How to Get a Fraudulent
Transaction Reversed When a Telemarketer Debits Your Bank Account
With an Unauthorized Pre-Authorized Debit or Electronic Fund Transfer
In the United States the NACHA (National Automated Clearing House
Association) develops and administers the operating rules for the
Automated Clearing House ("ACH") Network.
Your financial institution is required by ACH rules to have you
sign an affidavit when you notify them that an ACH debit posted to
your account is unauthorized and should be returned.
As of 03/02 the term affidavit will be replaced with "a written
statement under penalty of perjury." This is intended to clarify
that the ACH rules do not require that the document be notarized
but continues to provide strong wording to discourage fraudulent
unauthorized claims. Regardless, some financial institutions may
continue the practice of having it notarized.
The consumer's right to have complaints regarding unauthorized
transfers handled according to
Regulation E should not be conditioned on payment of a fee.
Real stop payments are placed on items the customer clearly authorized,
but changed his mind about. The consumer is expected to describe the
item adequately, whether it is an EFT or a check, and the stop payment
must be issued prior to the item's presentment.
By comparison, an unauthorized transfer has already been debited to the
account before the consumer is even aware of its terms or existence.
Calling the reversing entry a "stop payment" is at odds with
Consumer Payment Authorization and the Telemarketing Sales
With respect to consumer payment authorization, the Telemarketing
Sales Rule prohibits telemarketers from:
Obtaining or submitting for payment a check, draft, or other form
of negotiable paper drawn on a person's checking, savings, share,
or similar account, without that person's express verifiable authorization.
Such authorization shall be deemed verifiable if any of the following
means are employed:
(i) Express written authorization by the customer, which may
include the customer's signature on the negotiable instrument;
(ii) Express oral authorization which is tape recorded and made
available upon request to the customer's bank and which evidences
clearly both the customer's authorization of payment for the
goods and services that are the subject of the sales offer and
the customer's receipt of all of the following information:
The date of the draft(s);
The amount of the draft(s);
The payor's name;
The number of draft payments (if more than one);
A telephone number for customer inquiry that is answered during normal
business hours; and
The date of the customer's oral authorization; or
(iii) Written confirmation of the transaction, sent to the
customer prior to submission for payment of the customer's
check, draft, or other form of negotiable paper, that includes:
All of the information contained in §§ 310.3(a)(3)(ii)(A)-(F);
The procedures by which the customer can obtain a refund from the
seller or telemarketer in the event the confirmation is inaccurate.
This provision in the Rule was intended to ensure that so-called "demand
drafts," which resemble and are processed like paper checks,
but which are created by and entered into the payment system by
the telemarketer or its agent, were properly authorized by the
Comparable treatment of electronic debits to consumer accounts
through the ACH Network is already provided for through coverage
by Regulation E and the ACH Network Operating Rules.
The NACHA Operating Rule requires that:
The consumer has authorized the telemarketer to initiate the
entry to their account… In the case of debit entries to
a Consumer Account, the authorization must be in writing, signed
or similarly Authenticated by the consumer. ( use of a digital
signature or other code).
To meet the requirement that an authorization be in writing,
an electronic authorization must be able to be displayed on a
computer screen or other visual display that enables the consumer
to read the communication.
The authorization also must be readily identifiable as an authorization,
must clearly and conspicuously state its terms, and … must
provide that the consumer may revoke the authorization only by
notifying the telemarketer in the manner specified in the authorization.
NACHA’s consumer authorization requirement accomplishes
two significant goals: (1) consumers are protected against unauthorized
ACH debits to their accounts; and (2) telemarketers looking to
circumvent the FTC requirements by moving unwarranted payments
from traditional paper payment mechanisms over to the ACH Network
are prevented from doing so.
For more info on this and other bank related topics visit www.bankersonline.com
Electronic Fund Transfer Act
The Electronic Fund Transfer Act (EFTA or the act) (15 U.S.C.
1693 et seq.), provides a basic framework establishing the rights,
liabilities, and responsibilities of participants in electronic
fund transfer (EFT) systems. Types of transfers covered by the
act and regulation include transfers initiated through an automated
teller machine (ATM), point-of-sale (POS) terminal, automated clearinghouse
(ACH), telephone bill-payment plan, or remote banking program.
The act and regulation require disclosure of imitations on consumer
liability for unauthorized transfers; procedures for error resolution;
and certain rights related to preauthorized EFTs.
PART 205--ELECTRONIC FUND TRANSFERS (REGULATION E)
2(k) Preauthorized Electronic Fund Transfer
1. Advance authorization. A ``preauthorized electronic fund transfer"
under Regulation E is one authorized by the consumer in advance
of a transfer that will take place on a recurring basis, at substantially
regular intervals, and will require no further action by the consumer
to initiate the transfer. In a bill-payment system, for example,
if the consumer authorizes a financial institution to make monthly
payments to a payee by means of EFTs, and the payments take place
without further action by the consumer, the payments are preauthorized
EFTs. In contrast, if the consumer must take action each month
to initiate a payment (such as by entering instructions on a touch-tone
telephone or home computer), the payments are not preauthorized
2(m) Unauthorized Electronic Fund Transfer
5. Reversal of direct deposits. The reversal of a direct deposit
made in error is not an unauthorized EFT when it involves:
A credit made to the wrong consumer's account;
A duplicate credit made to a consumer's account; or
A credit in the wrong amount (for example, when the amount
credited to the consumer's account differs from the amount
in the transmittal instructions).
3(b) Electronic Fund Transfer
(NACHA Operating Rules currently provide greater consumer protections
in that they require written authorizations even for one- time
1. Fund transfers covered.
v. A transfer via ACH where a consumer has provided a check to
enable the merchant or other payee to capture the routing, account,
and serial numbers to initiate the transfer, whether the check
is blank, partially completed, or fully completed and signed; whether
the check is presented at POS or is mailed to a merchant or other
payee or lockbox and later converted to an EFT; or whether the
check is retained by the consumer, the merchant or other payee,
or the payee's financial institution.
vi. A payment made by a bill payer under a bill-payment service
available to a consumer via computer or other electronic means,
unless the terms of the bill-payment service explicitly state that
all payments, or all payments to a particular payee or payees,
will be solely by check, draft, or similar paper instrument drawn
on the consumer's account, and the payee or payees that will be
paid in this manner are identified to the consumer.
3. Authorization of one-time EFT initiated using MICR encoding
on a check. A consumer authorizes a one-time EFT (in providing
a check to a merchant or other payee for the MICR encoding), where
the consumer receives notice that the transaction will be processed
as an EFT and completes the transaction. Examples of notice include,
but are not limited to, signage at POS and written statements.
205.6 Liability of consumer for unauthorized transfers.
for liability. A consumer may be held liable, within
the limitations described in paragraph (b) of this
section, for an unauthorized electronic fund transfer
involving the consumer's account only if the financial
institution has provided the disclosures required by
Sec. 205.7(b)(1), (2), and (3). If the unauthorized
transfer involved an access device, it must be an accepted
access device and the financial institution must have
provided a means to identify the consumer to whom it
(b) Limitations on amount of liability. A
consumer's liability for an unauthorized electronic
fund transfer or a series of related unauthorized
transfers shall be determined as follows:
(1) Timely notice given. If
the consumer notifies the financial institution within two business days after
learning of the loss or theft of the access device, the consumer's liability
shall not exceed the lesser of $50 or the amount of unauthorized transfers that
occur before notice to the financial institution.
(2) Timely notice not given.
If the consumer fails to notify the financial institution within two business
days after learning of the loss or theft of the access device, the consumer's
liability shall not exceed the lesser of $500 or the sum of:
(i) $50 or the amount of unauthorized
transfers that occur within the two business days, whichever is less; and
(ii) The amount of unauthorized
transfers that occur after the close of two business days and before notice to
the institution, provided the institution establishes that these transfers would
not have occurred had the consumer notified the institution within that two-day
(3) Periodic statement; timely
notice not given. A consumer must report an unauthorized electronic fund transfer
that appears on a periodic statement within 60 days of the financial institution's
transmittal of the statement to avoid liability for subsequent transfers. If
the consumer fails to do so, the consumer's liability shall not exceed the amount
of the unauthorized transfers that occur after the close of the 60 days and before
notice to the institution, and that the institution establishes would not have
occurred had the consumer notified the institution within the 60-day period.
When an access device is involved in the unauthorized transfer, the consumer
may be liable for other amounts set forth in paragraphs (b)(1) or (b)(2) of this
section, as applicable.
(4) Extension of time limits.
If the consumer's delay in notifying the financial institution was due to extenuating
circumstances, the institution shall extend the times specified above to a reasonable
(5) Notice to financial institution.
(i) Notice to a financial institution is given when a consumer takes steps reasonably
necessary to provide the institution with the pertinent information, whether
or not a particular employee or agent of the institution actually receives the
(ii) The consumer may notify
the institution in person, by telephone, or in writing.
(iii) Written notice is considered
given at the time the consumer mails the notice or delivers it for transmission
to the institution by any other usual means. Notice may be considered constructively
given when the institution becomes aware of circumstances leading to the reasonable
belief that an unauthorized transfer to or from the consumer's account has been
or may be made.
(6) Liability under state law
or agreement. If state law or an agreement between the consumer and the financial
institution imposes less liability than is provided by this section, the consumer's
liability shall not exceed the amount imposed under the state law or agreement.
Paragraph 6(b)(1)--Timely Notice Given
Section 205.6 provides rules concerning a consumer's liability
for an unauthorized transfer. The limitation on the consumer's
liability depends, in part, on whether the unauthorized transfer
takes place within or after two business days of the consumer's
learning of the loss or theft of the access device.
3. Two-business-day rule. The two-business-day period does not
include the day the consumer learns of the loss or theft or any
day that is not a business day. The rule is calculated based on
two 24- hour periods, without regard to the financial institution's
business hours or the time of day that the consumer learns of the
loss or theft. For example, a consumer learns of the loss or theft
at 6 p.m. on Friday. Assuming that Saturday is a business day and
Sunday is not, the two-business-day period begins on Saturday and
expires at 11:59 p.m. on Monday, not at the end of the financial
institution's business day on Monday.
Paragraph 7(b)(10)--Error Resolution
2. Extended time-period for certain transactions. To take advantage
of the longer time periods for resolving errors under Sec. 205.11(c)(3)
(for new accounts as defined in Regulation CC (12 CFR part 229),
transfers initiated outside the United States, or transfers resulting
from POS debit-card transactions), a financial institution must
have disclosed these longer time periods. Similarly, an institution
that relies on the exception from provisional crediting in Sec.
205.11(c)(2) for accounts subject to Regulation T (12 CFR part
220) must have disclosed accordingly.
Section 205.10--Preauthorized Transfers
10(b) Written Authorization for Preauthorized Transfers From Consumer's
205.11 Procedures for resolving errors.
of error--(1) Types of transfers or inquiries covered. The
term error means:
(i) An unauthorized electronic
(ii) An incorrect electronic
fund transfer to or from the consumer's account;
(vi) An electronic fund transfer
not identified in accordance with Secs. 205.9 or 205.10(a); or
(vii) The consumer's request
for documentation required by Secs. 205.9 or 205.10(a) or for additional information
or clarification concerning an electronic fund transfer, including a request
the consumer makes to determine whether an error exists under paragraphs (a)(1)
(i) through (vi) of this section.
(b) Notice of error from consumer--(1) Timing; contents. A financial
institution shall comply with the requirements of this section with respect
to any oral or written notice of error from the consumer that:
(i) Is received by the institution
no later than 60 days after the institution sends the periodic statement or provides
the passbook documentation, required by Sec. 205.9, on which the alleged error
is first reflected;
(ii) Enables the institution
to identify the consumer's name and account number; and
(iii) Indicates why the consumer
believes an error exists and includes to the extent possible the type, date,
and amount of the error, except for requests described in paragraph (a)(1)(vii)
of this section.
(2) Written confirmation. A
financial institution may require the consumer to give written confirmation of
an error within 10 business days of an oral notice. An institution that requires
written confirmation shall inform the consumer of the requirement and provide
the address where confirmation must be sent when the consumer gives the oral
(3) Request for documentation
or clarifications. When a notice of error is based on documentation or clarification
that the consumer requested under paragraph (a)(1)(vii) of this section, the
consumer's notice of error is timely if received by the financial institution
no later than 60 days after the institution sends the information requested.
(c) Time limits and extent of investigation--(1) Ten-day period. A
financial institution shall investigate promptly and, except as otherwise
provided in this paragraph (c), shall determine whether an error occurred
within 10 business days of receiving a notice of error. The institution
shall report the results to the consumer within three business days after
completing its investigation. The institution shall correct the error
within one business day after determining that an error occurred.
(2) Forty-five day period. If
the financial institution is unable to complete its investigation within 10 business
days, the institution may take up to 45 days from receipt of a notice of error
to investigate and determine whether an error occurred, provided the institution
does the following:
(i) Provisionally credits the
consumer's account in the amount of the alleged error (including interest where
applicable) within 10 business days of receiving the error notice. If the financial
institution has a reasonable basis for believing that an unauthorized electronic
fund transfer has occurred and the institution has satisfied the requirements
of Sec. 205.6(a), the institution may withhold a maximum of $50 from the amount
credited. An institution need not provisionally credit the consumer's account
(A) The institution requires
but does not receive written confirmation within 10 business days of an oral
notice of error; or
(B) The alleged error involves
an account that is subject to Regulation T (Securities Credit by Brokers and
Dealers, 12 CFR part 220);
(ii) Informs the consumer, within
two business days after the provisional crediting, of the amount and date of
the provisional crediting and gives the consumer full use of the funds during
(iii) Corrects the error, if
any, within one business day after determining that an error occurred; and
(iv) Reports the results to
the consumer within three business days after completing its investigation (including,
if applicable, notice that a provisional credit has been made final).
(3) Extension of time periods.
The time periods in paragraphs (c)(1) and (c)(2) of this section are extended
(i) The applicable time is 20
business days in place of 10 business days under paragraphs (c)(1) and (c)(2)
of this section if the notice of error involves an electronic fund transfer to
or from the account within 30 days after the first deposit to the account was
(ii) The application time is
90 days in place of 45 days under paragraph (c)(2) of this section, for completing
an investigation, if a notice of error involves an electronic fund transfer that:
Was not initiated within a state;
Resulted from a point-of-sale debit card transaction; or
Occurred within 30 days after the first deposit to the account was made.
(4) Investigation. With
the exception of transfers covered by Sec. 205.14, a financial institution's
review of its own records regarding an alleged error satisfies the requirements
of this section if:
(i) The alleged error concerns
a transfer to or from a third party; and
(ii) There is no agreement between
the institution and the third party for the type of electronic fund transfer
(d) Procedures if financial institution determines no error or different
error occurred. In addition to following the procedures specified
in paragraph (c) of this section, the financial institution shall follow
the procedures set forth in this paragraph (d) if it determines that
no error occurred or that an error occurred in a manner or amount different
from that described by the consumer:
(1) Written explanation. The
institution's report of the results of its investigation shall include a written
explanation of the institution's findings and shall note the consumer's right
to request the documents that the institution relied on in making its determination.
Upon request, the institution shall promptly provide copies of the documents.
(2) Debiting provisional
credit. Upon debiting a provisionally credited amount, the financial institution
(i) Notify the consumer of the
date and amount of the debiting;
(ii) Notify the consumer that
the institution will honor checks, drafts, or similar instruments payable to
third parties and preauthorized transfers from the consumer's account (without
charge to the consumer as a result of an overdraft) for five business days after
the notification. The institution shall honor items as specified in the notice,
but need honor only items that it would have paid if the provisionally credited
funds had not been debited.
(e) Reassertion of error. A financial institution that has fully
complied with the error resolution requirements has no further responsibilities
under this section should the consumer later reassert the same error,
except in the case of an error asserted by the consumer following receipt
of information provided under paragraph (a)(1)(vii) of this section.
Section 205.12--Relation to Other Laws
List of Subjects in 12 CFR Part 205
Consumer protection, Electronic fund transfers, Federal Reserve
System, Reporting and record keeping requirements.
In Canada, if you do not succeed in obtaining
reimbursement from the biller, or if the debit is fraudulent,
you can ask your financial institution to reverse the transaction
and return the funds to your account.
Payments Association Act ( Rule H1 ) allows you to dispute
and reverse unauthorized and fraudulent pre-authorized debits
( PAD's ) from your consumer account within 90 days from
the date of the withdrawal. ( 10 days for business accounts
You will be asked to sign a declaration (.pdf)
stating why the PAD is being returned when you
Canadian Payments Association
50 O’Connor St, Suite 1212
Ottawa, ON K1P 6L2
Tel: (613) 238-4173
Fax: (613) 233-3385
Unauthorized Use of Your Debit Card
In Canada, debit cardholders are not
liable for losses resulting from circumstances beyond their control
a) technical problems, card issuer errors and other system malfunctions;
b) unauthorized use of your card and PIN when the bank is responsible for
preventing such use, for example after
||the card has been reported lost or stolen;
||the card is cancelled or expired; or
||you have reported that the PIN may be known to someone other than you; and
use, where you may have unintentionally contributed to such
use such as where the cardholder has been the victim of fraud,
theft, or has been coerced by trickery, force or intimidation,
provided that the cardholder reports the incident promptly
and co-operates fully in any subsequent investigation;
1. For the cardholder to be liable, a voluntary disclosure of
the PIN must contribute to the loss.
2. Cardholders are not considered to have disclosed the PIN “voluntarily” if the PIN is obtained by coercion, trickery, force or intimidation.
This includes situations where the customer’s PIN is observed
at point-of-sale terminals.
3. The fact that a cardholder uses the same PIN for more than
one card does not constitute contribution to unauthorized use.
4. Cardholders are considered to have disclosed the PIN voluntarily
if they use a PIN combination selected from the cardholder’s
name, telephone number, date of birth, address, or social insurance
5. A PIN is poorly disguised when:
it is written on the card; or
a record of the PIN is kept without making a reasonable attempt
to hide or disguise the code, and could be lost or stolen
simultaneously with the card. For example, if it is kept
in the same receptacle which itself can be lost or stolen
(e.g. a wallet, purse, briefcase or suitcase), or it is kept
in the same location so that the card and PIN record can
be easily associated.
6. The reasonableness of an attempt to disguise a PIN should be
assessed from the point of view of the reasonable cardholder, not
from the point of view of the thief or the card issuer’s
official who through experience have become familiar with many
types of disguises and their strengths and weaknesses.
7. A PIN is reasonably disguised if it is concealed within a record,
for example, by re-arranging the numerals, substituting other numerals
or symbols, or if it is made to appear as another type of number
by surrounding it with other numerals or symbols.
8. Notification of the issuer within a reasonable
time: a) The card issuer should be notified of lost,
stolen, or misused cards and/or disclosure of the PIN as
soon as the cardholder becomes aware of the loss or disclosure.