Crimes of Persuasion

Schemes, scams, frauds.

How to Get a Fraudulent Transaction Reversed When a Telemarketer Debits Your Bank Account With an Unauthorized Pre-Authorized Debit or Electronic Fund Transfer

In the United States the NACHA (National Automated Clearing House Association) develops and administers the operating rules for the Automated Clearing House ("ACH") Network.

Your financial institution is required by ACH rules to have you sign an affidavit when you notify them that an ACH debit posted to your account is unauthorized and should be returned.

As of 03/02 the term affidavit will be replaced with "a written statement under penalty of perjury." This is intended to clarify that the ACH rules do not require that the document be notarized but continues to provide strong wording to discourage fraudulent unauthorized claims. Regardless, some financial institutions may continue the practice of having it notarized.

The consumer's right to have complaints regarding unauthorized transfers handled according to Regulation E should not be conditioned on payment of a fee.

Real stop payments are placed on items the customer clearly authorized, but changed his mind about. The consumer is expected to describe the item adequately, whether it is an EFT or a check, and the stop payment must be issued prior to the item's presentment.

By comparison, an unauthorized transfer has already been debited to the account before the consumer is even aware of its terms or existence. Calling the reversing entry a "stop payment" is at odds with the facts.

Consumer Payment Authorization and the Telemarketing Sales Rule

With respect to consumer payment authorization, the Telemarketing Sales Rule prohibits telemarketers from:

Obtaining or submitting for payment a check, draft, or other form of negotiable paper drawn on a person's checking, savings, share, or similar account, without that person's express verifiable authorization. Such authorization shall be deemed verifiable if any of the following means are employed:

(i) Express written authorization by the customer, which may include the customer's signature on the negotiable instrument; or

(ii) Express oral authorization which is tape recorded and made available upon request to the customer's bank and which evidences clearly both the customer's authorization of payment for the goods and services that are the subject of the sales offer and the customer's receipt of all of the following information:

The date of the draft(s);
The amount of the draft(s);
The payor's name;
The number of draft payments (if more than one);
A telephone number for customer inquiry that is answered during normal business hours; and
The date of the customer's oral authorization; or

(iii) Written confirmation of the transaction, sent to the customer prior to submission for payment of the customer's check, draft, or other form of negotiable paper, that includes:

All of the information contained in §§ 310.3(a)(3)(ii)(A)-(F); and
The procedures by which the customer can obtain a refund from the seller or telemarketer in the event the confirmation is inaccurate.

This provision in the Rule was intended to ensure that so-called "demand drafts," which resemble and are processed like paper checks, but which are created by and entered into the payment system by the telemarketer or its agent, were properly authorized by the consumer.

Comparable treatment of electronic debits to consumer accounts through the ACH Network is already provided for through coverage by Regulation E and the ACH Network Operating Rules.

The NACHA Operating Rule requires that:

The consumer has authorized the telemarketer to initiate the entry to their account… In the case of debit entries to a Consumer Account, the authorization must be in writing, signed or similarly Authenticated by the consumer. ( use of a digital signature or other code).

To meet the requirement that an authorization be in writing, an electronic authorization must be able to be displayed on a computer screen or other visual display that enables the consumer to read the communication.

The authorization also must be readily identifiable as an authorization, must clearly and conspicuously state its terms, and … must provide that the consumer may revoke the authorization only by notifying the telemarketer in the manner specified in the authorization.

NACHA’s consumer authorization requirement accomplishes two significant goals: (1) consumers are protected against unauthorized ACH debits to their accounts; and (2) telemarketers looking to circumvent the FTC requirements by moving unwarranted payments from traditional paper payment mechanisms over to the ACH Network are prevented from doing so.

For more info on this and other bank related topics visit

Electronic Fund Transfer Act

I. Background

The Electronic Fund Transfer Act (EFTA or the act) (15 U.S.C. 1693 et seq.), provides a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund transfer (EFT) systems.

Types of transfers covered by the act and regulation include transfers initiated through an automated teller machine (ATM), point-of-sale (POS) terminal, automated clearinghouse (ACH), telephone bill-payment plan, or remote banking program. The act and regulation require disclosure of imitations on consumer liability for unauthorized transfers; procedures for error resolution; and certain rights related to preauthorized EFTs.


2(k) Preauthorized Electronic Fund Transfer

1. Advance authorization. A ``preauthorized electronic fund transfer" under Regulation E is one authorized by the consumer in advance of a transfer that will take place on a recurring basis, at substantially regular intervals, and will require no further action by the consumer to initiate the transfer.

In a bill-payment system, for example, if the consumer authorizes a financial institution to make monthly payments to a payee by means of EFTs, and the payments take place without further action by the consumer, the payments are preauthorized EFTs. In contrast, if the consumer must take action each month to initiate a payment (such as by entering instructions on a touch-tone telephone or home computer), the payments are not preauthorized EFTs.

2(m) Unauthorized Electronic Fund Transfer

5. Reversal of direct deposits. The reversal of a direct deposit made in error is not an unauthorized EFT when it involves:

i. A credit made to the wrong consumer's account;
ii. A duplicate credit made to a consumer's account; or
iii. A credit in the wrong amount (for example, when the amount credited to the consumer's account differs from the amount in the transmittal instructions).

Section 205.3--Coverage

3(b) Electronic Fund Transfer

(NACHA Operating Rules currently provide greater consumer protections in that they require written authorizations even for one- time conversion transactions.)

1. Fund transfers covered.

v. A transfer via ACH where a consumer has provided a check to enable the merchant or other payee to capture the routing, account, and serial numbers to initiate the transfer, whether the check is blank, partially completed, or fully completed and signed; whether the check is presented at POS or is mailed to a merchant or other payee or lockbox and later converted to an EFT; or whether the check is retained by the consumer, the merchant or other payee, or the payee's financial institution.

vi. A payment made by a bill payer under a bill-payment service available to a consumer via computer or other electronic means, unless the terms of the bill-payment service explicitly state that all payments, or all payments to a particular payee or payees, will be solely by check, draft, or similar paper instrument drawn on the consumer's account, and the payee or payees that will be paid in this manner are identified to the consumer.

3. Authorization of one-time EFT initiated using MICR encoding on a check. A consumer authorizes a one-time EFT (in providing a check to a merchant or other payee for the MICR encoding), where the consumer receives notice that the transaction will be processed as an EFT and completes the transaction. Examples of notice include, but are not limited to, signage at POS and written statements.

Sec. 205.6 Liability of consumer for unauthorized transfers.

(a) Conditions for liability. A consumer may be held liable, within the limitations described in paragraph (b) of this section, for an unauthorized electronic fund transfer involving the consumer's account only if the financial institution has provided the disclosures required by Sec. 205.7(b)(1), (2), and (3). If the unauthorized transfer involved an access device, it must be an accepted access device and the financial institution must have provided a means to identify the consumer to whom it was issued.

(b) Limitations on amount of liability. A consumer's liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

(1) Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer's liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

(2) Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer's liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less; and
(ii) The amount of unauthorized transfers that occur after the close of two business days and before notice to the institution, provided the institution establishes that these transfers would not have occurred had the consumer notified the institution within that two-day period.

(3) Periodic statement; timely notice not given. A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution's transmittal of the statement to avoid liability for subsequent transfers. If the consumer fails to do so, the consumer's liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period. When an access device is involved in the unauthorized transfer, the consumer may be liable for other amounts set forth in paragraphs (b)(1) or (b)(2) of this section, as applicable.

(4) Extension of time limits. If the consumer's delay in notifying the financial institution was due to extenuating circumstances, the institution shall extend the times specified above to a reasonable period.

(5) Notice to financial institution. (i) Notice to a financial institution is given when a consumer takes steps reasonably necessary to provide the institution with the pertinent information, whether or not a particular employee or agent of the institution actually receives the information.
(ii) The consumer may notify the institution in person, by telephone, or in writing.
(iii) Written notice is considered given at the time the consumer mails the notice or delivers it for transmission to the institution by any other usual means. Notice may be considered constructively given when the institution becomes aware of circumstances leading to the reasonable belief that an unauthorized transfer to or from the consumer's account has been or may be made.

(6) Liability under state law or agreement. If state law or an agreement between the consumer and the financial institution imposes less liability than is provided by this section, the consumer's liability shall not exceed the amount imposed under the state law or agreement.

Paragraph 6(b)(1)--Timely Notice Given

Section 205.6 provides rules concerning a consumer's liability for an unauthorized transfer. The limitation on the consumer's liability depends, in part, on whether the unauthorized transfer takes place within or after two business days of the consumer's learning of the loss or theft of the access device.

3. Two-business-day rule. The two-business-day period does not include the day the consumer learns of the loss or theft or any day that is not a business day. The rule is calculated based on two 24- hour periods, without regard to the financial institution's business hours or the time of day that the consumer learns of the loss or theft. For example, a consumer learns of the loss or theft at 6 p.m. on Friday. Assuming that Saturday is a business day and Sunday is not, the two-business-day period begins on Saturday and expires at 11:59 p.m. on Monday, not at the end of the financial institution's business day on Monday.

Paragraph 7(b)(10)--Error Resolution

2. Extended time-period for certain transactions. To take advantage of the longer time periods for resolving errors under Sec. 205.11(c)(3) (for new accounts as defined in Regulation CC (12 CFR part 229), transfers initiated outside the United States, or transfers resulting from POS debit-card transactions), a financial institution must have disclosed these longer time periods. Similarly, an institution that relies on the exception from provisional crediting in Sec. 205.11(c)(2) for accounts subject to Regulation T (12 CFR part 220) must have disclosed accordingly.

Section 205.10--Preauthorized Transfers

10(b) Written Authorization for Preauthorized Transfers From Consumer's Account

Sec. 205.11 Procedures for resolving errors.

(a) Definition of error--(1) Types of transfers or inquiries covered. The term error means:

(i) An unauthorized electronic fund transfer;
(ii) An incorrect electronic fund transfer to or from the consumer's account;
(vi) An electronic fund transfer not identified in accordance with Secs. 205.9 or 205.10(a); or
(vii) The consumer's request for documentation required by Secs. 205.9 or 205.10(a) or for additional information or clarification concerning an electronic fund transfer, including a request the consumer makes to determine whether an error exists under paragraphs (a)(1) (i) through (vi) of this section.

(b) Notice of error from consumer--(1) Timing; contents. A financial institution shall comply with the requirements of this section with respect to any oral or written notice of error from the consumer that:

(i) Is received by the institution no later than 60 days after the institution sends the periodic statement or provides the passbook documentation, required by Sec. 205.9, on which the alleged error is first reflected;
(ii) Enables the institution to identify the consumer's name and account number; and
(iii) Indicates why the consumer believes an error exists and includes to the extent possible the type, date, and amount of the error, except for requests described in paragraph (a)(1)(vii) of this section.

(2) Written confirmation. A financial institution may require the consumer to give written confirmation of an error within 10 business days of an oral notice. An institution that requires written confirmation shall inform the consumer of the requirement and provide the address where confirmation must be sent when the consumer gives the oral notification.

(3) Request for documentation or clarifications. When a notice of error is based on documentation or clarification that the consumer requested under paragraph (a)(1)(vii) of this section, the consumer's notice of error is timely if received by the financial institution no later than 60 days after the institution sends the information requested.

(c) Time limits and extent of investigation--(1) Ten-day period. A financial institution shall investigate promptly and, except as otherwise provided in this paragraph (c), shall determine whether an error occurred within 10 business days of receiving a notice of error. The institution shall report the results to the consumer within three business days after completing its investigation. The institution shall correct the error within one business day after determining that an error occurred.

(2) Forty-five day period. If the financial institution is unable to complete its investigation within 10 business days, the institution may take up to 45 days from receipt of a notice of error to investigate and determine whether an error occurred, provided the institution does the following:
(i) Provisionally credits the consumer's account in the amount of the alleged error (including interest where applicable) within 10 business days of receiving the error notice. If the financial institution has a reasonable basis for believing that an unauthorized electronic fund transfer has occurred and the institution has satisfied the requirements of Sec. 205.6(a), the institution may withhold a maximum of $50 from the amount credited. An institution need not provisionally credit the consumer's account if:

(A) The institution requires but does not receive written confirmation within 10 business days of an oral notice of error; or
(B) The alleged error involves an account that is subject to Regulation T (Securities Credit by Brokers and Dealers, 12 CFR part 220);
(ii) Informs the consumer, within two business days after the provisional crediting, of the amount and date of the provisional crediting and gives the consumer full use of the funds during the investigation;
(iii) Corrects the error, if any, within one business day after determining that an error occurred; and
(iv) Reports the results to the consumer within three business days after completing its investigation (including, if applicable, notice that a provisional credit has been made final).

(3) Extension of time periods. The time periods in paragraphs (c)(1) and (c)(2) of this section are extended as follows:
(i) The applicable time is 20 business days in place of 10 business days under paragraphs (c)(1) and (c)(2) of this section if the notice of error involves an electronic fund transfer to or from the account within 30 days after the first deposit to the account was made.
(ii) The application time is 90 days in place of 45 days under paragraph (c)(2) of this section, for completing an investigation, if a notice of error involves an electronic fund transfer that:

(A) Was not initiated within a state;
(B) Resulted from a point-of-sale debit card transaction; or
(C) Occurred within 30 days after the first deposit to the account was made.

(4) Investigation. With the exception of transfers covered by Sec. 205.14, a financial institution's review of its own records regarding an alleged error satisfies the requirements of this section if:
(i) The alleged error concerns a transfer to or from a third party; and
(ii) There is no agreement between the institution and the third party for the type of electronic fund transfer involved.

(d) Procedures if financial institution determines no error or different error occurred. In addition to following the procedures specified in paragraph (c) of this section, the financial institution shall follow the procedures set forth in this paragraph (d) if it determines that no error occurred or that an error occurred in a manner or amount different from that described by the consumer:

(1) Written explanation. The institution's report of the results of its investigation shall include a written explanation of the institution's findings and shall note the consumer's right to request the documents that the institution relied on in making its determination. Upon request, the institution shall promptly provide copies of the documents.

(2) Debiting provisional credit. Upon debiting a provisionally credited amount, the financial institution shall:

(i) Notify the consumer of the date and amount of the debiting;
(ii) Notify the consumer that the institution will honor checks, drafts, or similar instruments payable to third parties and preauthorized transfers from the consumer's account (without charge to the consumer as a result of an overdraft) for five business days after the notification. The institution shall honor items as specified in the notice, but need honor only items that it would have paid if the provisionally credited funds had not been debited.

(e) Reassertion of error. A financial institution that has fully complied with the error resolution requirements has no further responsibilities under this section should the consumer later reassert the same error, except in the case of an error asserted by the consumer following receipt of information provided under paragraph (a)(1)(vii) of this section.

Section 205.12--Relation to Other Laws

List of Subjects in 12 CFR Part 205

Consumer protection, Electronic fund transfers, Federal Reserve System, Reporting and record keeping requirements.

In Canada, if you do not succeed in obtaining reimbursement from the biller, or if the debit is fraudulent, you can ask your financial institution to reverse the transaction and return the funds to your account.

The Canadian Payments Association Act ( Rule H1 ) allows you to dispute and reverse unauthorized and fraudulent pre-authorized debits ( PAD's ) from your consumer account within 90 days from the date of the withdrawal. ( 10 days for business accounts )

You will be asked to sign a declaration (.pdf) stating why the PAD is being returned when you

Canadian Payments Association
50 O’Connor St, Suite 1212
Ottawa, ON K1P 6L2
Tel: (613) 238-4173
Fax: (613) 233-3385

Unauthorized Use of Your Debit Card

In Canada, debit cardholders are not liable for losses resulting from circumstances beyond their control such as:

a) technical problems, card issuer errors and other system malfunctions;
b) unauthorized use of your card and PIN when the bank is responsible for preventing such use, for example after

blue bullet point the card has been reported lost or stolen;
blue bullet point the card is cancelled or expired; or
blue bullet point you have reported that the PIN may be known to someone other than you; and
blue bullet point unauthorized use, where you may have unintentionally contributed to such use such as where the cardholder has been the victim of fraud, theft, or has been coerced by trickery, force or intimidation, provided that the cardholder reports the incident promptly and co-operates fully in any subsequent investigation;

1. For the cardholder to be liable, a voluntary disclosure of the PIN must contribute to the loss.

2. Cardholders are not considered to have disclosed the PIN “voluntarily” if the PIN is obtained by coercion, trickery, force or intimidation. This includes situations where the customer’s PIN is observed at point-of-sale terminals.

3. The fact that a cardholder uses the same PIN for more than one card does not constitute contribution to unauthorized use.

4. Cardholders are considered to have disclosed the PIN voluntarily if they use a PIN combination selected from the cardholder’s name, telephone number, date of birth, address, or social insurance number.

5. A PIN is poorly disguised when:

a) it is written on the card; or
b) a record of the PIN is kept without making a reasonable attempt to hide or disguise the code, and could be lost or stolen simultaneously with the card. For example, if it is kept in the same receptacle which itself can be lost or stolen (e.g. a wallet, purse, briefcase or suitcase), or it is kept in the same location so that the card and PIN record can be easily associated.

6. The reasonableness of an attempt to disguise a PIN should be assessed from the point of view of the reasonable cardholder, not from the point of view of the thief or the card issuer’s official who through experience have become familiar with many types of disguises and their strengths and weaknesses.

7. A PIN is reasonably disguised if it is concealed within a record, for example, by re-arranging the numerals, substituting other numerals or symbols, or if it is made to appear as another type of number by surrounding it with other numerals or symbols.

8. Notification of the issuer within a reasonable time: a) The card issuer should be notified of lost, stolen, or misused cards and/or disclosure of the PIN as soon as the cardholder becomes aware of the loss or disclosure.

Up ACH Affidavit