Are banks quietly refusing reimbursements to fraud victims?

Credit to Author: Evan Schuman| Date: Tue, 05 Jul 2022 03:00:00 -0700

There are some scary reports popping up that various major financial institutions no longer credit back all fraudulent transactions, even when victims file a police report. If true, it’s a disastrous move that will painfully hurt the institutions.

Let’s look a recent New York Times report on the problem:

“Under a 1978 federal rule called Regulation E, banks are required to make clients whole if their money is stolen from a consumer account through an electronic payment initiated by another person. Since Reg E was written well before payment apps existed, the Consumer Financial Protection Bureau last year issued guidelines saying that the law covered all person-to-person online payments. The bureau clarified that all unauthorized online money transfers — meaning any payment initiated by someone other than the customer and done without the customer’s permission — were the bank’s liability. But despite the updated guidance, banks in many cases are refusing to refund customers who claim — often with supporting documentation — that money was stolen from their accounts. The banks rarely provide clear explanations for their decisions, leaving victimized customers with little recourse.”

The story cited numerous examples of customers, including some who filed police reports, whose financial institution had denied their fraud filing. Some, but not all, of those businesses reversed that policy after a reporter called.

That’s wrong on so many levels and it sounds less like “we reviewed the decision and discovered an error” and more like, “Uh-oh. We just got caught.”

Let’s set aside that the law is clear and banks and other institutions can’t simply refuse to reimburse customers because they don’t want to. Instead, let’s explore why such a move is counter-productive and self-destructive. 

Some quick background: Many of the issues here are similar to the major credit card brands’ (MasterCard, Visa, AmericanExpress, Discover, etc.) Zero Liability policy. That rule was put in place decades ago. Its goal was not directly to protect consumers, but to boost e-commerce revenue by making those consumers comfortable using their credit and debit cards for transactions. But even after those consumer fears vanished, the program stuck.

That program simply said that if a card transaction is fraudulent, the relevant FI would reimburse it fully. It technically initially said everything after $50, but the industry ended up paying for all of the fraud. (Note: That program does a lot more to protect credit card purchases than debit card purchases, but that’s another story. In short, avoid ever using a debit card online.) 

Back to the current situation. The banks that won’t pay all fraud transactions are handing rivals in the industry a massive gift. Those competitors can proudly say “Unlike Capital One, Bank of America, Wells Fargo and Chase (the banks identified in the Times piece), we protect all of our customers. If you are ripped off, we will reimburse that charge. And if you send us a copy of a police report you filed, we’ll even waive an investigation, other than confirming the police report was filed.”

It gets worse. What do you think happens if even more institutions stop covering fraud losses? The losses will move from them to their customers. Given that most professional thieves fear big banks a lot more than they do individual victims, fraud will accelerate even more than it already has.

Then there are the lawsuits. For the most part, consumers who got ripped off by thieves had little legal action they could take against their bank, whose lack of cybersecurity protections often enabled the fraud. Other than a ruling that they could, maybe, get reimbursed for the time spent cleaning up the mess, few companies suffered sufficient out-of-pocket losses to make a trip to civil court worthwhile or even likely to succeed.

If this bad behavior continues, that all changes. With five-figure losses (or more), consumers are more likely to sue. And given the size of these banks, those lawsuit will quickly morph into class-action litigation — and they’ll have an excellent chance of winning.

The fraud described here is mostly P2P digital transactions, such as Zelle, Venmo, Cash App and PayPal. That should make no difference. From the customer’s perspective, it’s all payments. They expect to be protected.

http://www.computerworld.com/category/security/index.rss