Have you ever been in a situation where it’s time to split the check for dinner at a restaurant with friends?
Usually, this would involve digging around through wallets and purses or maybe scribbling down names on napkins of who owes how much for their meal. With third-party online banking apps or reg e banking , one can avoid these challenges.
Times have changed. To split a bill, people typically grab their phones to fire up electronic peer-to-peer payment apps. The app then allows you to transfer money electronically for the amount owed and pay your friend who covered the bill. When you transfer money from bank to bank, many of us take comfort in the convenience that online banking offers, but for scammers, it’s a great way to commit fraud.
In today’s digital banking environment, example of a peer-to-peer payment mobile apps are like Apple Pay and Venmo also pose a risk to both customers and financial institutions. These risks can be mitigated with greater awareness of the security measures in place as well as clear education on what your options are to protect yourself.
So, who is liable for unauthorized electronic fund transfers (EFTs) using peer-to-peer payment apps from their mobile phone or smart devices? The answer is: it depends.
What is an Electronic Fund Transfer?
The definition of an electronic fund transfer (EFTs) is an electronic system that transfers funds from one person’s account to another. Examples of electronic fund transfers include by check, wire, or debit card transactions over the internet. When using a p2p money transfer app, it depends on the type of third-party banking app you’re using, whether or not it’s a digital bank, and what state your account is in. For example, a p2p payment transfer made from a bank account to another person’s bank account is different when transferring money from one institution to another.
If the consumer has an online checking account with Chase Bank and tries using the p2p app Venmo for their payments, even though it uses the same type of electronic funds transfers as PayPal (a digital banking service), they are two separate institutions and Regulation E liability does not apply.
But say that they make a transfer from bank to bank using Citibank or Wells Fargo – since these banks offer both traditional “brick-and-mortar” branches AND virtual/digital banking services, then regulation E liability can be applied in this scenario because p2p’s use EFT technology which applies to all transactions regardless of what state the consumer lives in.
You should do your due diligence when deciding what p2p payment providers your institution is willing to work with to mitigate the risk associated.
What is Reg E Banking Liability for p2p payments Apps.
Digital banking apps are regulated by the Electronic Funds Transfer Act (EFTA). Under EFTA, p910 transfers from your account to someone else’s account or p990 payment requests for money withdrawn from an ATM instead of cash are not subject to Regulation E banking liability because they’re considered fraudulent if you don’t initiate them yourself.
What is Regulation E Banking Liability?
Regulation E banking liability refers to when you give your credit card number and personal information for online p2p transactions, as well as phone banking transactions like Venmo on mobile apps. When this happens, the p2p transfer may create potential risks of identity theft through breaches in security protocols by trusted third parties such as banks and financial institutions who store your data electronically for p2p payments – including Apple Pay – which could lead to bank fraud.
The breach of your consumer’s private information poses a risk because p990 payment requests can be made without inputting the rest of the account holder’s information.
What Transactions Does Regulation E Cover?
The following types of transactions are electronic fund transfers and fall under Reg E, according to the CFPB: Specifically, Regulation E applies to:
- Point-of-sale transfers
- Automated teller machine (ATM) transfers
- Direct deposits or withdrawals of funds
- Transfers initiated by telephone
- Debit card transactions
How does Regulation E protect me?
Regulation E allows you to dispute verities of these types of errors:
- Unauthorized electronic funds transfers (EFTs)
- Incorrect EFTs to or from your account
- Omission of an EFT from your bank statement
- Computational or bookkeeping errors made by your bank regarding an EFT
- Receipt of an incorrect amount of money from an automated teller machine (ATM) or other electronic terminal
- Errors involving pre-authorized transfers
- Requests for additional information or clarification concerning an EFT (citation)
However, CFPB rules don’t cover all types of electronic transactions, however. Excluded from the list are:
- Routine inquiries about account balances
- Requests for information for tax or recordkeeping purposes
- Requests for duplicate copies of documentation, such as bank statements
How does Regulation E Banking protect me if my debit card is stolen?
Regulation E could limits your liability if your debit card is stolen. The earlier you report a lost or stolen debit card, the lower your maximum liability is if unauthorized charges are made with the card. The longer that you wait to report a lost or stolen debit card, the higher your personal liability will be if the card is used for unauthorized charges.
A guide to consumer liability for lost or stolen debit cards can be found here.
What is p910?
P910 transfers from an individual to another individual are subject to Regulation E liability, which protects consumers against errors in payments and fraudulent use or theft by requiring that they receive a notification. Institutions transferring peer-to-peer transactions through third-party online banking apps and digital banks must accept disputed “pending” payments. To resolve any unauthorized transactions, you must follow the error resolution procedures in section 1005.11 of Regulation E.
Unauthorized transactions are electronic fund transfers from a consumer’s account initiated by a third party and from which the consumer does not benefit.
The Electronic Funds Transfer Act and Regulation E provide rules for electronic funds transfers (EFTs) that involve consumers, govern transfers by mobile phone apps, electronic banking, and other emerging technologies. It is a federal law that governs the rights and liabilities of consumers who initiate transactions through various types of electronic banking services.
This includes banks that provide these banking services through third-party applications on mobile. The ground rules, liabilities, and rights of customers who make transfers using peer-to-peer payment systems—including banks that provide these banking services to their customers through a third-party app—are set out in the EFT Act and its implementing rule, Regulation E.
If the dispute is not for unauthorized or fraudulent reasons, then you may disregard it and advise your customer to contact the vendor. Regulatory compliance responsibility for peer-to-peer payment transfers through third-party apps, such as PayPal or Venmo, falls to the app facilitators.
They would be considered a service provider that does not hold the consumer’s account as prescribed under § 1005.14(b) and commentary of Regulation E, for which they create an exemption for certain third parties to acquire access to funds on behalf of their customers without provisions detailed therein. If the peer-to-peer application is acting as an electronic fund transfer service provider, then they are subject to Regulation E.
However, the matter is between the payment application and the user. The financial institution’s only responsibility is to provide periodic statements, so customers and providers can identify transactions that may be disputed. The payment application would be the service provider, and the users are their customers. Payment applications should have explicit agreements with their consumers that outline what funds may be accessed when using p2p technology.
For instance, PayPal’s user agreement states they “may request access to your full balance or any portion of it up to a maximum amount we specify from time to time for transactions through our Services. You can decline this authorization at any time by contacting Customer Service on our website or by calling us toll-free at…” The p2p app company is responsible if funds were withdrawn inappropriately because they authorized the transaction in their terms of use (agreement) with both parties involved in transferring money between Where p2p payments are processed through third-party apps that have their own terms of service agreements, they may offer less protection than when such services are offered directly by banks through contracts subject to regulation.
Customers who want more protections for p2p funds transfers can choose providers regulated as financial institutions instead of providers that merely provide information about banking products but don’t hold deposits themselves (like Visa). Is it possible that provisional credits will be used to offset an institution’s reserve requirement? Your financial institution may not provide a provisional credit until you gain further information about the transaction or hear from the merchant.
The two exceptions to the requirement for provisional credit outlined in Regulation E are limited:
If your institution requires written confirmation of the customer’s claim that the transaction was unauthorized before taking any action to reverse it but if the consumer does not provide written confirmation of their claim within 10 business days, you do not need to provide provisional credit.
If your institution does not require written confirmation to take action, you will have up to 10 days after learning about the dispute or receiving notification of a problem with the transaction before having to provide any provisional credit. Once you have been notified of an error and/or your responsibility for provisionally crediting funds under Regulation E or T, immediately credit the customer’s account with the amount in dispute (less any applicable fees) by means that will ensure prompt crediting.
You must also provide written confirmation within five business days indicating what action was taken, when it occurred, and how much was credited. The second circumstance is applicable if the alleged error involves an account subject to Regulation T requirements (i.e., checking accounts).
In these cases, there may be no need for provision credits because funds would already be available through daily settlement. With more people becoming comfortable with mobile banking apps and peer-to-peer payment transfers, financial institutions need to address the risks and compliance challenges posed by digital banks.
The regulation E liability is particularly pertinent when prying into digital p2p banking apps because they allow consumers to transfer funds in an instant manner that doesn’t require them to find a branch location or even have an account.
For additional information, check out the recently updated FAQs on Regulation E by the CFPB. If you want to learn more about the best practices with regards to mitigating Regulation E liability or other related topics, don’t forget to subscribe to our blog!
If you would like to speak to one of our experts, feel free to contact us and we’ll be happy to help your institution mitigate your risk associated with Regulation E!
Make sure your institution stays up-to-date as the industry is constantly changing!