I believe the MSNBC article left out some important information. I firmly believe that the customer is not liable for unauthorized transfers effected by means of bogus debit card copies.
If the bogus cards are fabricated using "skimmed" card data that are pirated from mag stripes on legitimate cards (ATM add-on, card leaves customer at gas station or restaurant, etc.), the card that's used for the unauthorized transfers isn't an accepted access device; the customer cannot be liable. If the fraudulent cards are manufactured using data phished from the customer, that's deception, and giving up one's access device data in a fraud scam is not an authorization under Regulation E.
In the unlikely event there is a series of related unauthorized transfers and they extend over a long period of time, you might be able to lay off some of the liability on your customer under the "after 60 days from statement delivery" rule in section 205.6 of Regulation E. But that only addresses the transactions that take place after the end of that 60-day period. Most of the fraudulent card scams involve quick hits over one or two days, and then the card is tossed.
First published on BankersOnline.com 3/20/06
Debit Card Fraud - Refunding Customer's Money
Answered by:
Question:
Several of our customer accounts were recently accessed through a fraud scheme where fraudulent debit cards were produced and used to access the accounts. The bank has refunded the customers' money. A recent article on MSNBC implied that banks were not required to refund the money. Can you clarify this issue?
Answer: