(a) Conditions for liability. A consumer may be held liable, within
the limitations described in paragraph (b) of this section, for an
unauthorized electronic fund transfer involving the consumer’s account
only if the financial institution has provided the disclosures required by
section 1005.7(b)(1), (2), and (3). If the unauthorized transfer involved
an access device, it must be an accepted access device and the financial
institution must have provided a means to identify the consumer to
whom it was issued.
6-5312
(b) Limitations
on amount of liability. A consumer’s liability for an unauthorized
electronic fund transfer or a series of related unauthorized transfers
shall be determined as follows:
(1) Timely notice
given. If the consumer notifies the financial institution within
two business days after learning of the loss or theft of the access
device, the consumer’s liability shall not exceed the lesser of $50
or the amount of unauthorized transfers that occur before notice to
the financial institution.
(2) Timely notice not given. If the
consumer fails to notify the financial institution within two business
days after learning of the loss or theft of the access device, the
consumer’s liability shall not exceed the lesser of $500 or the sum
of:
(i) $50 or the amount of unauthorized
transfers that occur within the two business days, whichever is less;
and
(ii) The amount
of unauthorized transfers that occur after the close of two business
days and before notice to the institution, provided the institution
establishes that these transfers would not have occurred had the consumer
notified the institution within that two-day period.
6-5313
(3) Periodic statement; timely notice not given. A consumer must
report an unauthorized electronic fund transfer that appears on a
periodic statement within 60 days of the financial institution’s transmittal
of the statement to avoid liability for subsequent transfers. If the
consumer fails to do so, the consumer’s liability shall not exceed
the amount of the unauthorized transfers that occur after the close
of the 60 days and before notice to the institution, and that the
institution establishes would not have occurred had the consumer notified
the institution within the 60-day period. When an access device is
involved in the unauthorized transfer, the consumer may be liable
for other amounts set forth in paragraphs (b)(1) or (b)(2) of this
section, as applicable.
(4) Extension of time limits. If the
consumer’s delay in notifying the financial institution was due to
extenuating circumstances, the institution shall extend the times
specified above to a reasonable period.
(5) Notice to
financial institution.
(i) Notice to a financial institution
is given when a consumer takes steps reasonably necessary to provide
the institution with the pertinent information, whether or not a particular
employee or agent of the institution actually receives the information.
(ii) The consumer may
notify the institution in person, by telephone, or in writing.
(iii) Written notice
is considered given at the time the consumer mails the notice or delivers
it for transmission to the institution by any other usual means. Notice
may be considered constructively given when the institution becomes
aware of circumstances leading to the reasonable belief that an unauthorized
transfer to or from the consumer’s account has been or may be made.
(6) Liability under state law or agreement. If state law or an agreement between the consumer and the financial
institution imposes less liability than is provided by this section,
the consumer’s liability shall not exceed the amount imposed under
the state law or agreement.
