ClickCease

CFPB Regulation E Update: Onus on Banks for Better Fraud Prevention

Prove
August 5, 2021

The Consumer Financial Protection Bureau (CFPB) made waves in the financial industry last month when it came out swinging after a four-year slumber under the deregulation-friendly Trump administration to publish a compliance aid that prevents banks from exploiting loopholes in Regulation E. Now that banks and other financial institutions are back on the hook for reimbursing their customers who have fallen victim to fraud, they have a bigger financial incentive than ever before to invest in fortifying one-time passwords and leveling up their biometric game to protect their bottom line. 


If you’ve ever sent money to a friend over Venmo after a shared meal, transferred funds from your savings account to your checking account in a pinch, withdrew cash from the ATM before a vacation, or paid your electric bill online at the end of the month, you’ve enjoyed the ease and convenience of authorizing an electronic fund transfer (EFT). Unfortunately, as legitimate EFTs become a daily part of our lives, unauthorized EFTs are becoming all too common. According to the Fed, an unauthorized electronic fund transfer is an EFT from a consumer’s account initiated by a person other than the consumer without authority to initiate the transfer and from which the consumer receives no benefit. In layman’s terms, an unauthorized EFT is simply when a crook gains access to a customer’s bank account or credit card information and steals every last penny. Fortunately, considering just how common they are, unauthorized EFTs don’t mean financial ruin for victims thanks to the Electronic Fund Transfer Act of 1978 and its companion policy, Regulation E.


Intending to prevent bankruptcy for consumers who risk losing everything to unauthorized EFTs and maintaining a trusted and safe digital banking system, Congress passed the Electronic Fund Transfer Act, signed into law by President Jimmy Carter in 1978. At its core, the legislation transfers the liability for unauthorized EFTs from the consumer to the financial institution. In his reporting for The American Prospect, journalist David Dayen explains: “As long as the consumer reports the unauthorized transfer within 60 days, the financial institution must investigate the matter and credit the consumer’s account if they find the transfer to be unauthorized. Depending on the circumstances, the consumer may have to take a hit of up to $500, but the limit on liability is even more stringent (no more than $50) if the consumer informs their bank within two business days. The financial institution picks up the rest of the cost.”


Since the law was passed, rates of fraud have increased astronomically. Today, teams of skilled fraudsters turn a profit by imitating bank representatives to fool vulnerable individuals, especially older folks, into handing over their banking information. In 2020, credit card fraud alone totaled an estimated $11 billion in the United States. In order to avoid costly pay-outs, financial institutions have increasingly begun denying restitution to victims of unauthorized EFTs by arguing that if a customer willingly gives out their personal information (password, pin, etc.), they are “personally negligent,” regardless of whether they were fooled into doing so under false pretenses, and therefore ineligible. In June, however, the CFPB weighed in and closed this loophole once and for all, coming down on the side of consumers. The CFPB ruled that a consumer who is fraudulently induced into providing account information has not furnished an access device under Regulation E. Electronic fund transfers (EFTs) initiated using account access information obtained through fraud or robbery fall within the Regulation E definition of unauthorized EFT.


This ruling will save millions of defrauded consumers from being held liable for bogus charges and encourage banks to invest in the next generation of fraud prevention processes and tools.


Because mobile phones are now an integral part of digital banking, banks and other financial institutions are increasingly looking to Phone-Centric Identity™ to prevent fraud, especially in the wake of the CFPB’s new regulation. Fortified 2-Factor Authentication using Prove Instant Link™, Prove Trust Score™, and Prove GaitAuth™ are best-in-class products that banks can use to dramatically cut down on social engineering fraud while improving customer experience.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Keep reading

See all blogs
Developer Blogs
Introducing the Prove Developer Portal

Learn about the new Developer Portal and how it can help developers implement identity verification.

Alec Pomnichowski
April 1, 2025
Developer Blogs
Developer Blogs
How to Streamline Identity Verification with Minimal User Friction Using KYC Software

Learn how to streamline identity verification with KYC software while maintaining a seamless user experience.

Samuel Umoren
March 21, 2025
Developer Blogs
Developer Blogs
Choosing the Right Authentication Protocol: A Developer's Guide to SAML and OpenID Connect

Compare SAML and OpenID Connect in this article to understand their differences and learn when to use each protocol for secure authentication.

Amakiri Welekwe
March 20, 2025
Developer Blogs