Imagine you get a letter from your mortgage servicer indicating that your most recent payment did not go through and that you are late on your mortgage. You are dumbfounded. You had enough money in your account, and it was set up to make timely payments using the servicer’s auto-pay function. Maybe there was a technical error between the servicer and your bank? You immediately log on to your online bank account, only to see that your checking account is nearly empty. The most recent transactions are a series of debits from the week before, each marked with an “ACH” notation and a bunch of numbers. You look up the meaning of “ACH,” see that it means “Automated Clearing House,” and are left even more confused. You then call your bank and eventually – after speaking with six different people across three different time zones – someone tells you that the bank will investigate the matter. A week later, you receive a letter in the mail explaining that a third-party fraudster hacked your account, the bank is deeming you responsible, and there is nothing they can do to recover your money.
This type of fraud involves an electronic fund transfer, or EFT, and is the second part in a three-part series published by Kelly Guzzo on online bank fraud (part one covered what to do generally if you fall victim to online bank fraud).
EFTs are governed by the Electronic Fund Transfer Act (EFTA), a federal law also known as Regulation E. That law generally defines “electronic fund transfer” as a transfer of funds through a computer or electronic terminal that authorizes a bank to debit or credit an account. Thus, if a fraudster transfers money from your account using a computer, a cell phone, or some other electronic device – think Venmo, Zelle, PayPal, or ACH transactions – it probably qualifies as an EFT and is governed by the EFTA. There are exceptions, though, including most wire transfers (even if performed online (wire transfers will be covered in part three)).
Additionally, the EFTA governs only consumer accounts, meaning that it protects only accounts established for personal, family, or household purposes. If your business account is hacked, you probably do not have recourse under the EFTA, but you may have remedies under state law.
If the EFTA applies, banks may not hold you liable for unauthorized EFTs. Whether an EFT is “unauthorized” typically depends on whether the person who performed the EFT had actual authority to do so and whether the customer received a benefit from the EFT. If the answer to either of those questions is “yes,” then the EFT is probably authorized under the statute. If not, then EFTA protections should apply.
Banks also often argue that the customer is at fault if the fraudster obtained the customer’s log-in information or access device (e.g., debit card) from the customer. But courts have held that, if a fraudster’s access to a bank account was procured through fraud, then subsequent transactions still fall within the EFTA’s scope.
The EFTA also provides error resolution procedures that banks must follow when responding to a customer’s dispute. If a customer provides notice of an unauthorized EFT to the bank within 60 days from the date of the statement on which the error (i.e., the unauthorized EFT) first appeared, the bank must investigate the matter. This is the case whether the notice is given verbally or in writing, but banks can request and require written notice, so the best practice is to provide it in writing. In most circumstances, the bank then has ten days to investigate, but that period may be extended up to 45 days (and in some circumstances more) if the bank requires more time and if the bank credits the customer’s account with a provisional credit in the interim. Whether the bank eventually finds in the customer’s favor or not, it must notify the customer of its investigation results, and if an error is found, it must correct the error within one day of that determination.
A bank’s failure to comply with any provision of the EFTA may entitle a consumer to actual damages, statutory damages, and costs of attorneys’ fees. At Kelly Guzzo, PLC, we are committed to assisting victims of online bank fraud. Please do not hesitate to contact our office to receive a free consultation on a potential EFTA claim.