Regulation E does not define or address what constitutes “fraud”. Rather, it
limits consumer liability for “unauthorized electronic fund transfers”. If a fraudulent transaction meets that definition, you should follow Regulation E but, if it doesn’t, Regulation E does not apply. Regulation E defines an unauthorized electronic fund transfer as:
…an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit…
If your customer initiated a transaction (for example, they entered their account information and hit “send” or “pay now”), whether they were tricked or not, the transaction was authorized. On the other hand, if a scammer tricks a consumer into providing their account login, debit card number, etc., and the scammer subsequently initiates a transaction using that information, the transaction is unauthorized.
Jerod explains more in the video.
2025/02/25