Some scary reports are surfacing that several major financial institutions are no longer reversing all fraudulent transactions, even when victims report to the police. If true, it’s a disastrous move that will hurt the institutions painfully.
“Under a 1978 federal rule called Regulation E, banks are required to fully charge customers if their money is stolen from a consumer account through an electronic payment initiated by another person. Since Reg E was written long before payment apps existed, the Consumer Financial Protection Bureau issued guidelines last year stating that the law covered all person-to-person online payments. The agency clarified that all unauthorized online money transfers — meaning any payment initiated by anyone other than the customer and without the customer’s consent — was the bank’s liability. But despite the updated guidelines, in many cases, banks are refusing to refund customers who claim — often with supporting documentation — that money has been stolen from their accounts. The banks rarely give clear explanations for their decisions, which means that victims have few recourse options.”
The story cited numerous examples of customers, including some who filed police reports, whose financial institution had denied their fraud charges. Some, but not all, of those companies reversed that policy after a reporter called.
That’s wrong on so many levels, and it sounds less like “we revised the decision and discovered a mistake” and more like “Uh-oh. We just got caught.”
Let’s say the law is clear and banks and other institutions cannot simply refuse to refund customers because they don’t want to. Instead, let’s explore why such a move is counterproductive and self-destructive.
A brief background: Many of the issues here are similar to the zero-liability policies of the major credit card brands (MasterCard, Visa, AmericanExpress, Discover, etc.). That rule was introduced decades ago. The goal was not directly to protect consumers, but to increase e-commerce revenue by making those consumers comfortable using their credit and debit cards for transactions. But even after that consumer fear subsided, the program stuck.
That program simply said that if a card transaction is fraudulent, the FI in question would reimburse it in full. Technically, it initially said everything after $50, but the industry eventually paid for all the fraud. (Note: That program does a lot more to protect credit card purchases than debit card purchases, but that’s another story. Basically, avoid using a debit card online ever.)
Back to the current situation. The banks that fail to pay for all fraud transactions give industry rivals a huge gift. Those competitors can proudly say, “Unlike Capital One, Bank of America, Wells Fargo and Chase (the banks that Time piece), we protect all our customers. If you are defrauded, we will reimburse those costs. And if you send us a copy of a police report you’ve filed, we’ll even waive an investigation, except to confirm that the police report has been filed.”
Getting worse. What do you think will happen if even more institutions stop covering fraud losses? The losses will go from them to their customers. Since most professional thieves fear big banks much more than individual victims, fraud will accelerate even more than it already has.
Then there are the lawsuits. For the most part, consumers scammed by thieves had few legal steps to take against their bank, whose lack of cybersecurity often allowed the fraud. Aside from a ruling that they might be compensated for the time they spent cleaning up the mess, few companies suffered enough cash losses to make a trip to civil court worthwhile or even likely to succeed. .
If this bad behavior continues, that all changes. A loss of five figures (or more) increases the likelihood that consumers will file a lawsuit. And given the size of these banks, that lawsuit will quickly turn into class action lawsuits — and they’ll have an excellent chance of winning.
The fraud described here is mostly P2P digital transactions, such as Zelle, Venmo, Cash App and PayPal. That shouldn’t make any difference. From the customer’s perspective, it’s all payments. They expect to be protected.
Copyright © 2022 IDG Communications, Inc.