Regulation E

Regulation E, issued by the CFPB, implements the Electronic Fund Transfer Act (EFTA) and governs debit card transactions, ATM withdrawals, and direct deposits. Its core consumer protection is a liability cap: if you report an unauthorised transaction within two business days of learning of it, your liability is limited to $50. Waiting two to 60 days raises the cap to $500; beyond 60 days, liability can be unlimited.

For fraud victims, Reg E is the primary legal basis for disputing unauthorised debit card charges or fraudulent ACH withdrawals. The bank must investigate a claim within 10 business days (provisionally crediting the account if it takes longer) and provide written results. If the bank finds no error, it must explain why and restore any provisional credit.

Important limitations: Reg E does not cover wire transfers or credit card transactions (those fall under the Fair Credit Billing Act). It also generally does not cover transactions that the consumer was tricked into authorising themselves — so authorised push payment scams where the victim sent the funds knowingly may not be protected by Reg E, a gap that has fuelled policy debate.