What Is the EFTA and Why Does It Matter?

As economies and financial systems modernize, so do the ways consumers interact with the financial system. For example, the transition from physical checks to electronic banking provided new products and services such as debit card transactions, electronic withdrawals and transfers, deposits through ATMs, and remote banking. While these provide greater speed, efficiency, and accessibility for consumers, they also present new possibilities for errors and fraud.

The Electronic Fund Transfer Act (EFTA) was established to protect consumers using electronic fund transfers by establishing the duties, rights, and responsibilities of consumers and financial institutions. EFTA is implemented through Code of Federal Regulations Part 1005, also known as “Regulation E”.

What is in Scope of EFTA / Regulation E?

Regulation E applies to any electronic fund transfer that authorizes a financial institution to debit or credit a consumer’s account. “Consumer accounts” are defined as those established primarily for “personal, family, or household purposes” and include checking and savings accounts.

Provided these requirements are met, products and services that are within scope of Regulation E include:

• ATM transfers
• Debit card transactions
• Direct deposits or withdrawals of funds
• Point-of-sale transfers
• Some telephone transfers
• Overdrafts
• Gift cards

What are the Exclusions from EFTA / Regulation E?

Some activities are specifically excluded from coverage under Regulation E including:

• Transfers of funds originated by paper instruments such as checks
• Payment made by paper instruments such as checks, even where the payment is made at an electronic terminal
• Transfers of funds within systems primarily used for transfers between financial institutions and businesses, such as Fedwire
• Transfers of funds to buy or sell securities and commodities, provided specific requirements are met

What Protections are Provided for Consumers?

The Regulations set out three core protections:

Clear and timely disclosures: Institutions must provide clear information about the types of transfers consumers can make, the fees, any limitations on amount or frequency, how to report unauthorized transfers or errors, and consumer liability for unauthorized transfers. This must be provided at the time the consumer engages the services or before the first fund transfer is made.

Limited consumer liability for unauthorized transfers: Consumers may only be held liable where the institution has provided clear and timely disclosure (see above). There are also additional protections for consumers depending on how quickly they notify the financial institution of unauthorized activity.

Where there has been loss or theft of the consumer’s “access device” (usually this means their debit card):

• If reported within two business days: liability is limited to a maximum of $50
• If reported after two business days and less than 60 days after a consumer receives their statement: liability is limited to a maximum of $500
• Where an unauthorized transfer appears on a periodic statement, the consumer must report it within 60 days, otherwise there is no limit on their liability

Where the card was not lost or stolen, the consumer is not liable for any unauthorized charges provided they report the unauthorized activity within 60 days of the statement being sent.

Fair error resolution procedures: Financial institutions must promptly investigate errors and correct them within one day of determining that an error occurred. Usually, the institution has 10 days to complete its investigation, however this may be extended to 45 days provided the institution provisionally credits the consumer account with the amount of the alleged error while the investigation is ongoing.

Examples of errors include unauthorized transfers, incorrect transfers to or from the consumer’s account, or transfers that are missing from their periodic statements. Errors do not include routine inquiries about the consumer’s account balance or requests for information for tax or other purposes, or requests for duplicate copies of information.

These are a summary of key provisions relating to consumer liability and protection – refer to the EFTA and Regulation E for complete information.

Does the EFTA Apply to Crypto? What Changes are Proposed?

Until recently, the EFTA and Regulation E did not apply to most digital asset transactions. Consumers using crypto wallets, stablecoins, or blockchain-based platforms for purchases or peer-to-peer transfers operated largely outside the traditional protections described above. However, this may change.

In January 2025, the Consumer Financial Protection Bureau (CFPB) issued a Proposed Interpretive Rule aimed at modernizing how Regulation E applies to emerging digital payment systems. The objective of the proposed rule is to ensure consistent application of the EFTA and Regulation E, and to avoid placing some providers at an unfair competitive disadvantage.

The proposed rule would extend the scope of EFTA and Regulation E, including:

• Expanding the definition of “funds”: While EFTA does not explicitly define the term “funds,” the language used in the EFTA and subsequent judicial interpretations indicate that it is not limited to fiat currency like U.S. dollars. It includes assets that act or are used like money, meaning as a medium of exchange. The proposal is that “funds” should be clarified as being inclusive of stablecoins and digital assets like Bitcoin.

• Broadening what qualifies as an “account”: The proposed rule would clarify that “account” includes non-traditional consumer asset accounts such as virtual currency wallets that can be used to buy goods and services or make person-to-person transfers, along with video game accounts and credit card reward points.

The effect of the proposed changes would bring digital asset services and providers into scope of the consumer protections set out in EFTA and Regulation E.

How Can Voluntary Compliance Prepare Institutions for Regulatory Readiness?

These proposed changes are relevant for platforms that facilitate purchases using stablecoins or other digital tokens, allow peer-to-peer transfers within wallet environments, or offer consumer-facing payment services integrated into apps or gaming platforms.

Some crypto platforms have already begun offering EFTA-like protections voluntarily, such as:

• Clear user disclosures
• Internal systems for resolving disputes or failed transfers
• Provisional credit policies when investigating unauthorized activity

Adopting these safeguards now may help organizations prepare for future regulatory requirements, as well as to build consumer trust and confidence.