CFPB Regulation E Update: Onus on Banks for Better Fraud Prevention

August 5, 2021

The Consumer Financial Protection Bureau (CFPB) made waves in the financial industry last month when it came out swinging after a four-year slumber under the deregulation-friendly Trump administration to publish a compliance aid that prevents banks from exploiting loopholes in Regulation E. Now that banks and other financial institutions are back on the hook for reimbursing their customers who have fallen victim to fraud, they have a bigger financial incentive than ever before to invest in fortifying one-time passwords and leveling up their biometric game to protect their bottom line. 

If you’ve ever sent money to a friend over Venmo after a shared meal, transferred funds from your savings account to your checking account in a pinch, withdrew cash from the ATM before a vacation, or paid your electric bill online at the end of the month, you’ve enjoyed the ease and convenience of authorizing an electronic fund transfer (EFT). Unfortunately, as legitimate EFTs become a daily part of our lives, unauthorized EFTs are becoming all too common. According to the Fed, an unauthorized electronic fund transfer is an EFT from a consumer’s account initiated by a person other than the consumer without authority to initiate the transfer and from which the consumer receives no benefit. In layman’s terms, an unauthorized EFT is simply when a crook gains access to a customer’s bank account or credit card information and steals every last penny. Fortunately, considering just how common they are, unauthorized EFTs don’t mean financial ruin for victims thanks to the Electronic Fund Transfer Act of 1978 and its companion policy, Regulation E.

Intending to prevent bankruptcy for consumers who risk losing everything to unauthorized EFTs and maintaining a trusted and safe digital banking system, Congress passed the Electronic Fund Transfer Act, signed into law by President Jimmy Carter in 1978. At its core, the legislation transfers the liability for unauthorized EFTs from the consumer to the financial institution. In his reporting for The American Prospect, journalist David Dayen explains: “As long as the consumer reports the unauthorized transfer within 60 days, the financial institution must investigate the matter and credit the consumer’s account if they find the transfer to be unauthorized. Depending on the circumstances, the consumer may have to take a hit of up to $500, but the limit on liability is even more stringent (no more than $50) if the consumer informs their bank within two business days. The financial institution picks up the rest of the cost.”

Since the law was passed, rates of fraud have increased astronomically. Today, teams of skilled fraudsters turn a profit by imitating bank representatives to fool vulnerable individuals, especially older folks, into handing over their banking information. In 2020, credit card fraud alone totaled an estimated $11 billion in the United States. In order to avoid costly pay-outs, financial institutions have increasingly begun denying restitution to victims of unauthorized EFTs by arguing that if a customer willingly gives out their personal information (password, pin, etc.), they are “personally negligent,” regardless of whether they were fooled into doing so under false pretenses, and therefore ineligible. In June, however, the CFPB weighed in and closed this loophole once and for all, coming down on the side of consumers. The CFPB ruled that a consumer who is fraudulently induced into providing account information has not furnished an access device under Regulation E. Electronic fund transfers (EFTs) initiated using account access information obtained through fraud or robbery fall within the Regulation E definition of unauthorized EFT.

This ruling will save millions of defrauded consumers from being held liable for bogus charges and encourage banks to invest in the next generation of fraud prevention processes and tools.

Because mobile phones are now an integral part of digital banking, banks and other financial institutions are increasingly looking to Phone-Centric Identity™ to prevent fraud, especially in the wake of the CFPB’s new regulation. Fortified 2-Factor Authentication using Prove Instant Link™, Prove Trust Score™, and Prove GaitAuth™ are best-in-class products that banks can use to dramatically cut down on social engineering fraud while improving customer experience.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.

Keep reading

See all blogs
Prove’s Tim Brown Explains How to Reduce Fraud and Improve Onboarding with Identity Verification

Reporters from GreenSheet, a popular publication that highlights trends in the banking, financial services, and fintech markets, recently met with Prove’s Global Identity Officer, Tim Brown to learn how advanced identity verification solutions are driving faster and better digital customer onboarding.

Kaushal Ls
May 21, 2024
Prove CEO Rodger Desai Featured on Fintech Leaders Podcast

Prove CEO and co-founder Rodger Desai was recently the featured guest on the Fintech Leaders podcast with fintech leader and entrepreneur Miguel Armaza. The two discussed the identity verification market, innovations in onboarding and customer enablement, and explained how smartphone data provides the most effective way to verify customers.

Kelley Vallone
May 16, 2024
Marketplace Risk Proudly Names Prove as the Leader in Identity Authentication

Marketplace Risk, a leading authority in risk management for online platforms, has announced the recipients of its annual Solution Provider Excellence Program. This prestigious initiative spotlights industry leaders in risk, trust, and safety solutions, showcasing their expertise in addressing the challenges encountered by digital marketplaces, gig economy, and digital platforms. Among the winners is Prove.

May 15, 2024