Can you state in an Internet Banking agreement that the bank accepts no liability for unauthorized payment or transfer made using the customer's password that occurs before customer has notified us of possible unauthorized use. That seems to go against Reg E, where the bank has to accept liability if the customer notifies us in a timely manner. What if the customer is at the library accessing their account and inadvertently leaves the computer, someone comes along and transfers by bill payment funds to their own account. Can we push this liability to our customer? I don't feel Reg E allows that. Any thoughts?

Trust your instincts on this. The EFTA and Regulation E protect the customer from his own lack of care or even outright stupidity. The customer cannot sign away any of his rights in his Internet Banking contract.

If the Fed has already opined that writing your PIN on an ATM card doesn't prevent you from collecting on an unauthorized transaction made with your stolen card (assuming you contact the bank in time), then I don't hold out much hope that things would be any different for an Internet EFT at the CyberCafé that occurs while you're in the powder room.

The consumer holds all the cards on this Reg. (Pun intended).