Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Drawing the Line on Consumer Protection
Consumer protection regulations are designed to ensure that consumers are treated fairly in their dealings with a business. But what is fair from the perspective of the consumer is often quite different from that of the business when there is a dispute.
This post was triggered when I read an article about a series of lawsuits filed by consumers hoping to gain class-action status against financial companies in situations where the consumer has authorized an immediate payment from their account to someone who later turned out to be a fraudster. The consumers claim that they should be reimbursed by the financial institution because they were scammed.
Regulation E is quite clear on where the line is drawn as to the customer's liability in an electronic transaction. If the transaction is unauthorized, the customer's liability is generally zero as long as they report the transaction within a specified amount of time. The regulation is very specific in its definition of unauthorized: "an EFT from a consumer's account initiated by a person other than the consumer without authority to initiate the transfer and from which the consumer receives no benefit." In the cases discussed in the article I read, the consumers admit that they voluntarily initiated the push payment transactions, so the financial institutions appear to be justified in denying reimbursement because the transactions did not meet the definition of "unauthorized" and therefore the liability protections of Regulation E did not apply.
In a late 2021 post, I wrote about how banks in the United Kingdom have adopted a Contingent Reimbursable Model (CRM) that could give customers who are victims of authorized push payment scams some financial relief. The debate within the United Kingdom as to how equally the CRM is applied continues to this day, with consumers claiming that it doesn't go far enough to ensure that financial institutions fairly and uniformly evaluate a consumer's claims.
As push payment usage continues to increase in the United States, is there a need to redraw the line by implementing regulations that will give greater protection to consumers in such scams? While I am empathetic toward those who suffer these financial losses, I believe the payments industry has made a reasonable and good faith effort to educate customers when they should use authorized push payments and when they should not. What do you think?