In the past decade, Americans have increasingly relied on electronic transfers to make daily life easier. It’s now common to pay bills, transfer money to friends, or even tip a delivery person using electronic fund transfers. Unfortunately, reports of stolen money have also increased when bank security measures fail, and resourceful cyber thieves steal what should be protected funds in bank accounts. 

Many people use smartphones every day to pay for things quickly. According to Rock Research, 42% of all smartphone users rely on mobile payment apps such as ApplePay, PayPal, or AmazonPay to pay for items like groceries, gasoline, and peer-to-peer debts. These apps electronically remove funds from the consumer’s account and transfer them directly to the creditor.  

Not surprisingly, while 70% of adults between the ages of 18 and 34 are comfortable with electronic payment, only 17% of adults over the age of 65 use these options.  

The Electronic Funds Transfer Act Protects Consumers Dealing with Stolen Money 

As incidents of identity theft and unauthorized money transfers increased, the US government realized consumers had little protection in the past when someone had stolen money from their bank account. The Electronic Funds Transfer Act (EFTA) went into effect in 1980 to help protect innocent consumers facing unauthorized transfers. 

The EFTA includes two particularly important consumer protections relating to identity theft: 

• Limitations on the amount of money consumers could potentially lose in unauthorized transfer situations, 
• Mechanisms and procedures for giving notice and disputing unauthorized electronic transfers, and 

In general, these provisions replace the Uniform Commercial Code or common law regimes that were less favorable to consumers, creating extensive protections against a wide variety of unauthorized electronic charges. 

Not every situation is covered by the EFTA. The following requirements must be met: 

• The consumer/account holder is an individual, not a business or corporation, 
• The electronic transactions involve debit card, ATM, ACH, or mobile app transfers but not checks or wire transfers, 
• The financial institution is a bank, credit union, or some other entity that holds accounts for consumers or provides electronic payment services. 

• The account in dispute is held for personal, household, or family purposes, not for a business,  
• An access device such as an ATM card, PIN, password, or other means to access the account was used, and 
• The unauthorized bank transfer must be one that the consumer did not initiate or allow someone else to do, and they did not benefit from the transaction. 

When a criminal gains access to your account, you could potentially lose the entire balance or sometimes more. As an account holder, the key to minimizing your loss is to notify your financial institution about the stolen money including all important details as soon as possible.  

The EFTA Defines Three Categories of Account Holder Liability in Stolen Money Cases

The main purpose of the EFTA is to protect consumers and reduce the amount of money they can potentially lose through unauthorized electronic transfers. Financial institutions are held to a higher standard than consumers because they can—and should—adopt security measures to protect their customers. 

In unauthorized transfer cases, financial institutions cannot act until they are aware of a disputed transaction. Under the EFTA, your potential loss depends on when you notify your bank.  

These three timeframes establish your potential exposure: 

Notice Given Within Two Business Days = $50 Maximum Loss 

If you find an unauthorized electronic transfer into or out of your account, you should contact the bank within two business days to dispute the transaction. Start with a phone call and follow up promptly in writing. This important step will limit your potential loss to $50 or the amount of the unauthorized transfer, whichever is less. 

Example: Cathy goes online to check her bank account balance and notices money stolen from a checking account a week ago. It’s 8:00 at night and her bank is closed so she contacts her bank the next morning to report the unauthorized withdrawal and dispute the transfer. Cathy’s potential loss is limited to $50. 

Notice Given After Two Business Days from “Realizing the Theft” but Within 60 Days from the Account Statement = $500 Maximum Loss 

Some people only check their accounts when they receive a statement from the bank. Account-holders are responsible for reviewing their statements when they are issued, and the statement date may be considered the date when the holder “could have realized the theft” even if the consumer doesn’t look at the statement immediately. 

If you first discover an unauthorized transfer on your account statement and notify the bank within two business days from the date the statement was issued, you fall into the two-day category above. If you wait longer than two business days from the statement date, but you notify the bank within 60 days of the statement date, your potential loss is limited to $500 or the amount taken from your account before your notification, whichever is less.  

Example: David’s bank sent his monthly account statement, but David didn’t have time to review it until a week later. David eventually realized that three weeks earlier a $5,000 electronic withdrawal came out of his account and went to an account he doesn’t recognize. David contacts the bank more than a week after the statement was issued but within 60 days. David’s potential loss is limited to $500.  

Notice Given More Than 60 Days from the Date of the Statement = Unlimited Liability (Maybe) 

An account holder must report an unauthorized transfer made with a lost or stolen debit card that appears on an account statement within 60 days of the issuance of that statement to limit liability for unauthorized transfers occurring after those 60 days. If you miss this 60-day window, the $500 dollar cap will apply to charges that occur within the 60-day window, but you can be liable without any dollar limit for all unauthorized transfers that happen after the 60 days have passed and until you provide notice to the bank.  

These post-60-day transfers pose a huge risk for consumers and underscore why regularly checking your account statements is so important:  If the unauthorized electronic transfer appears on your bank statement and you wait more than 60 days from the statement date and another transfer occurs, you may have no protection for subsequent withdrawals until you notify the bank about the first transfer.  

Sometimes extenuating circumstances can affect the timeframes established by the EFTA. For example, if you were hospitalized or traveling for an extended period, the 60-day window of opportunity might be extended. However, you should never count on qualifying under an exception to the rules. Always report any unusual account activity at your earliest opportunity to avoid losing more than you would have lost if you had acted quickly.  

EFTA Stolen Money Protection Rules Are Important and Complicated 

The legal definitions and timeframes that apply to unauthorized electronic transfers under the EFTA are complex. The key is to act quickly and notify your financial institution about any unusual activity as soon as possible. If you’re not sure about your legal rights, consider talking to an experienced EFTA lawyer. 

The dedicated team at Schlanger Law Group understands the EFTA, the steps the banks must take, and how to protect your rights. We stand up to powerful financial businesses and fight for our clients. EFTA litigation on behalf of victims of identity theft and other unauthorized charges is a central part of our practice.  Call (212) 500-6114 or complete this simple online form to schedule a free case consultation today.