Electronic Fund Transfers

AGENCY:

Board of Governors of the Federal Reserve System.

ACTION:

Proposed rule; official staff interpretation.

SUMMARY:

The Board is publishing for comment a proposal to revise the Official Staff Commentary to Regulation E (Electronic Fund Transfers). The commentary interprets the requirements of Regulation E to facilitate compliance by financial institutions that offer electronic fund transfer services to consumers. The proposed revisions provide guidance on electronic authorization of recurring debits from a consumer's account, Regulation E coverage of electronic check conversion transactions, telephone-initiated fund transfers, and other issues.

DATES:

Comments must be received on or before August 31, 2000.

ADDRESSES:

Comments, which should refer to Docket No. R-1074, may be mailed to Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551 or mailed electronically to regs.comments@federalreserve.gov. Comments addressed to Ms. Johnson may also be delivered to the Board's mail room between 8:45 a.m. and 5:15 p.m. weekdays, and to the security control room at all other times. The mail room and the security control room, both in the Board's Eccles Building, are accessible from the courtyard entrance on 20th Street between Constitution Avenue and C Street, NW. Comments may be inspected in room MP-500 in the Board's Martin Building between 9:00 a.m. and 5:00 p.m., pursuant to the Board's Rules Regarding the Availability of Information, 12 CFR part 261.

FOR FURTHER INFORMATION CONTACT:

Kyung Cho-Miller, Natalie E. Taylor, or John C. Wood, Counsels, Division of Consumer and Community Affairs, Board of Governors of the Federal Reserve System, Washington, DC 20551, at (202) 452-2412 or (202) 452-3667. For the hearing impaired only, contact Janice Simms, Telecommunications Device for the Deaf (TDD), at (202) 872-4984.

SUPPLEMENTARY INFORMATION:

I. Background

The Electronic Fund Transfer Act (EFTA) (15 U.S.C. 1693 et seq.), enacted in 1978, provides a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund transfer (EFT) systems. The EFTA is implemented by the Board's Regulation E (12 CFR part 205). Types of transfers covered by the act and regulation include transfers initiated through an automated teller machine (ATM), point-of-sale (POS) terminal, automated clearinghouse (ACH), telephone bill-payment plan, or remote banking program. The act and regulation require disclosure of terms and conditions of an EFT service; documentation of electronic transfers by means of terminal receipts and periodic account statements; limitations on consumer liability for unauthorized transfers; procedures for error resolution; and certain rights related to preauthorized electronic transfers. The act and regulation also prescribe restrictions on the unsolicited issuance of ATM cards and other access devices.

The Official Staff Commentary (12 CFR part 205 (Supp. I)) is designed to facilitate compliance and provide protection from civil liability, under § 915(d)(1) of the act, for financial institutions. The commentary is updated periodically, as necessary, to address significant questions that arise.

II. Proposed Revisions

Supplement I—Official Staff Interpretations

Section 205.2—Definitions

2(a) Access Device

Several issues under Regulation E are raised by check conversion programs that allow a merchant to use a consumer's check as a source document to provide the routing, serial, and account numbers used to initiate an EFT. The Board has been asked whether the type of transaction described herein is covered by Regulation E and whether the check is an access device under Regulation E. Such a transaction is generally covered by Regulation E, but proposed comment 2(a)-2 would be added to clarify that a check used as a source document to initiate an EFT is not an access device. Proposed comment 3(b)-1(v) also addresses check conversion programs.

2(h) Electronic Terminal

Comment 2(h)-2 states that a POS terminal that captures data electronically is an electronic terminal if a debit card is used to initiate an EFT. Some have interpreted the provision narrowly to apply only when a debit card is used to initiate an EFT. Comment 2(h)-2 would be revised to reflect that a POS terminal that captures data electronically to initiate electronic transfers is an electronic terminal even if no access device is used to initiate an EFT such as when a check is used as a source document. Thus, the receipt requirements of § 205.9 would apply.

2(k) Preauthorized Electronic Fund Transfer

Section 205.2(k) defines a “preauthorized electronic fund transfer” as “an EFT authorized in advance to recur at substantially regular intervals.” Beyond that authorization, no further action by the consumer is required to initiate the transfer. Proposed comment 2(k)-1 would be added to clarify the definition.

2(m) Unauthorized Electronic Fund Transfer

Payments such as payroll or government benefits often are made by direct deposit to a consumer's account through the ACH. Rules of the National Automated Clearing House Association (NACHA) permit reversal of payments made in error in limited circumstances. Proposed comment 2(m)-5 would be added to clarify that reversals of certain direct deposits that were made in error are not unauthorized electronic transfers.

Section 205.3—Coverage

3(b) Electronic Fund Transfer

NACHA has established rules for a program in which a merchant may obtain information from a consumer's check to initiate a one-time ACH debit from the consumer's account for purchases or payments made in person by the consumer. The merchant uses electronic equipment to scan the MICR (Magnetic Ink Character Recognition) encoding on the check for the routing, account, and serial numbers of the check, and enters the amount to be debited from the consumer's account. Other entities have or are planning similar programs. Proposed comment 3(b)-1(v) would be added to clarify that where a check is provided at POS as a source document to initiate an EFT, the resulting transfer is covered by the regulation (see also proposed comment 2(a)-2).

NACHA has also considered rules for a variation on the electronic check conversion program described above in which the consumer provides a check, and the merchant or the merchant's financial institution would retain the check after it had been scanned. NACHA has solicited comment on this “merchant or financial institution-as-keeper” type of program, but has not yet approved its use. Some merchants, however, may be conducting electronic check programs of this type.

Regulation E applies where the consumer provides a blank or partially completed check as a source document that is scanned and retained by the merchant or the merchant's financial institution. To clarify the rights and responsibilities of the parties to a transaction where the check used as a source document is completed and signed by the consumer and is scanned and retained by the merchant, the transaction is an EFT and thus subject to Regulation E if the consumer authorizes it as such. (See cf. comment 3b-1(i).) Specific comment is solicited on this position and the extent to which merchants are currently carrying out transactions of the sort described.

NACHA has established rules for a pilot referred to as the “lock-box” program in which a merchant converts completed and signed checks received by mail to ACH debits. Consumers are informed of how the check payment will be processed. These transactions would not be covered by Regulation E since transfers originated by check are excluded from coverage. See § 205.3(c)(1).

Proposed comment 3(b)-1(vi) would be added to provide guidance on the regulation's coverage of bill-payment services where a consumer initiates payments via computer and the financial institution carries out the payment by check or draft. The definition of “electronic fund transfer” in § 205.3(b) covers these payments unless the terms of the bill-payment service explicitly state that payment by the bill payer will be made solely via check, draft or similar paper instrument.

3(c) Exclusions from Coverage

3(c)(1)—Checks

Proposed comment 3(c)(1)-1 would be added to provide guidance on NACHA's re-presented check entry (RCK) program, in which merchant payees (or their financial institutions or agents) re-present returned checks electronically. Written authorization from the consumer for the RCK debit is not obtained, although, the merchant payee usually has provided notice to the consumer that any returned item may be collected electronically if returned for insufficient or uncollected funds. The comment would clarify that an RCK transaction is not covered by Regulation E because the transfer is originated by check.

In some cases, a payee may impose a fee on the consumer, such as a collection or NSF fee, because the consumer's check was returned. The NACHA rules provide that the RCK debit must be in the amount of the original check. Therefore, the amount of the RCK debit may not be increased to include a fee, and the payee would have to initiate a separate debit to collect the fee electronically. Because an electronically debited fee would not be a part of the RCK debit, and appears to meet the definition of an EFT under Regulation E, it would be covered by the regulation and must be authorized by the consumer.

Proposed comment 3(c)(1)-2 would be added to provide a cross reference to proposed comment 3(b)-1(v), which provides guidance on the regulation's coverage of an EFT at POS where a consumer provides a check as a source document.

3(c)(6)—Telephone-Initiated Transfers

A transfer initiated by telephone is covered by Regulation E if it occurs pursuant to a telephone bill-payment or other written plan. Comment 3(c)(6)-1 would be revised to provide additional guidance on what constitutes a written plan. Proposed comment 3(c)(6)-2(v) would be added to clarify coverage of transfers initiated by audio or voice response telephone systems.

Section 205.6—Liability of Consumer for Unauthorized Transfers

6(b) Limitations on Amount of Liability

6(b)(1)—Timely Notice Given

Section 205.6 provides rules for a consumer's liability for an unauthorized transfer. The limitation on the consumer's liability depends, in part, on whether the unauthorized transfer takes place within or after two business days of the consumer's learning of the loss or theft of the access device. Proposed comment 6(b)(1)-3 would be added to clarify the timing on the two-business-day period.

Section 205.7—Initial Disclosures

7(a) Timing of Disclosures

The regulation generally requires that disclosures be provided at the time the consumer contracts for an EFT service or before the first transfer is made to or from the consumer's account. Comment 7(a)-2 currently provides an exception to the disclosure timing rules when the first EFT is a direct deposit. If the account-holding institution does not have prior notice of a direct deposit arrangement between the consumer and a third party, the institution must provide the Regulation E disclosures as soon as reasonably possible after the first direct deposit.

Comment 7(a)-2 would be revised to clarify that the special timing rules apply both to single and to recurring debits or credits. The account-holding institution may not always receive prior notice of a one-time or recurring credit to or debit from the consumer's account. For example, the consumer may authorize a third party to debit the account (without notifying the institution), and the third party's financial institution may fail to send prior notice to the consumer's institution.

7(b) Content of Disclosures

7(b)(10) Error Resolution

An error resolution notice must be provided as a part of a financial institution's initial disclosures under § 205.7 and annually under § 205.8. Comment 7(b)(10)-2 provides that a financial institution must have disclosed the longer error resolution time periods for resolving errors under § 205.11(c)(3) in order to use the longer times. In September 1998, § 205.11(c)(3) was amended to extend the error resolution time periods for new accounts (63 FR 5211, September 29, 1998). Comment 7(b)(10)-2 would be revised to reflect the amendment to § 205.11(c)(3).

Section 205.8—Change-in-terms Notice; Error Resolution Notice

8(b) Error Resolution Notice

If an institution seeks to use the longer error resolution time periods in § 205.11(c)(3), it must disclose them in the annual error resolution notice. Comment 8(b)-2 would be added to cross reference comment 7(b)(10)-2, which provides this guidance.

Section 205.9—Receipts at Electronic Terminals; Periodic Statements

9(a) Receipts at Electronic Terminals

9(a)(5) Terminal Location

Section 205.9(a)(5) requires that an ATM or POS terminal receipt contain the location of the terminal where the transfer is initiated, or an identification such as a code or terminal number. This section has been interpreted by some institutions to require a full description of the location (such as the street address) rather than simply a code. Comment 9(a)(5)-1 would be revised to clarify that a code may be disclosed. Comments 9(a)(5)(iv)-1 and -2 would be redesignated as comments 9(a)(5)-3 and -4.

9(b) Periodic Statements

Comment 9(b)-4 provides that an institution may permit, but not require, consumers to “call for” periodic statements. For clarity, the comment would be revised by changing the reference “call for” to “pick up;” no substantive change is intended.

9(c) Exceptions to the Periodic Statement Requirements for Certain Accounts

9(c)(1)—Preauthorized Transfers to Accounts

Section 205.9(c) lists the circumstances in which a periodic statement for EFT transactions is not required. Proposed comment 9(c)(1)-1 would be added to provide further guidance on the exceptions to the periodic statement requirements.

Proposed comment 9(c)(1)-2 would be added to clarify that the exceptions in § 205.9(c) apply to reversals of deposits made in error. (See also proposed comment 2(m)-5.)

Section 205.10—Preauthorized Transfers

10(b) Written Authorization for Preauthorized Transfers from Consumer's Account

Section 205.10(b) provides that recurring electronic debits from a consumer's account “may be authorized only by a writing signed or similarly authenticated by the consumer.” The phrase “similarly authenticated” was added to Regulation E in 1996 (61 FR 19678, May 2, 1996), and was intended to permit electronic authorizations. The supplemental information indicated that the authentication method should provide the same assurance as a signature in a paper-based system, and cited security codes and digital signatures as examples of authentication devices that could meet the requirements of § 205.10(b); and comment 10(b)-5 was added to the staff commentary to provide guidance on electronic authorizations.

The issue of electronic authentication methods has been further discussed in two Regulation E rulemakings in the past two years—first, in a March 1998 rulemaking in which the Board issued an interim rule permitting financial institutions to deliver electronically disclosures that are required to be given in writing (63 FR 14528); and second, in a September 1999 rulemaking in which the Board proposed more comprehensive rules for providing electronic disclosures under Regulation E (64 FR 49699) and certain other Board regulations. In these rulemakings, the Board again gave examples of authentication devices and expressed interest in learning about other electronic authentication methods.

Industry commenters suggested various alternatives for verifying a consumer's identity such as alphanumeric codes (combination of letters and numbers) or combination of unique identifiers (such as account numbers combined with a number representing algorithms of the account numbers). Some commenters requested additional examples of appropriate electronic authentication devices; many stated their concern that limiting the examples to security codes and digital signatures could be viewed as the Board's endorsement of particular methods, which could hinder the development of alternative authentication mechanisms. Other commenters disfavored examples of particular authentication mechanisms; they recommended that the Board defer to general principles set forth in various state and federal laws and legislative proposals. Consumer advocates, on the other hand, suggested that the Board should limit authentication methods to those that prevent documents from being altered without detection after the authentication is affixed, such as digital signatures.

The Congress has passed electronic commerce legislation that addresses, among other things, the use and acceptance of electronic signatures (broadly defined in the legislation) and records for electronic commerce in general. If the legislation becomes law, the “similarly authenticated” standard in Regulation E may become unnecessary. In the meantime, to ensure that institutions have flexibility in establishing authentication methods for purposes of § 205.10(b), comment 10(b)-5 would be revised. Any authentication mechanism that provides similar assurance to a paper-based signature (such as a mechanism that identifies the consumer and evidences the consumer's assent to the authorization) will satisfy the “similarly authenticated” standard. The word “text” is also substituted by “term,” no substantive change is intended.

The comment currently states that the person obtaining an electronic authorization from a consumer must make a paper copy of the authorization available to the consumer, either automatically or upon request. For consistency with Board rulemakings permitting the electronic delivery of disclosures, comment 10(b)-5 would also be revised to permit the person obtaining the authorization to provide a copy of the authorization to the consumer either in paper form or electronically.

The supplementary information to the Official Staff Commentary, discussing comment 10(b)-5 at the time of its adoption in 1996, stated that for home-banking systems, a security code used to “similarly authenticate” preauthorized transfers pursuant to § 205.10(b) must originate with the paying (account-holding) institution. The Board's position reflected concerns about the potential for increased liability for account-holding institutions associated with unauthorized use when a party other than the institution issued the code. Under NACHA operating rules, however (as well as operating rules of debit card networks), an account-holding institution is permitted to charge back to the payee's financial institution any transaction that was not properly authorized; thus, the payee's institution (or the payee) would bear the liability for unauthorized transfers. Accordingly, it seems unnecessary to require that a security code originate with the paying institution, provided the code meets the general standards for similar authentication discussed above.

Proposed comment 10(b)-7 would be added to address a situation where a consumer authorizes recurring charges against a credit card but in fact provides information for the consumer's debit card, for example, in an on-line transaction or in a telephone conversation with a merchant. Unlike Regulation E, Regulation Z and the Truth in Lending Act (12 CFR part 226) do not require a written, signed or “similarly authenticated” authorization for recurring charges to a consumer's credit card account. The proposed comment would clarify that when the consumer's account in fact involves a debit card, the payee is required to obtain an authorization in accordance with § 205.10(b), but may rely on the bona fide error provision in section 915(c) of the EFTA, provided procedures are in place to prevent such errors from occurring.

10(e) Compulsory Use

Section 205.10(e) prohibits a person from requiring a consumer to establish an account with a particular institution to receive electronic transfers, as a condition of employment. Comment 10(e)(2)-1 would be revised to clarify that an employer (including a financial institution) may specify an institution to receive direct deposits provided the employer also gives employees the option to receive their salary by check or cash.

Section 205.11—Procedures for Resolving Errors

11(a) Exception to the Periodic Statement Requirements for Certain Accounts

Comment 11(a)-2 would be revised to provide additional examples of when the error resolution rules are inapplicable because the consumer has not asserted an error.

Section 205.12—Relation to Other Laws

12(a) Relation to Truth in Lending

Comment 12(a)-1 would be revised to distinguish between two types of unauthorized transfers: those where a consumer's access device is used to withdraw funds from a checking account with an overdraft protection feature, and those where the consumer's access device is also a credit card separately used to obtain cash advances. Examples would illustrate how these rules apply in various situations.

Aggregation of Consumer Financial Information

The Board has been asked about the possible application of Regulation E to a service sometimes referred to as “aggregation” or “screen-scraping.” Aggregation is a service made available to consumers through an Internet web site, in which consumers are able to view their financial information from multiple sources, such as credit card, securities, and deposit accounts at a number of institutions. To enable the service provider (the “aggregator”) to obtain the information and make it available to the consumer at the aggregator's web site, the consumer may provide the aggregator with account numbers and passwords to access the consumer's accounts. In addition to allowing consumers to view accounts in one location, aggregators may offer consumers EFT services such as bill-payment.

To assist the Board in providing any needed guidance on Regulation E's potential coverage, comment is solicited on how these services that aggregate consumer financial information operate or plan to operate. Are aggregators providing or planning to provide bill-payment or other EFT services (in addition to information services)? To what extent do agreements exist between aggregators and account-holding institutions, governing matters such as procedures for access to information and for electronic transfers?

In addition, comment is solicited on the implications of a determination that aggregators are or are not financial institutions for purposes of Regulation E generally or under § 205.14. Typically, only one access device is contemplated to initiate an EFT to or from a consumer's account. Nevertheless, if a consumer enters a security code issued by the aggregator to access information on the aggregator's web site and the consumer initiates an EFT using a security code provided by the account-holding institution, the security code issued by the aggregator arguably meets the definition of an “access device.” Two access codes (the one provided by the aggregator and the other by the account-holding institution) are needed to initiate electronic transfers from the consumer's account from the aggregator's web site. Thus, the aggregator would be a financial institution for purposes of Regulation E.

If the aggregator is not a financial institution and an unauthorized EFT occurs through an aggregator's service, comment 2(m)-2 could be read to suggest that a consumer who has given the aggregator access to the consumer's account assumes liability for the transfers. The guidance in the comment, however, was not originally provided to address this situation.

III. Form of Comment Letters

Comment letters should refer to Docket No. R-1074, and when possible, should use a standard typeface with a type size of 10 or 12 characters per inch. This will enable the Board to convert the text into machine-readable form through electronic scanning, and will facilitate automated retrieval of comments for review. Also, if accompanied by an original document in paper form, comments may be submitted on 31/2 inch computer diskettes in any IBM-compatible DOS- or Windows-based format. Alternatively, comments may be mailed electronically to regs.comments@federalreserve.gov.

List of Subjects in 12 CFR Part 205

• Consumer protection
• Electronic fund transfers
• Federal Reserve System
• Reporting and recordkeeping requirements

Text of Proposed Revisions

For the reasons set forth in the preamble, the Board proposes to amend the Official Staff Commentary, 12 CFR part 205, as set forth below. Certain conventions have been used to highlight the proposed changes to the commentary. New language is shown inside bold-faced arrows, while language that would be deleted is set off with bold-faced brackets.

PART 205—ELECTRONIC FUND TRANSFERS (REGULATION E)

1. The authority citation for part 205 would be revised to read as follows:

Authority: 15 U.S.C. 1693b.

2. In Supplement I to Part 205, the following amendments would be made:

a. Under Section 205.2—Definitions, under 2(a) Access Device, a new paragraph 2. would be added;

b. Under Section 205.2—Definitions, under 2(h) Electronic Terminal, paragraph 2. would be revised;

c. Under Section 205.2—Definitions, a new heading 2(k) Preauthorized Electronic Fund Transfer, and a new paragraph 1. would be added;

d. Under Section 205.2—Definitions, under 2(m) Unauthorized Electronic Fund Transfer, a new paragraph 5. would be added;

e. Under Section 205.3—Coverage, under 3(b) Electronic Fund Transfer, new paragraphs 1.v. and 1.vi. would be added;

f. Under Section 205.3—Coverage, under 3(c) Exclusions from Coverage, a new heading “Paragraph 3(c)(1)—Checks” would be added;

g. Under Section 205.3—Coverage, under 3(c) Exclusions from Coverage, under newly added heading Paragraph 3(c)(1)—Checks, paragraphs 1. and 2. would be added;

h. Under Section 205.3—Coverage, under 3(c) Exclusions from Coverage, under Paragraph 3(c)(6)—Telephone—Initiated Transfers, paragraph 1. would be revised and paragraph 2.v. would be added;

i. Under Section 205.6—Liability of Consumer for Unauthorized Transfers, under Paragraph 6(b)(1)—Timely Notice Given, new paragraph 3. would be added;

j. Under Section 205.7—Initial Disclosures, under 7(a) Timing of Disclosures, paragraph 2. would be revised;

k. Under Section 205.7—Initial Disclosures, under Paragraph 7(b)(10) Error Resolution, paragraph 2. would be revised;

l. Under Section 205.8—Change-in-Terms Notice; Error Resolution Notice, under 8(b) Error Resolution Notice, a new paragraph 2. would be added;

m. Under Section 205.9—Receipts at Electronic Terminals; Periodic Statements, under Paragraph 9(a)(5)—Terminal Location, paragraph 1. would be revised;

n. Under Section 205.9—Receipts at Electronic Terminals; Periodic Statements, under Paragraph 9(a)(5)(iv), paragraphs 1. and 2. are redesignated as paragraphs 3. and 4. under paragraph 9(a)(5) and republished;

o. Under Section 205.9—Receipts at Electronic Terminals; Periodic Statements, Paragraph 9(a)(5)(iv) would be removed;

p. Under Section 205.9—Receipts at Electronic Terminals; Periodic Statements, under 9(b) Periodic Statements, paragraph 4. would be revised;

q. Under Section 205.9—Receipts at Electronic Terminals; Periodic Statements, under 9(c) Exceptions to the Periodic Statement Requirements for Certain Accounts, a new heading, Paragraph 9(c)(1)—Preauthorized Transfers to Accounts would be added and new paragraphs 1. and 2. would be added to the newly designated heading;

r. Under Section 205.10—Preauthorized Transfers, under 10(b) Written Authorization for Preauthorized Transfers from Consumer's Account, paragraph 5. would be revised, and new paragraph 7 would be added;

s. Under Section 205.10—Preauthorized Transfers, under Paragraph 10(e)(2)—Employment or Government Benefit, paragraph 1. would be revised;

t. Under Section 205.11—Procedures for Resolving Errors, under 11(a) Definition of Error, paragraph 2. would be revised; and

u. Under Section 205.12—Relation to Other Laws, under 12(a) Relation to Truth in Lending, paragraph 1. would be revised.

SUPPLEMENT I TO PART 205—OFFICIAL STAFF INTERPRETATIONS

Section 205.2—Definitions

2(a) Access Device

▸2. Check used as a source document. The term “access device” does not include a check or draft used as a source document to initiate an EFT. For example, a merchant may use equipment to scan the MICR (Magnetic Ink Character Recognition) encoding on a check (for the serial, account, and routing numbers) to initiate a one-time ACH debit from a consumer's account. The check is not an access device under Regulation E (12 CFR part 205), although the transaction is covered by the regulation (see comment 3(b)-1(v)).◂

2(h) Electronic Terminal

2. POS terminals. A POS terminal that captures data electronically, for debiting or crediting to a consumer's asset account, is an electronic terminal for purposes of Regulation E [if a debit card] ▸even if no access device◂ is used to initiate the transaction. ▸(See § 205.9 for receipt requirements.)◂

▸(2(k) Preauthorized Electronic Fund Transfer

1. Advance authorization. A “preauthorized electronic fund transfer” under Regulation E is one authorized by the consumer in advance of a transfer which will take place on a recurring basis, at substantially regular intervals, and require no further action by the consumer to initiate the transfer. In a bill-payment system, for example, if the consumer authorizes a financial institution to make monthly payments to a payee, and the payments take place without further action by the consumer, the payments are preauthorized EFTs. In contrast, if the consumer must take action each month to initiate a payment (such as by entering instructions on a touch-tone telephone or home computer), the payments are not preauthorized EFTs.◂

2(m) Unauthorized Electronic Fund Transfer

▸5. Reversal of direct deposits. A reversal of a direct deposit made in error is not an unauthorized EFT when it involves:

i. A credit made to the wrong consumer's account;

ii. A duplicate credit made to a consumer's account; or

iii. A credit in the wrong amount made to a consumer's account (for example, when the amount credited differs from the amount in the transmittal instructions). If, however, there is a dispute whether the account holder is entitled to a certain amount (for example, a salary or a government benefit payment) the reversal may be an unauthorized EFT, depending on the facts and circumstances.◂

Section 205.3—Coverage

3(b) Electronic Fund Transfer

1. Fund transfers covered. * * *

▸v. A transfer from the consumer's account at POS where the merchant uses a consumer's check or draft as a source document to obtain the serial, account, and routing numbers.

vi. A payment made by a bill payer under a bill-payment service available to a consumer via computer or other electronic means, unless the terms of the bill-payment service explicitly state that payment will be solely by check, draft, or similar paper instrument.◂

3(c) Exclusions from Coverage

▸Paragraph 3(c)(1)—Checks

1. Re-presented checks. Electronic re-presentment of a returned check is not covered by Regulation E because the transfer originated by check. Regulation E does apply, however, to any fee debited electronically from the consumer's account for re-presenting the check electronically.

2. Check used as a source document. See comment 3(b)-1(v) regarding coverage of certain EFTs at POS where a consumer provides a check as a source document.◂

Paragraph 3(c)(6)—Telephone-Initiated Transfers

1. Written plan or agreement. A transfer that the consumer initiates by telephone is covered ▸by Regulation E◂[only] if the transfer is made under a written plan or agreement between the consumer and the financial institution making the transfer. ▸A written statement available to the public or to account holders that describes a service allowing a consumer to initiate transfers by telephone constitutes a plan—for example, a brochure, or material included with periodic statements. However, t◂ [T]he following do not, by themselves, constitute a written plan or agreement:

i. A hold-harmless agreement on a signature card that protects the institution if the consumer requests a transfer.

ii. A legend on a signature card, periodic statement, or passbook that limits the number of telephone-initiated transfers the consumer can make from a savings account because of reserve requirements under Regulation D (12 CFR part 204).

iii. An agreement permitting the consumer to approve by telephone the rollover of funds at the maturity of an instrument.

2. Examples of covered transfers. * * *

▸v. The consumer initiates the transfer using a financial institution's audio response or voice response telephone system.◂

Section 205.6—Liability of Consumer for Unauthorized Transfers

6(b) Limitations on Amount of Liability

Paragraph 6(b)(1)—Timely Notice Given

▸3. Two-business-day rule. The two-business-day period runs from midnight of the first business day after the consumer learns of the loss or theft and ends at midnight two business days later. The financial institution's business hours or the hour the consumer learns of the loss or theft does not govern the two-business-day period. For example, a consumer learns of the loss or theft at 6 p.m. on Friday. Assuming that the following Saturday is a business day and Sunday is not, the two-business-day period expires at midnight on Monday.◂

Section 205.7—Initial Disclosures

7(a) Timing of Disclosures

2. [Lack of prenotification of direct deposit. In some instances, before direct deposit of government payments such as Social Security takes place, the consumer and the financial institution both will complete Form 1199A (or a comparable form providing notice to the institution) and the institution can make disclosures at that time. If an institution has not received advance notice that direct deposits are to be made to a consumer's account, the institution must provide the required disclosures as soon as reasonably possible after the first direct deposit is made, unless the institution has previously given disclosures.]▸Lack of advance notice of a transfer. Where a consumer authorizes a third party to debit or credit the consumer's account, an account-holding institution that has not received advance notice of a transfer or transfers must provide the required disclosures as soon as reasonably possible after the first debit or credit is made, unless the institution has previously given the disclosures.◂

Paragraph 7(b)(10)—Error Resolution

2. Exception from provisional crediting. To take advantage of the longer time periods for resolving errors under § 205.11(c)(3) (for ▸

new accounts,◂ transfers initiated outside the United States, or resulting from POS debit-card transactions), a financial institution must have disclosed these longer time periods. Similarly, an institution that relies on the exception from provisional crediting in § 205.11(c)(2) for accounts subject to Regulation T (12 CFR part 220) must disclose accordingly.

Section 205.8—Change-in-Terms Notice; Error Resolution Notice

8(b) Error Resolution Notice

▸2. Exception from provisional crediting. See comment 7(b)(10)-2.◂

Section 205.9—Receipts at Electronic Terminals; Periodic Statements

9(a) Receipts at Electronic Terminals

Paragraph 9(a)(5)—Terminal Location

1. [Location code]▸Options for identifying terminal. The institution may provide either:

(i) The city, state or foreign country, and the information in §§ 205.9(a)(5)(i), (ii), or (iii), or

(ii) A number or a code identifying the terminal. If the institution chooses the second option, the◂ [A] code or terminal number identifying the terminal where the transfer is initiated may be given as part of a transaction code.

▸3. Omission of a state. A state may be omitted from the location information on the receipt if:

i. All the terminals owned or operated by the financial institution providing the statement (or by the system in which it participates) are located in that state, or

ii. All transfers occur at terminals located within 50 miles of the financial institution's main office.

4. Omission of a city and state. A city and state may be omitted if all the terminals owned or operated by the financial institution providing the statement (or by the system in which it participates) are located in the same city.◂

9(b) Periodic Statements

4. ▸Statement◂[Customer] pickup. A financial institution may permit, but may not require, consumers to ▸pick up◂[call for] their periodic statements ▸at the financial institution◂.

9(c) Exceptions to the Periodic Statement Requirements for Certain Accounts

▸Paragraph 9(c)(1)—Preauthorized Transfers to Accounts◂

▸1. Accounts that may be accessed only by preauthorized transfers to the account. The exception for “accounts that may be accessed only by preauthorized transfers to the account” includes accounts that can be accessed by means other than EFTs, such as checks. If, however, an account may be accessed by any EFT other than preauthorized credits to the account, such as preauthorized debits or ATM transactions, the account does not qualify for the exception.

2. Reversal of direct deposits. For direct-deposit-only accounts, a financial institution must send a periodic statement at least quarterly. A reversal of a direct deposit to correct an error does not trigger the monthly statement requirement when the error represented a credit to the wrong consumer's account, a duplicate credit to a consumer's account, or a credit in the wrong amount to a consumer's account. (See comment 2(m)-5 for guidance on the reversal of direct deposits and the rules for unauthorized EFTs.)◂

Section 205.10—Preauthorized Transfers

10(b) Written Authorization for Preauthorized Transfers from Consumer's Account

5. Similarly authenticated. An example of a consumer's authorization that is not in the form of a signed writing but is instead “similarly authenticated” is a consumer's authorization via a home banking system[.]

▸or other electronic communication system. An authentication device or procedure satisfies the “similarly authenticated” requirement if it provides similar assurance to a written signature (such as a device or procedure that verifies the consumer's identity and evidences the consumer's assent to the authorization). Examples include, but are not limited to, digital signatures and security codes.◂ [To satisfy the requirements of this section, there must be some means to identify the consumer (such as a security code) and to make available a paper copy of the authorization (automatically or upon request).] The [text] ▸terms◂ of the electronic authorization would have to be displayed on a computer screen or other visual display which enables the consumer to read the communication. ▸The person that obtains the authorization must provide a copy of the terms of the authorization to the consumer.◂ Only the consumer may authorize the transfer and not, for example, a third-party merchant on behalf of the consumer.

▸7. Bona fide error. Consumers sometimes authorize, by telephone or on-line, third-party payees to submit recurring charges against a credit card account. If the consumer indicates use of a credit card when in fact a debit card is being used, the payee is not in violation of the requirement to obtain a written authorization if the failure to obtain written authorization was not intentional and resulted from a bona fide error, and the payee maintains procedures reasonably adapted to avoid any such error. If the payee is unable to determine whether a credit or debit card number is involved, at the time of the authorization, but later finds that the card used was a debit card, the payee must obtain a written and signed or (where appropriate) a similarly authenticated authorization as soon as reasonably possible, or cease debiting the consumer's account.◂

10(e) Compulsory Use

Paragraph 10(e)(2)-Employment or Government Benefit

1. Payroll. [A financial institution (as an employer)] ▸An employer (including a financial institution)◂ may not require its employees to receive their salary by direct deposit [to that same institution or] to any [other] particular institution. An employer may require direct deposit of salary by electronic means if employees are allowed to choose the institution that will receive the direct deposit. Alternatively, an employer may give employees the choice of having their salary deposited at a particular institution ▸(designated by the employer)◂ (, or receiving their salary by another means, such as by check or cash.

Section 205.11—Procedures for Resolving Errors

11(a) Definition of Error

2. Verifying ▸a payment or an◂ account deposit. If the consumer [merely] calls to ascertain ▸whether a payment (for example, in a home-banking or bill-payment program) was made electronically or ◂whether a deposit made via ATM, preauthorized transfer, or any other type of EFT was credited to the account, without asserting an error, the error resolution procedures do not apply.

Section 205.12—Relation to Other Laws

12(a) Relation to Truth in Lending

1. Determining applicable regulation. ▸i. ◂For transactions involving access devices that also constitute credit cards, whether Regulation E or Regulation Z (12 CFR part 226) applies, depends on the nature of the transaction. For example, if the transaction [is purely] ▸ solely involves ◂ an extension of credit, and does not include a debit to a

checking account (or other consumer asset account), the liability limitations and error resolution requirements of Regulation Z [(12 CFR part 226)] apply. If the transaction only

debits a checking account (with no credit extended), the provisions of Regulation E apply. [Finally, if] ▸ If ◂ the transaction

debits a checking account but also draws on an overdraft line of credit ▸ attached to the account ◂, [the Regulation E provisions

apply, as well as] §§ 226.13(d) and (g) of Regulation

Z[.] ▸ apply, as well as the Regulation E provisions, because there was an extension of credit associated with the overdraft feature on the checking account.

In such a transaction, the liability provisions under Regulation E apply. Finally, if a consumer's access device is also a credit card and the device is used to make unauthorized withdrawals from a checking account, but also is used to obtain unauthorized cash advances directly from a separate line of credit unattached to the checking account, the liability limitations under both Regulation E and Regulation Z apply. In such a transaction, the consumer is potentially liable under Regulation Z for the unauthorized use of the credit card and, in addition, up to $50, $500, or an unlimited amount (not to exceed the amount of the unauthorized transfer) under Regulation E for the unauthorized use of the debit card◂ [In such a transaction, the consumer might be liable for up to $50 under Regulation Z (12 CFR 226) and, in addition, for $50, $500, or an unlimited amount under Regulation E].

▸ ii. The following examples illustrate these principles:

A. A consumer has a card that can be used either as a credit card or a debit card. When used as a debit card, the card draws on the consumer's checking account. When used as a credit card, the card draws only on a separate line of credit. If the card is stolen and used as a credit card to make purchases or to get cash advances from ATMs, the liability limits and error resolution provisions of Regulation Z apply; Regulation E does not apply.

B. In the same situation, if the card is stolen and is instead used as a debit card to make purchases or to get cash withdrawals from ATMs, the liability limits and error resolution provisions of Regulation E apply; Regulation Z does not apply.

C. In the same situation, the card is stolen and used both as a debit card and as a credit card; for example, the thief makes some purchases using the card as a debit card, and other purchases using the card as a credit card. Here, the liability limits and error resolution provisions of Regulation E apply to the unauthorized transactions in which the card was used as a debit card, and the corresponding provisions of Regulation Z apply to the unauthorized transactions in which the card was used as a credit card.

D. Assume a somewhat different type of card, one that draws on the consumer's checking account and can also draw on an overdraft line of credit attached to the checking account. There is no separate line of credit, other than the overdraft line, associated with the card. In this situation, if the card is stolen and used, the liability limits and the error resolution provisions of Regulation E apply. In addition, if the use of the card has resulted in accessing the overdraft line of credit, the error resolution provisions of § 226.13(d) and (g) of Regulation Z also apply; however, the other error resolution provisions of Regulation Z do not apply. ◂