Debit Cards: Unauthorized transactions and cardholder liability

Unlike credit cards, debit cards statutorily offer cardholders inferior fraud liability protection in the event of loss or theft. But don't holster your debit card just yet – many financial institutions have voluntarily shored up the gap between credit and debit cardholder fraud protection.

A debit card is simply an enhanced ATM card used directly for the purchase of goods and services. Many find its "pay as you go" approach appealing since funds for a given transaction are withdrawn electronically from the cardholder's checking or other asset account.

A debit card's overall appeal, however, carries a steep price. In the event of loss or fraud, it exposes its holder to far greater risk of financial loss than a credit card. Many debit card transactions are processed with merely a signature, thereby eliminating the need to enter a PIN and the added security it offers.

The Electronic Funds Transfer Act governs cardholder liability for unauthorized debit card transactions. Congress delegated implementation of this act to the Board of Governors of the Federal Reserve System, which to that end promulgated Regulation E.

Pursuant to Section 205.6 of Regulation E, the extent of loss for the fraudulent use of a debit card is ultimately determined by the vigilance of the cardholder. The sooner the loss or fraud is reported after discovery, the less potential cardholder loss. If the issuing bank or institution is notified within two business days of discovery, the cardholder's liability is capped at $50. If the notification occurs later than two days but less than 60 days after the discovery of the loss or fraud, the cardholder's liability is capped at $500. Finally, if notification is provided after 60 days, the debit cardholder risks complete loss of all the assets in his or her account.

No cardholder liability results, however, unless the financial institution has first timely complied with regulatory cardholder disclosures consisting of: a summary of the cardholder's liability for unauthorized transactions; the telephone number and address to direct reports of suspected fraudulent activity; and the financial institution's days of operation. By law, financial institutions must provide these and additional disclosures before cardholders contract for or make their first electronic fund transfer.

In contrast, a patchwork of various federal laws provides credit cardholders more expansive protection in the event of card loss, fraud or billing and merchant disputes. The Truth in Lending Act, for example, caps at $50 the maximum potential credit cardholder liability for fraudulent charges. Moreover, a credit cardholder incurs no loss whatsoever for charges occasioned by the theft of the cardholder's credit card numbers as opposed to the actual card itself. Federal law also provides a dispute resolution process in the event of a disagreement between the cardholder and merchant. Federal law affords debit cardholders no similar protections.

Fortunately, financial institutions may voluntarily expand, but not restrict, the scope of debit cardholder protections. Many have reportedly done so by voluntarily capping or outright eliminating cardholder fraud liability and/or relaxing the rigid timeframes in which a cardholder must provide notice of card loss or fraud. Refer to your debit card agreement or contact your card issuer for the specific rules governing the use of your card.

Aaron K. Bowron is an attorney with Zirnhelt & Bowron, P.L.C. and licensed to practice in Michigan and Arizona. Bowron maintains law offices in Traverse City and Oakland County. Contact him at (231) 946-8630 or at