Compliance Blog

Unauthorized or Not: A Look into Regulations E and Z

Next week, NAFCU kicks off its first ever virtual Regulatory Compliance School. In honor of School, let’s go back to basics and review what it means for a transaction to be unauthorized under Regulations E and Z. Understanding which transactions are or are not considered unauthorized is important because it informs a credit union whether it is required to investigate and resolve the issue as well as limit the member's liability for the transactions, potentially saving a credit union both time and resources.

Under Regulation E, an unauthorized electronic fund transfer (EFT) is defined as any EFT from an account initiated by someone without authority to initiate the transfer and from which the member receives no benefit. Unauthorized EFTs include transfers using an access device, such as a debit card, that was obtained by robbery or fraud and transfers a member was forced to initiate. It does not include transfers where the member acted fraudulently or when the member gave someone else permission to use her access device. Let’s take a look at some common scenarios to help illustrate which transfers are or are not covered:

  • Sally gives her debit card to her son, Jake, to buy groceries but Jake buys a new television instead. The television purchase is not necessarily an unauthorized transaction. When a third party is given authority to make transactions, the member is liable for all transactions, even those that exceed the scope of authority, unless she notifies the credit union that the third party no longer has the authority to make transactions.
  • Ken can never seem to remember his PIN so he writes it on his debit card. His card is stolen and used at an ATM. As long as Ken timely notifies the credit union of the unauthorized ATM transaction, it is considered an unauthorized EFT. A member’s negligence cannot be considered in determining whether the transfer is unauthorized or the amount of his liability.
  • John purchases a new desk online but is dissatisfied with it when it arrives. His purchase is not an unauthorized transfer because he initiated it. A similar analysis would apply if the desk were damaged or defective.
  • A fraudster calls Amy pretending to be her credit union and Amy provides the fraudster with her account information. The fraudster uses her information to initiate EFTs from her account. The EFTs are unauthorized because the information was obtained via fraud, even though Amy voluntarily provided her information to the fraudster.

Under Regulation Z, a billing error includes a transaction that is not made by a member or by someone with authority to use the credit. A billing error includes transactions where the goods or services involved are not accepted by the member or are not delivered as agreed but does not include disputes related to the quality of goods or services the member accepted. State law will govern when there is a question as to whether an individual has authority to use the credit or whether the member accepted goods or services. Let’s take a look at some common scenarios to help illustrate which transactions are or are not covered:

  • Bob accidentally leaves his credit card at the checkout counter. Jane finds it and uses it to buy a new home entertainment system. Jane’s transactions are unauthorized if she did not have authority to use Bob’s credit card.
  • Dana purchases a new dress online. When it arrives, she discovers that she does not like the fabric. As long as Dana accepted the property, it is not an unauthorized transaction because issues over quality are not covered.
  • Kyle buys eight chairs for his new dining room table; however, the company only delivers five. This situation is covered because the items were not delivered as agreed. A similar analysis would apply if the member refused delivery, the goods or services were different from what was ordered or the delivery was late.

As you can see, there are slight differences in the types of transactions that are considered unauthorized based on whether Regulation E or Regulation Z applies. Regulation E covers EFTs from an account while Regulation Z covers transactions on open-end credit, such as credit cards or lines of credit. For more on a credit union’s obligations when it receives notice of an unauthorized EFT or a billing error, check out this NAFCU Compliance Monitor article.

About the Author

Jennifer Aguilar, NCCO, NCBSO, APRP, Senior Regulatory Compliance Counsel, NAFCU

Jennifer Aguilar, NCCO, Regulatory Compliance CounselJennifer Aguilar, NCCO, NCBSO, APRP joined NAFCU as regulatory compliance counsel in February 2017 and was named Senior Regulatory Compliance Counsel in March 2019. In this role, Aguilar helps credit unions with a variety of compliance issues.

Read full bio