What questions do you ask the customer to determine if the transaction was unauthorized?

Financial institutions are not the ACH police. If the customer is willing to sign a Written Statement Under Penalty of Perjury (a/k/a WSUPP) - the transaction is unauthorized. The matter is then between the customer and the merchant. (A sample form is on OG 59 of the NACHA Rules.)

The various reasons for re-credit and adjustment are in Article 7, which starts on OR19.

I would just make sure the customer understands that the possibility exists that they could face perjury charges if they are lying and merchant pursues it.

Also, when talking to your customer, try to determine if what they are asking for is the rare ACH stop payment (R08) instead of a return for non-authorization (R10) or revoked authorization (R07). We've found that often there is some confusion on this issue, and if the customer is simply trying to stop a SINGLE debit that he or she has issued (or has otherwise authorized in error), but he or she wishes to maintain an ongoing relationship with the merchant or biller, an R08 would be more appropriate. (An R07 could be used if the customer authorized the payment and then realized he or she made a mistake, but that return reason code sends a bit of a different message to the Originator than an R08, in my opinion.) Also, you as the RDFI cannot charge a fee for returning items as R07/R10, but if the customer is genuinely intending an R08 and ends up asking for that instead of one of the other two codes, then conceivably you could charge a stop pay fee if you were so inclined.

I agree with RandomName, charging the customer a fee for unauthorized is adding insult to injury. It's very easy today for a scammer to initiate a debit to anyone's account, all the information needed is on every check issued. Some customers use this to their advantage, claiming unauthorized (to avoid a fee) when they changed their mind about an ongoing bill and really want to revoke the authorization or stop payment.

As for stopped payments, whether or not subsequent debits are attempted depends on the nature of the transaction. If it is something like club dues, if you stop September's payment you may get a debit for October's payment next month. If, on the other hand, the debit is for a loan payment, most systems will post any amounts received to the earliest payment due. If you stop September's and don't otherwise pay it, a successful debit in October will apply to the system as September's payment. As an originator with this type of system, we treat stop payment returns the same as account closed, authorization revoked or unauthorized - future debits are blocked and the customer is contacted for other payment arrangements.

An unauthorized ACH on a consumer account is subject to Regulation E's §205.11. Regulation E does not allow a bank to assess a fee for a customer's successful initiation of a claim under §205.11. But you can, as said earlier, assess a stop fee for future transactions.

YOu will want to counsel the customer to cancel in writing any future authorization for things like club dues, etc., if that's what's needed. Of course, that doesn't mean the club will stop, so there's the possibility that there will be future unauthorized transfers. Since handling these can be a hassle both for you and for your customer, it might be wise to place a "freebie" stop on your system to try to prevent these items from posting.

It it's not a consumer but a business and an employee without the right to do so authorized for the debit, can we send the ACH back?

How long can a customer take to advise us if a debit to his account is unauthorized? In other words, beyond what period is he/she unable to recover such a debit.

Our customer can authorize a merchant to initiate a debit via ACH- perhaps to pay for an insurance policy or some such item; can we insist that the customer also pre-advises US that he has done this otherwise we will not accept the debit?

Look at the bank's EFT disclosure. You should have disclosed to your consumer customers exactly how much time they have to inform you of an unauthorized transaction. It is probably something like 60 days from the date of the first statement that contained the error.

I believe business customers have 24 hours.

I don't recall seeing anything in RDFI rules that allow us to require a customer to provide us with a pre-note.

If you have identified some internal ACH issues at your bank, you might want to check with your local ACH clearinghouse to determine the date of the next ACH seminar. These rules are extremely confusing and you can expect to attend the seminars on a regular basis to keep up to speed with NACHA and Reg E rules. These classes are excellent sources of information as well as providing a great networking opportunity with other local bank ACH administrators.

I don't know about "more smarter," but let's start by suggesting a review of §205.6(c) to learn the answer.

Although the bank will not be under any requirement to comply with §205.11 (error resolution procedures) if the consumer fails to notify the bank within 60 days of when the statement showing the unauthorized electronic fund transfer (UEFT) became available, §205.6 results will not change with regard to the customer's claim for reimbursement.

Let's refer to the period that starts with the date of the UEFT and ends on the 60th day following availability of the statement showing that UEFT as the "protected time." Any UEFT occurring within the "protected time" (as long as it's done by the same party or within the same scheme) will be covered by the consumer's §205.6(c) liability limit. If the UEFTs don't involve access devices, that limit is $0. That liability limit applies to the "protected time" regardless of when the consumer notifies the bank of the UEFTs. Unlike the UCC, there is nothing in Regulation E that provides for a deadline for notice (one year or a shorter contractual period for unauthorized checks).

The consumer's notification to the bank affects his liability for UEFTs (assuming again, no use of access device) only with respect to UEFTs that occur after the "protected time." The consumer will be liable if the UEFT takes place after the "protected time" and before notification to the bank.

Mr. Burnett, could you clarify this a bit by providing an example involving dates of various unauthorized ACH debits, the statement date, and the customer's notification date?

Here is an example I used in a webinar yesterday on Reg. E that may demonstrate the point.

Date - Event
June 1 - Access card lost
June 15 - UET $500
July 15 - UET $500
August 15 - UET $1,000
September 1 - UET $1,000
Bank statements were sent on June 15, July 15, August 15 but not reviewed.
September 16 - Discovers card gone, calls bank

The customer notifies the bank in a timely manner of realizing the loss and has a $50 liability for that. Liability is increased because the statements were sent and the customer did not review them in a timely manner. The last $1,000 is then on the customer.

Andy's example is good because it illustrates how §§205.6(a)and (c) can work together. The $50 comes from subsection (a). Subsection (c) covers the $1,000.

I'll add a "fact not in evidence" to Andy's case. Suppose that the customer doesn't enter her claim for a refund until December 15 of the next year. Her first notice to the bank on 9/16 effected a "hot" status on her card, and "stopped the bleeding." But when she finally woke up and reviewed her bank statements, she notes all those UETs, as Andy calls them (Unauthorized Electronic Transfers). Never mind how it is that she remembers in December of the next year that these are unauthorized. It's a case study. Work with me.

Her liability for the UETs doesn't change (and the bank's liability to her doesn't either) with the passage of the year. She can still recover all but the $1,050 Andy correctly points out. But, since she has gone well beyond the point where §205.11 applies, you don't have to deal with all the technical requirements of §205.11 when dealing with her claim.

Of course, in the real world, your bank would have queried this customer adequately so that the UETs would have been discovered and taken care of soon after 9/16 when she announced the loss of her card. Even then, §205.11 requirements would not have applied, since the 60 day limit would have lapsed. But you would have been able to deal with some fresher information.