Electronic bank transfers, ATM withdrawals and deposits, and mobile banking have been around for decades. More consumers rely on electronic fund transfers today than ever before. These transfers and payments have become less complicated and more convenient than physically going to a bank. With the increase in online banking, and to protect consumers who bank electronically, Congress enacted the Electronic Funds Transfer Act or EFTA.
In 2021, Business Insider estimated that 169.3 million people in the US (65% of the US population) use mobile banking and nearly 80% prefer mobile banking over in-person banking to review their accounts and transact business. According to the 2021 Ipsos-Forbes Advisor U.S. Weekly Consumer Confidence Survey, 76% of American adults used their bank’s mobile app in the past year and 97% of millennials regularly use mobile banking.
Not surprisingly, more electronic banking means more identity theft and fraud-related banking losses. A 2021 report by Aite Novarica showed identity theft cases cost US firms $712.4 billion in 2020, while the Federal Trade Commission tracked $3.3 billion of reported consumer losses.
Before the Electronic Funds Transfer Act (EFTA), commercial transactions were controlled by the Uniform Commercial Code or common law. However, these laws focused on banks’ rights and obligations and offered no guidance or protection for consumers. The EFTA finally protects consumers who use electronic bank transfer systems.
Do you understand your rights and obligations if your ATM or debit card is lost or stolen or what a bank must do when you report a stolen card or discover an unauthorized electronic fund transfer (EFT) in your account statement? The EFTA provides a framework that governs the rights, liabilities, and responsibilities of consumers and financial institutions, but the primary objective is to protect consumers.
In this article, we’ll take a deep dive into the key provisions of the Electronic Funds Transfer Act to see how it relates to your rights and responsibilities as well as what the bank or card issuer must do when unauthorized electronic transfers occur.
The EFTA limits consumer losses from unauthorized electronic fund transfers among other provisions. The Act allows certain financial remedies, including reimbursement of illegally transferred funds when account holders act quickly. Understanding what you must do and when can protect you from substantial financial loss.
First, the EFTA only applies to certain situations and certain entities. In general, the EFTA covers unauthorized transactions in consumer accounts held by banks, loan associations, and credit unions. Let’s review the specifics of when the EFTA applies:
Unauthorized EFTs from a consumer’s account have three elements:
There are three situations where an EFT is not considered “unauthorized”:
**IMPORTANT UPDATE** The EFTA distinguishes between intentionally providing access to someone, like a friend or family member, and access obtained by fraud or robbery. For example, an account holder who provides their PIN to someone falsely pretending to be a bank representative is protected by the EFTA. In one recent case, a bank argued the account holder authorized an EFT after an identity thief manipulated him into providing his bank information. The court disagreed and found the EFT was unauthorized because the account holder was defrauded. Read more about this case here.
The provisions of the EFTA only apply to accounts held by individuals, not businesses. The account must be primarily used for personal, family, or household purposes, not for business or commercial purposes.
The definition of “account” is broad and includes not only savings and checking accounts, but any account that holds personal assets.
The following transfers are not considered electronic fund transfers, so they are not covered by the Electronic Funds Transfer Act:
Before the EFTA was enacted, consumers often had little or no recourse when money was electronically transferred from their account without their authorization. Under the previous rules, banks were protected from liability if they followed a commercially reasonable security policy even where it was clear that the account holder was blameless and a victim of financial crime.
The EFTA created broad protections for victims, particularly where the consumer promptly notifies the bank of the theft. Under the EFTA, there are sharp limits on how much a consumer can lose when someone transfers money out of the consumer’s account electronically.
The EFTA established rules and regulations that control how much money a consumer can lose and what consumers and financial institutions must do to limit liability.
An access device is defined as a card, a code, or another means of accessing your account to initiate an EFT. Access devices include ATM cards, debit cards, and PINs but do not include paper checks or magnetic tape devices used internally by banks.
Also, your financial liability depends on how quickly you act.
Example 1: You reach for your wallet and realize your debit card is missing. You contact your bank within two business days. Before you can notify your bank, $5,000 is taken from your account by an unauthorized person. Your maximum loss is limited to $50.
Example 2: Your ATM card is stolen but you don’t realize it until you receive your next bank statement that shows withdrawals you didn’t make. If you notify your bank within two business days of the statement date, your maximum loss is limited to $50. If you wait more than two days but fewer than 60 calendar days from the statement date, you may lose up to $500 OR the total of $50 (or the actual amount taken during the first two days if less than $50) plus the amount taken from your account after the first two business days from your statement date until you finally notify your bank if this total is less than $500.
Example 3: A cyber thief hacks into your bank’s internal server and transfers your money into his offshore account. You don’t realize your loss until you receive your bank statement. Since the bank’s server is not an “accepted means of access” to your account, your potential liability under the EFTA falls into the last two categories. If you notify your bank within 60 days of your statement date, you have no liability. If you wait more than 60 days from your statement date, you could lose everything taken from your account starting 61 days from your statement date.
The EFTA specifically states if you are negligent in handling your access card, the bank cannot avoid its EFTA obligations. So, if you write your PIN on the back of your ATM card—which is a bad idea—the bank cannot claim your negligence changes the potential loss from the amounts explained above.
The notification timeframes in the chart above do not start until you know that your ATM or debit card was lost or stolen, or you realize an unauthorized EFT has occurred. Then you have two full business days to notify the bank and minimize your loss.
The two-day timeframe begins the day following your discovery of the loss and the second day ends at 11:59 pm, not at the close of business. Financial institutions are not required to receive messages 24 hours a day, however.
If you don’t discover the unauthorized ETF until your monthly statement arrives, the notification clock begins to run the day the account statement was sent, not when you receive it. So be sure to open your account statement immediately when you receive it, check the transactions thoroughly, and report any problems as soon as possible.
The Electronic Funds Transfer Act does not specify how to notify your bank or card issuer about lost or stolen cards or personal banking information. The statute says, “notice is sufficient . . . when such steps have been taken as may be reasonably required in the ordinary course of business to provide the financial institution with the pertinent information, whether or not any particular officer, employee, or agent of the financial institution does in fact receive such information.”
This means you may telephone, email, or even visit a local branch to notify the bank. You do not need to talk with any specific person or office to notify the bank under the EFTA. However, you must provide enough information to identify yourself, and the account involved. With suspicious EFTs, you should flag which transactions were unauthorized. The bank may require you to provide written notice within ten days.
To create a record of your timely dispute always put it in writing, keep copies of everything you send, and send your dispute by certified mail or some other trackable means so you have a record of when the bank received it. It’s a good idea to dispute unauthorized EFTs immediately over the phone, but you should also follow up promptly in writing.
If you dispute EFTs promptly as discussed above, you should not be liable for unauthorized transfers. If the bank contends that you are not telling the truth—and that you really did authorize the transactions in question—it is the bank’s burden to prove the EFT was authorized.
In addition, once you notify your bank or card issuer, it must take certain steps to resolve the unauthorized EFTs. The EFTA requires the financial institution to:
If the investigation is more complicated and will take longer than 10 days, the bank has up to 45 calendar days to investigate your claim. However, it must provisionally refund the amount taken from your account, including any related interest, within the first 10 days. The bank must tell you about the refund within two business days and give you full access to the credited amount during the investigation.
If the bank asked you to submit a written notice but you don’t respond within ten days, the bank does not have to refund your money while it investigates. If the investigation reveals no error or unauthorized EFT, the bank must send you written notice within three days explaining the findings and that you have the right to inspect the documents it used to reach this conclusion.
If your financial institution violates the EFTA, you can request payment of your related legal damages. These damages may include:
If you are the victim of an unauthorized electronic transfer, you must act quickly. Notify your bank or card issuer and follow up in writing within two business days if possible. However, even if you do everything required by the Electronic Funds Transfer Act, financial institutions don’t always follow the rules.
As you can see, the provisions of the EFTA are complicated, and this article, for all its detail, is still just a general overview—there are lots of EFTA rules and exceptions it doesn’t cover! When a bank violates the provisions of the EFTA you deserve a legal professional who understands the law and is devoted to helping consumers like you in these situations.
Trust an experienced consumer protection lawyer at Schlanger Law Group if you are dealing with stolen funds and a financial institution that ignores the Electronic Funds Transfer Act. Our compassionate attorneys will listen, advise, and act quickly on your behalf. Call (212) 500-6114 or click the button below to schedule a free case consultation today.
Schlanger Law Group LLP serves clients in New Jersey, New York, and throughout the United States with consumer protection, class action, credit reporting, and identity theft issues.
Reach out to Schlanger Law Group for a free consultation, and let’s discuss your case with no upfront fees.
