Unauthorized Bank Withdrawals

 

The Electronic Funds Transfer Act (EFTA)

The EFTA protects consumers against unauthorized electronic money transfers. It establishes the duties of financial institutions when notified of unauthorized electronic transfers and limits a consumer’s losses if certain steps are taken.

Although the EFTA has been on the books since the 1970s, it has become a critical component of consumer protection due to the now widespread use of mobile banking and electronic money transactions.

What type of accounts does the EFTA cover?

The EFTA only applies to accounts used for personal, family, or household purposes. Business accounts are not covered.

The definition of account under the EFTA is broad. It includes conventional checking and savings accounts, prepaid accounts (like government benefit or payroll accounts), and digital wallets like PayPal, Venmo, and CashApp.

What types of transactions does the EFTA provide protections for?

The EFTA applies to an electronic funds transfer that authorizes a financial institution to debit or credit a consumer’s account. Covered electronic transfers include:

  • Debit card purchases

  • ATM deposits and withdrawals

  • Direct deposits and withdrawals

  • Most transfers initiated by telephone

  • Mobile banking transactions

  • ACH and automatic bill payments

  • Most person-to-person transfers through Zelle, PayPal, Venmo, and CashApp

The EFTA does not apply to wire transfers and paper check transactions.

The transaction must be unauthorized to be protected by the EFTA

The EFTA only applies to unauthorized electronic funds transfers. To qualify as an “unauthorized electronic fund transfer,” the transaction generally must:

  • Be initiated by someone other than the account holder

  • Be made without actual authority

  • Provide no benefit to the account holder

If you voluntarily give someone your card, PIN, or access credentials, and they use them to transfer funds, the transaction generally is not considered unauthorized. However, courts have recognized that when a card or access code is obtained through fraud or theft and then used to transfer funds, the transaction should be treated as unauthorized, as long as the account holder received no benefit from it.

Examples of situations the EFTA applies to

Soren has a personal checking account at U.S. Bank and uses a debit card to make purchases. Soren’s wallet is stolen with his debit card inside. The thief then uses Soren’s stolen debit card at Target to buy $1,500 in expensive electronics.

—The EFTA clearly applies. Soren’s account is a personal account, the point-of-sale purchase at Target is considered an electronic transfer, and the transaction was initiated by the fraudster, not Soren himself. Soren received no benefit from the transaction. Soren should notify U.S. Bank as soon as possible that his card was stolen and then used to buy stuff. And if the bank refuses to return his $1,500, he should talk to a lawyer who handles EFTA cases.

Elsa receives a phone call from a number she recognizes as Huntington Bank. The caller tells her that her personal savings account has been hacked and that she needs to cooperate to stop the fraud from continuing. Elsa gives the caller her online banking login info, as well as the various one-time passcodes sent to her phone during the call. The fraudster then uses Elsa’s online banking info to transfer $5,000 to an external bank account.

—This situation is a little more nuanced. Elsa’s account is a personal account and the transfer was done by the fraudster, not Elsa, who received no benefit from the transfer. But Elsa gave the fraudster her login credentials, so, at first glance, the transaction would not be considered unauthorized. However, as courts have recognized, if the login credentials are obtained by fraud or theft, then the transfer should properly be considered unauthorized. So the EFTA likely applies here. Elsa should immediately notify her bank of the fraud and talk to an attorney who handles EFTA cases if Huntington Bank refuses to return her $5,000.

Consumer liability caps for unauthorized electronic transfers

The EFTA includes timing rules that affect your potential liability.

  • In general, if you notify the bank within two business days of discovering an unauthorized transfer or theft, your potential liability is limited to $50.

  • If you notify the bank after two business days, but within 60 days of the statement showing the unauthorized transfer, your liability is capped at $500.

  • If you wait beyond 60 days from the first statement showing the unauthorized transfer, your exposure is unlimited, but only for transactions that occurred more than 60 days after the first statement.

It is absolutely critical to notify your bank as soon as possible after learning of an unauthorized electronic transfer or theft of your card or PIN.

How to notify your bank of an unauthorized EFT

The EFTA allows you to notify your bank through any reasonable method that provides the bank with the necessary information. This includes letter, email, telephone, and in-person visit. There are no magic words that you have to use, however, you must provide enough information to identify yourself, the account involved, and which transactions were unauthorized.

In my view, the best practice is to notify the bank immediately of unauthorized electronic transfer or theft immediately by telephone and then to follow up promptly in writing. If mailing notice, you should send the letter certified with a return receipt requested so you can prove receipt.

I also think it is a really good idea to file a police report with your local law enforcement agency and obtain a copy of the report to give to the bank to help with their investigation.

What the EFTA requires banks to do when notified of an unauthorized EFT

When you report an unauthorized electronic transfer, the bank must conduct a prompt investigation and provide you with a written explanation of its findings, usually within 10 business days. If the bank cannot complete its investigation this quickly, it is often required to provisionally credit your account while it investigates further.

Importantly, the law does not require the bank to accept every dispute. It requires that the bank conduct a reasonable investigation and comply with defined timelines.

How a bank violates the EFTA

Not every fraudulent transfer becomes a viable lawsuit. The strongest EFTA cases typically involve: clear unauthorized electronic transfers, timely notice to the bank, an inadequate investigation, and refusal to reimburse your account without a reasonable basis.

Damages available under the EFTA

If a bank violates the EFTA, remedies include actual damages, including out-of-pocket loss, statutory damages up to $1,000, and attorney fees and costs. In certain cases involving more serious violations, enhanced damages may be available.

Because the statute is fee-shifting, I am able to handle viable EFTA cases on contingent-fee arrangements.

Ready to talk to a lawyer about an unauthorized bank withdrawal in Minnesota?
Schedule a free consult with attorney Todd Murray.

Since 2009, Todd has been helping Minnesotans combat illegal practices by consumer predators. Todd’s clients have described him as “very professional and easy to work with.” He lives in Minneapolis with his wife and four children.

schedule a consult with todd