For unauthorized EFTs. A consumer’s liability for an unauthorized transfer usually cannot exceed the lesser of (1) $50 or (2) the amount of unauthorized transfers that occur before the financial institution is notified by the consumer or becomes aware of circumstances that led to the reasonable belief that an unauthorized EFT has been made. [15 USC §1693g(a); 12 CFR §205.6(b)(1), (5).]
If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability can be as much as $500. [See 15 USC §1693g(a); 12 CFR §205.6(b)(2).]
For errors in periodic statement. If a financial institution establishes that losses would not have occurred but for the consumer’s failure to report an unauthorized EFT or account error that appears on the periodic statement within 60 days of the institution’s transmittal of the statement, the consumer’s liability may not exceed the sum of [15 USC §1693g(a); 12 CFR §205.6(b)(3)]:
- The lesser of $50 or the amount of unauthorized EFTs that appear on the statement or that occur during the 60-day period; and
- The amount of unauthorized EFTs that occur after the close of the 60 days and before notice to the financial institution, and that would not have occurred but for the failure of the consumer to notify it within that time.
Burden of proof. In any action involving a consumer’s liability for an unauthorized EFT, the burden of proof is on the financial institution to show that the EFT was authorized. If the EFT was unauthorized, the burden of proof is on the financial institution to establish that the conditions of consumer liability have been met. [15 USC §1693g(b).]