as written.

Reference

Important Links:

• CFPB releases unauthorized EFTs and error resolution FAQs | Buckley LLP Infobytes Blog (buckleyfirm.com)
• 12 CFR Part 1005 – Electronic Fund Transfers (Regulation E) | Consumer Financial Protection Bureau (consumerfinance.gov)
• Electronic Fund Transfers FAQs | Consumer Financial Protection Bureau (consumerfinance.gov)
• Final Rules | Consumer Financial Protection Bureau (consumerfinance.gov)