ABSTRACT: With the rise in electronic payment methods and scams targeting unsuspecting account holders, 2024 has seen an uptick in EFTA-related litigation. This post examines what the case law says so far and potential rules that would upend these holdings.
As the holiday season arrives, we are reminded of the ever-growing instances of fraudulent schemes against consumers. In the past year or so, we have seen instances of litigation where impacted parties attempted to seek recourse under the Electronic Funds Transfer Act (EFTA) or the UCC when a consumer is scammed by a bad actor. Below is a review of a few key cases that address the interplay between fraudulent schemes and these statutes, as well as a proposed rule that, although unlikely to pass, would significantly reshape the obligations of financial institutions to investigate and compensate for fraud.
Overview of the EFTA
As an overview, the EFTA was established in 1978 to provide guidance for financial institutions and customers for a variety of electronic services, including ATM use, point-of-sale terminals, ACH systems, remote banking, and remittance transfers. The EFTA does not deal with wire transfers, but UCC Article 4A does. Under the EFTA, financial institutions are required to investigate and respond to timely notices from customers of unauthorized transactions.
Fraudulent Transactions
Recent case law reaffirms that even if an innocent customer is duped into authorizing a transaction, the EFTA does not require a financial institution to comply if the transaction was, in fact, authorized by the customer. In Cook v. USAA F.S.B., 2023 U.S. Dist. LEXIS 102589 (Dist. Ct. MR. 2023), Cook was tricked into transferring funds from his USAA bank account to a scammer. When Cook discovered he had been swindled, he alerted USAA to the fraudulent transactions and sought help recovering those lost funds. USAA declined to investigate and advised that they could not assist. A year later, the dispute was closed and rejected because Cook had authorized the transactions. Cook then filed suit alleging USAA violated its obligations under EFTA by failing to timely perform an investigation or take other appropriate action. USAA moved to dismiss, on the basis that Cook authorized the two transactions in question, and therefore, there was no “qualifying error” under the EFTA that triggered an investigation by USAA. The court agreed and dismissed the claim.
In other instances, financial institutions may be on the hook. In Mich. First Credit Union v. T-Mobile USA, Inc., 108 F.4th 421(6th. Cir. 2024), a credit union sought reimbursement or contribution from T-Mobile due to a “SIM swap” cellphone scheme whereby fraudsters gain access to customers’ financial data through SIM cards and make unauthorized transactions on the victim’s account, resulting in the credit union having to reimburse the customer. Among others, the credit union made claims for contribution against T-Mobile under the EFTA.
The Court determined that the Act does not contain an express right to indemnification or contribution; therefore, it was apparent that the EFTA did not provide a right to indemnification or contribution for financial institutions, but rather that, the intent of Congress was to benefit consumers. Therefore, the credit union had no right to contribution or indemnification under the EFTA.
Fraudulent Wire Transfers
What about wire transfers? A recent case up on appeal raises concerns about financial institution liability for wire transfers predicated on fraud. In Studco Building Systems US LLC v. 1st Advantage Federal Credit Union, the District Court held that the credit union was liable for a fraud perpetrated by an outside party on Studco, who was owed over $500,000 from a supplier. More than $500,000 in fraudulent ACH transfers were deposited into an account opened by scammers and quickly withdrawn, due to a business email compromise scam.
The credit union did not appear to have actual knowledge of the scam, but the district court found they had constructive knowledge or should have known due to real-time alerts from the credit union’s anti-money-laundering system and other red flags suggesting fraud:
-
The credit union allowed the recipient to open the account even though it triggered an “ID verification warning.”
-
The credit union failed to establish a reasonable routine for monitoring suspicious activity alerts.
-
It was unreasonable for the credit union to allow the deposits into the personal account, which was a new account that had a small starting balance followed by multiple high-value transactions.
On appeal, the credit union argues that the district court erred in finding it liable under UCC 4A-207, which requires privity and actual knowledge. We await the Court’s decision.
Proposed Legislation Shifting Liability to Financial Institutions
Recent legislation has been proposed that would codify a shift of responsibility from consumers to financial institutions for transactions authorized based on fraud. H.R. 9303/S. 4943 would define an unauthorized transfer as one that includes a fraudulently induced transfer, requiring financial institutions to reimburse consumers for this type of fraud. Critics of the bill state that this would unfairly impose significant cost on financial institutions that are already spending more than ever on reimbursing for unauthorized transactions.
The future of such legislation is no doubt in peril with the incoming administration, but we intend to monitor pending legislation and case law on this point and will provide substantive updates as they arise.