The consumer-watchdog agency recently issued a final rule aimed at providing wide-ranging protections to pre-paid cardholders. These protections include requiring financial institutions to limit consumers’ losses when their funds are lost or stolen, investigate and resolve errors in connection with pre-paid accounts, and provide consumers with free and accessible information about their accounts, among other protections. And although this new rule largely focuses on pre-paid cards—a rapidly growing form of payment—the CFPB also expanded the protections to cover electronic person-to-person payments, like those made via PayPal.
Expanding these existing consumer protections for financial activities, whether or not they flow through traditional banks, the CFPB implemented a tried-and-true regulatory regime that will foster innovation, competition, and the provision of new and better services to help people access their money in a faster and more secure manner. Even better, the CFPB issued the rule proactively, instead of waiting for a crisis to occur—the latter being too often the case in policymaking.
A bit of background helps shed light on the Bureau’s new rule and why it matters. In the 1970s, debit cards were a promising new technology. Using the same magnetic swipe technology pioneered for credit cards, debit cards allowed people to access their bank account to make purchases directly from merchants. But before customers could fully enjoy this debit card technology, a new problem had to be solved: who would bear the liability in the case of a lost or stolen card? Consumers were nervous that a single mistake could expose their entire nest egg. Banks wanted to avoid being exposed to millions of dollars of losses from fraud. Merchants were afraid to accept the card lest they not be paid if it turned out to be a fraudulent transaction. The adoption of card-swipe technology required a new legal and regulatory regime.
Congress solved this problem by enacting the Electronic Funds Transfer Act of 1978 (EFTA). The Act offered a straightforward solution: clear guidelines assigned liabilities to the parties regarding their rights and responsibilities concerning this new piece of property, the debit card. EFTA, and its associated regulations, assigned limited liability to consumers of between $50 and $500, assuming that the consumers reported their loss in a responsible and timely manner. Banks assumed substantial liability, which subsequently motivated them to create secure networks with robust fraud detection.
Importantly, the law allowed those liability rights to be traded upon mutual consent of the parties, subject to this basic consumer protection floor, allowing banks to compete by accepting additional liability from consumers in case of a lost card. In fact, banks now compete for consumer’s businesses by offering them greater protection in case of card loss or theft, including offering consumers zero liability.