Legal Line - October 2022

Article DeMarion Johnston

Consumers of all ages love the convenience of sending and receiving money by using an app on their phone.  Paying a babysitter, contributing to a teacher gift, and funding a college student have never been easier.  In 2021, users of the popular Zelle app sent 1.8 billion payments totaling $490 billion.[1]  These peer-to-peer or “P2P” services have come under recent scrutiny from Congress and the Consumer Financial Protection Bureau (“CFPB”) for concerns about fraud.  This fall, Congress held hearings during which bankers were questioned about the prevalence of fraudulent transactions, and whether consumers are being reimbursed for unauthorized transactions.  In light of this spotlight[2] and the CFPB’s most recent FAQs on electronic funds transfers[3], I will discuss a few points to remember related to Regulation E and P2P payments.

P2Ps can be EFTs

The Electronic Fund Transfers Act (“EFTA”) and Regulation E (“Reg E”) provide protections to consumers by establishing the rights, liabilities, and responsibilities of financial institutions that offer electronic fund transfer (“EFT”) services.  EFTA and Reg E apply to EFTs that authorize a financial institution to debit or credit a consumer’s account.[4]  “Account” includes a checking, savings or other asset account held by a financial institution, either directly or indirectly, that is established primarily for personal, family or household purposes – including prepaid accounts.[5]  “EFT” is defined as any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account.[6]  Thus, P2P and mobile payment transactions that fall within the definition of an EFT are covered by EFTA and Reg E, regardless of whether the P2P or mobile payment is initiated from the consumer’s online banking account, debit card, prepaid account, or mobile app.[7]  Credit-push P2P payments that transfer funds out of a consumer’s deposit, prepaid, or mobile account, and debit card “pass-through” payments[8], are also EFTs.[9] 

Unauthorized EFTs

If a P2P payment is an EFT, financial institutions have responsibilities under EFTA and Reg E to investigate and resolve errors.  An error includes, among other things, an “unauthorized EFT”, which is an EFT from a consumer’s account initiated by a person other than the consumer who did not possess authority to make the transfer, and from which the consumer receives no benefit.[10]  EFTs initiated by a person who uses fraud or robbery to gain a consumer’s access device are considered unauthorized.  Situations where a consumer is tricked into giving their account access information to a third-party fraudster, and the fraudster uses that information to make an EFT from the consumer’s account, are also unauthorized EFTs under Reg E.  Additionally, an EFT from a consumer’s account that is initiated by a fraudster from a non-bank P2P payments provider is an unauthorized EFT, even when the consumer has no relationship with the non-bank P2P payment provider.[11] 

Investigation and Liability

A financial institution must promptly commence an investigation upon receiving a consumer’s verbal or written notice of an unauthorized EFT.  Be aware that a financial institution cannot require a consumer to file a police report, submit a notarized affidavit, or complete some other condition as a pre-requisite to such investigation.[12]  A consumer can be held liable for an unauthorized EFT or a series of related unauthorized EFTs under Reg E, depending upon the circumstances surrounding the transfer(s) and whether the consumer gave timely notice to the financial institution.  Notification within two business days after learning of the loss or theft of an access device will limit a consumer’s liability to the lesser of $50 or the amount of unauthorized transfers that occur before notice is provided to the financial institution.[13]  Untimely notice by a consumer can result in greater consumer liability.  Negligence by the consumer cannot be considered by the financial institution when determining liability for an unauthorized EFT, nor may it be used as a basis for imposing more liability than is permissible under Regulation E. 

The speed and convenience of P2P services enhances consumers’ lives and this fact alone will drive their continued growth.  Ensure your EFT procedures are updated to reflect P2P payments and compliance with Reg E.     


[1] www.zellepay.com

[2] A potentially unfair spotlight, as the rate of disputed transactions for Venmo and CashApp are many multiples higher than that of Zelle.  https://bankingjournal.aba.com/2022/09/bank-ceos-see-zelle-as-tool-to-fight-fraud/

[3] CFPB Electronic Funds Transfers FAQS Version 2, December 13, 2021.  Note that FAQs are not binding law.

[4] 12 C.F.R. 1005.3(a).

[5] 12 C.F.R. 1005.2(b)(1) and (3).

[6] 12 C.F.R. 1005.3(b)(1).

[7] CFPB Electronic Funds Transfers FAQS Version 2, December 13, 2021.

[8] “Pass-through” payments include a transfer of funds from a consumer’s account held by an external financial institution to another person’s account held by an external financial institution.

[9] 12 C.F.R. 1005.3(b)(1)(v).

[10] 12 C.F.R. 1005.2(m).

[11] 12 CFR 1005.2(m).

[12] CFPB Electronic Funds Transfers FAQS Version 2, December 13, 2021.

[13] 12 CFR 1005.6(b). 

For more information about this article or other legal banking issues, contact DeMarion Johnston, VBA General Counsel, at djohnston@vabankers.org. This article has been prepared for informational purposes only and is not legal advice.