Question:

A member reported that their debit card and the PIN were stolen together. They admitted the PIN was either written on the card or kept in the same wallet. There were subsequent unauthorized transactions. Do we need to process a fraud dispute in this case? We don’t see this often, since most members don’t admit the PIN was compromised.

Answer:

Since this involves a debit card, Regulation E applies. Under Reg E, consumer protection for unauthorized electronic fund transfers does not depend on whether the cardholder was negligent. So, even if the PIN was kept with the card, the member is still entitled to Reg E protections.

However, Visa’s Zero Liability Policy may not apply in this case. This policy does consider cardholder behavior, and storing the PIN with the card—especially writing it on the back—could be viewed as gross negligence, potentially disqualifying the member from those additional protections.

Under Regulation E, if the member reported the loss within two business days of becoming aware of it, their liability is limited to $50, and the credit union is responsible for unauthorized transactions beyond that.

You may also want to consider whether to reissue the card, based on how the member handled it.