Reg E in Texas: Unauthorized Transfers & Refunds — Fast-Action Guide

What counts as an unauthorized electronic fund transfer (EFT)

Regulation E (12 C.F.R. Part 1005) implements the federal Electronic Fund Transfer Act (EFTA) and governs consumer EFTs from deposit accounts (checking/savings). It covers debit-card transactions, ATM withdrawals, ACH debits, and many P2P payments (e.g., Zelle/Venmo/Cash App when they pull from your bank account). It does not cover credit-card disputes (that’s Reg Z) or most wires (Article 4A/UCC).

An EFT is unauthorized when it is initiated by someone other than you and you did not benefit from it, you did not authorize it, and you did not furnish your access device with actual authority to that person. EFTA/Reg E expressly states that a bank cannot assign you more liability merely because you were “negligent.”

May not qualify: You knowingly sent a P2P payment to a fraudster (an “authorized push-payment” scam). That is generally not an unauthorized EFT under Reg E, though you still get error-resolution rights and may have remedies under network rules, bank policies, or Texas consumer-protection law.

Your time limits and potential liability

Reg E uses strict notice windows. “Business day” means the bank’s business days (check disclosures). Clock starts when the bank sends your statement showing the first unauthorized transfer, not when you open it.

Bank investigation duties and provisional credit

Once you give notice, Reg E’s error-resolution rule (§1005.11) applies. The bank must:

• Investigate and decide within 10 business days (20 for new accounts; see bank’s definition). If more time is needed, it may extend to 45 days (or 90 days for new accounts, foreign-initiated transactions, or POS debit-card purchases) but must provisionally credit your account within the original 10 business days (20 for new accounts).
• Tell you results in writing, provide copies of relied-upon documents on request, and correct the error (recredit funds and reverse fees/interest) when found.
• If it denies the claim after provisional credit, it may re-debit your account, but only after giving you written notice and time to access the documentation.

How to write a winning Reg E dispute (Texas focus)

1. Notify fast and in writing. Call or use secure message to lock the card and open a case; then send a short letter or secure message recap the same day. Ask for: (a) provisional credit timeline, (b) document copies used to deny/approve, and (c) a written decision.
2. Identify each disputed transfer by posting date, amount, merchant/trace ID, and channel (ATM, ACH, debit, Zelle). If there are dozens, attach a spreadsheet.
3. Explain why they are unauthorized with facts, not adjectives. Examples: “Phone line SIM-swapped at 3:11 p.m.; I was locked out of iCloud; IP logs show Florida; I was at work in El Paso.”
4. Attach evidence: police/FTC IdentityTheft.gov report, mobile carrier ticket, IP geolocation notes, travel receipts, screenshots of Zelle profile changes, or employer timeclock records. Ask the bank to compare device fingerprints, login IPs, geolocation, and 3-D Secure/chip authorization logs to your normal pattern.
5. Recurring ACH: include your written revocation to the merchant and ask the bank to process an unauthorized ACH claim (you may also invoke NACHA return rules through the bank within 60 days of statement—consumer reason codes like R10 or R11).
6. State what you want: recredit principal, reverse overdraft/NSF fees and interest, fix negative-balance reporting, and reimburse consequential fees caused by the error (e.g., returned-item fees at other creditors triggered by the unauthorized withdrawals).

Typical denial reasons—and how to rebut them

• “A PIN was used.” Counter: PIN usage is not conclusive. Present proof of compromise (skimmer alerts, travel records). Ask for terminal location and camera logs where available.
• “Same device/IP as prior logins.” Counter: Show that your phone number was SIM-swapped or your device had malware. Provide carrier ticket or MDM logs. Request device fingerprint details (OS version, browser, cookies) to show it was a different device with a spoofed IP.
• “Merchant shipped goods to your address.” Counter: Present porch-theft police report or proof of chargeback fraud using your name/address but different email/phone. Highlight poor merchant KYC.
• “You waited too long.” Counter: If you notified within two business days of learning of device loss/theft or within 60 days of the statement, cite the correct liability tier. If the bank mailed statements to an old address despite your notice, argue equitable tolling.

Texas-specific escalation paths

Reg E is federal, but your bank’s charter and Texas regulators matter for complaints and leverage:

• CFPB complaint portal (federal): best for Reg E issues; attach your timeline and documents.
• Primary prudential regulator (OCC for national banks; Federal Reserve/FDIC for state member/non-member banks).
• Texas Department of Banking (for Texas-chartered institutions), Texas Credit Union Department (for TX-chartered CUs).
• Justice Court (small claims): up to $20,000. EFTA gives a private right of action for actual damages, statutory damages, and attorney’s fees; small claims can be a practical venue for sub-$20k cases—confirm your bank’s forum selection clause.

If you sue under EFTA (15 U.S.C. §1693m), the statute of limitations is one year from the date of the violation (usually the bank’s failure to comply with the Reg E process), not necessarily the transaction date. Texas consumer claims (e.g., Texas Deceptive Trade Practices Act) may sometimes supplement your remedies; consider legal counsel for strategy and pre-suit notices.

Special situations

P2P/Zelle fraud

If a criminal initiated the transfer by commandeering your account, it is typically unauthorized and covered. If you initiated the transfer to a fraudster after social-engineering (e.g., “bank agent” impersonation), it is usually authorized under Reg E. Still, provide evidence; some networks now reimburse defined scam types via network policies, and banks may offer goodwill credits or pursue recovery.

ACH debits from fitness clubs, utilities, or lenders

Send a revocation to the merchant and your bank. If a debit posts after revocation or from a merchant you never authorized, your bank should treat it as an error, reverse it, and may process it through ACH return codes.

Wires and business accounts

Consumer Reg E protections do not apply to most wire transfers or to business accounts. Texas consumers hit by wires should explore UCC 4A and immediate bank-to-bank recall with law enforcement involvement.

Practical checklist (attach to your dispute)

• Timeline of events (discovery, first notice, each follow-up).
• Copy of driver’s license and a selfie holding it (banks sometimes ask for KYC during remediation).
• Carrier ticket for SIM swap / device theft report / police incident number.
• FTC IdentityTheft.gov affidavit and creditor fraud alerts (Experian/Equifax/TransUnion).
• Proof you were elsewhere (work logs, flight receipts, toll records).
• Screenshots of changed contact info in your online banking or Zelle profile.
• Statement pages with disputed items highlighted.

Conclusion

Successful Reg E outcomes in Texas come down to speed, precision, and documentation. Notify your bank immediately, lock access, and follow up in writing. Anchor your dispute to Reg E’s definitions and deadlines, insist on provisional credit when the investigation extends, and demand copies of all materials the bank relies on. If your claim is denied with weak reasoning, escalate to federal and Texas regulators and consider Justice Court or EFTA litigation—where the law provides fee-shifting that can make smaller cases economically viable. The sooner you organize your evidence and pin the process to the rule text (two-day and sixty-day liability tiers; 10/45/90-day investigation clocks), the more likely you are to secure a full refund and reversal of cascading fees.

FAQ — Reg E Disputes (Unauthorized EFTs) in Texas

1) What exactly is an “unauthorized electronic fund transfer” under Reg E?

It’s a transfer initiated by someone other than you, from which you did not benefit, and that you did not authorize. It also includes cases where your access device (card/phone credentials) was used without actual authority. Mere negligence (e.g., writing a PIN on a note) does not, by itself, increase your liability under EFTA/Reg E.

2) I was scammed into sending money (Zelle/Venmo). Is that unauthorized?

Usually no. If you initiated the payment—even after being tricked—it’s typically considered an authorized transfer under Reg E. If a criminal initiated transfers by taking over your account (SIM swap, malware, password reset), those are typically unauthorized. You still have Reg E error-resolution rights either way, and networks/banks may offer separate scam reimbursement policies.

3) What are my deadlines and potential liability?

• Notify the bank within 2 business days after learning of card/phone loss → max $50 liability before notice.
• After day 2 but within 60 days of the statement showing the first unauthorized transfer → max $500.
• Notify after 60 days → you can be liable for subsequent unauthorized transfers until notice. (Items within the first 60 days must still be refunded.)
• No device involved (e.g., illicit ACH) → only the 60-day rule applies; liability is $0 if you timely notify.

4) What must my bank do after I report?

Investigate and resolve within 10 business days (20 for new accounts). If it needs more time, it must provide provisional credit by day 10 (day 20 for new accounts) and may take up to 45 days (or 90 for new accounts, foreign transactions, or POS debit). It must give you a written result and, on request, copies of documents it relied on, and reverse fees/interest tied to the error.

5) Can the bank deny my claim because a PIN was used or because I was “careless”?

PINS and device matches are evidence, not conclusive proof. The bank still must investigate. EFTA/Reg E says negligence alone does not increase your liability. Rebut with travel/work logs, carrier SIM-swap tickets, device/IP evidence, and police/FTC reports.

6) Are Zelle/Venmo/Cash App covered?

If the transfer pulls from your bank account (debit card or ACH), Reg E generally applies. If you funded from a stored balance at a nonbank provider, coverage may depend on that provider’s policies. For scams you authorized, Reg E typically doesn’t require a refund—but ask about the network’s scam reimbursement rules and submit a detailed fraud report anyway.

7) Do business accounts, credit cards, or wire transfers get Reg E protection?

No for business accounts and most wires (covered by UCC 4A). Credit-card disputes are under Reg Z, not Reg E. Some banks extend similar protections by contract—check your disclosures.

8) What evidence should I include with my dispute?

• Statement pages with disputed items highlighted (date, amount, merchant/trace ID, channel).
• Police report and FTC IdentityTheft.gov affidavit (if identity theft).
• Carrier SIM-swap ticket, device loss/theft report, or malware/MDM logs.
• Travel/work/time-clock records, IP/location screenshots, profile-change screenshots.
• For ACH: your written revocation to the merchant and return-reason request (e.g., R10/R11).

9) The bank denied my claim. How do I escalate in Texas?

Reply in writing, rebut the reasons, and request the evidence relied on. Then file complaints with the CFPB and your bank’s prudential regulator (OCC/FDIC/Fed). For Texas-chartered institutions, also contact the Texas Department of Banking or Texas Credit Union Department. You may sue under EFTA (actual + statutory damages and attorney’s fees). Texas Justice Court handles up to $20,000.

10) What is the statute of limitations, and does Texas law change any of this?

EFTA claims generally have a one-year statute of limitations from the violation (often the bank’s failure to follow Reg E timelines/requirements). Reg E is federal and preempts inconsistent state rules, but Texas law (e.g., Deceptive Trade Practices Act) may provide additional remedies. Consult a Texas consumer-finance attorney for strategy and deadlines in your specific case.

Technical basis & legal sources — Reg E disputes (Texas)

Primary federal statute

• Electronic Fund Transfer Act (EFTA), 15 U.S.C. §§ 1693–1693r — establishes consumer rights and bank duties for electronic fund transfers (EFTs), including liability limits, error-resolution obligations, a private right of action, and a general one-year statute of limitations for EFTA claims.

Implementing regulation

• Regulation E, 12 C.F.R. Part 1005 — implements EFTA. Key provisions:
  • §1005.2 — definitions (including “account,” “access device,” and “unauthorized electronic fund transfer”).
  • §1005.3 — coverage and exclusions (e.g., most consumer debit/ATM/ACH/P2P draws are covered; most wires are excluded).
  • §1005.6 — consumer liability caps tied to two-business-day and sixty-day notice windows.
  • §1005.11 — error-resolution duties: investigation timelines, provisional credit, written results, document access.
  • Subpart B — remittance transfers (separate disclosure and error rules where applicable).

ACH dispute framework (when the transaction was ACH)

• Nacha Operating Rules — bank-to-bank return mechanics that complement Reg E consumer claims. Common consumer return reasons include:
  • R10 — unauthorized, improper, or ineligible debit (consumer).
  • R11 — entry not in accordance with the authorization (reauthorized/altered terms).

  Consumers typically work through their financial institution to initiate these returns within the statement-period windows.

Escalation & oversight

• CFPB — primary federal consumer-finance regulator receiving Reg E complaints and issuing guidance/FAQs.
• Prudential bank regulators — OCC (national banks), FDIC and Federal Reserve (state-chartered banks, depending on membership), and NCUA (federal credit unions).
• Texas regulators — Texas Department of Banking (TX-chartered banks) and Texas Credit Union Department (TX-chartered credit unions) accept complaints for state institutions.

Texas procedural notes

• Justice Courts (Small Claims) — civil jurisdiction up to $20,000; practical venue for many consumer disputes, including EFTA claims, subject to any contract forum/ARB clauses. See Tex. Gov’t Code §27.031 and Texas Rules of Civil Procedure 500–510.
• Supplemental state remedies — depending on facts, Texas consumer-protection statutes (e.g., DTPA) may provide additional avenues alongside EFTA; coordination with counsel is recommended.