Updated April 2026
Regulation E
The CFPB rule implementing the Electronic Fund Transfer Act (EFTA) that governs debit card fraud liability and EFT error disputes.
Regulation E, codified at 12 CFR Part 1005, implements the Electronic Fund Transfer Act (EFTA), 15 U.S.C. 1693 et seq. It governs electronic fund transfers (EFTs) to or from a consumer account, including debit card transactions, ATM withdrawals, ACH (automated clearing house) transfers, and Zelle-type bank-to-bank transfers.
The most consumer-relevant section for debit card disputes is 12 CFR 1005.6 (Liability of consumer for unauthorized transfers). Regulation E creates a tiered liability structure based on how quickly the consumer reports unauthorised activity:
- Report within 2 business days of learning of the loss: maximum $50 liability. - Report between 2 and 60 days after the statement showing the first unauthorised transfer: maximum $500 liability. - Report after 60 days from the statement date: unlimited liability.
This tiered cliff is the critical practical risk of debit cards. If you review your bank statements quarterly, an unauthorised transfer in January that appears on your January statement may be past the 60-day window by the time you notice it in April. Federal law then provides no limit on your liability.
12 CFR 1005.11 governs the error-resolution process. A consumer must notify the bank of an "EFT error" (a transfer not initiated by the consumer, or an incorrect transfer). The bank must investigate within 10 business days and resolve within 45 days for most transfers (90 days for new accounts or point-of-sale and foreign-initiated transfers).
Critical limitation: Reg E 1005.11 defines "error" narrowly. It covers only whether the transfer was correctly executed; it does not give you a merchant-dispute right for goods or services not delivered as agreed. If a subscription continued charging after cancellation, the transfer may be technically correct (authorised in the system even if the merchant violated the cancellation). A Reg E dispute may fail; a Reg Z claim on a credit card would succeed.
Real-world example: You used a debit card for a gym membership, cancelled in writing, but the gym charged you the next month. The bank processes the transfer correctly (the merchant still had your authorisation in their system). Under Reg E, there may be no EFT error. Under Reg Z on a credit card, there would be a billing error (goods/services not accepted as agreed under 1026.13(a)(3)).
Credit vs Debit: how Regulation E differs
Regulation E applies only to debit cards and electronic fund transfers from deposit accounts. It does not govern credit card transactions (those fall under Regulation Z). The fundamental difference is protection scope: Reg E protects EFT errors (whether transfers were correctly processed); Reg Z protects billing errors including merchant-related disputes. Debit card holders have no Reg Z merchant-dispute right; credit card holders have no Reg E coverage.
Related glossary terms
Regulation Z
The Federal Reserve / CFPB rule implementing the Truth in Lending Act (TILA) that governs credit card billing disputes and fraud liability.
EFT (Electronic Fund Transfer)
Any transfer of funds initiated through an electronic terminal, telephone, computer, or magnetic tape, including debit card transactions and ACH transfers.
Durbin Amendment
Section 1075 of the Dodd-Frank Act (2010) that capped debit interchange at $0.21 + 0.05% per transaction for large bank issuers and required multi-network routing on debit cards.
Dispute
A consumer's formal claim against a charge on a credit or debit card, triggering the issuer's investigation and potential reversal under Regulation Z (credit) or Regulation E (debit).
Verified April 2026 against eCFR.gov and CFPB regulation pages. Not legal advice. Return to glossary →