Perhaps the most important issue_is the extent of consumer liability for unauthorized transfers. Two models have been proposed: One is the check model suggested by the National Commission; the other is the dollar ceiling approach taken in S. 2065. I am wondering which alternative you believe is preferable, and why.

Who wants to start, Mr. Leymaster?

Mr. LEYMASTER. I will leap into this. There is almost no way to give a quick answer to this that makes sense. Perhaps it is necessary to qualify it, by observing we are being trapped into thinking we have to pick between one of three models to understand what EFT is.

The more I reflect on it, the more I am convinced we have a hybrid, that we can be severely misled in misunderstanding the way the device functions and some of its ramifications if we become too rapidly wedded to analogies without being aware of where the analogy breaks down.

If forced to make a choice, I would pick the dollar ceiling model very rapidly. Perhaps the easiest way to point out what is wrong with the check model is that there is no adequate error resolution device in a check approach at all, if you take a check away. When you go in to complain to your bank about a problem you have had with a check, apart from the fact that the case law is very hard on consumers who don't have a big budget to litigate these questions and sophisticated counsel, the fundamental problem is you need that document, and you have recourse to the paper, and to the fact that that signature doesn't match your own.

In the EFT environment, you are faced with a machine system that says that the secret code number was yours. And that implies to the machine it was you using it. As between the two, you simply can't compensate for the differences.

Senator RIEGLE. What about the possibilities of an EFT system also requiring a signature, an onsite signature, in addition to the card number?

Mr. LEYMASTER. I think it is a very provocative question, Senator. You are getting into a critical question as to whether we are using the technology to do what we want it to do, or whether we are doing what the technology is willing to do for us.

I think there is ample proof that extremely high-speed signature verification devices so far as telling bank tellers here is the signature you should compare, are available in real time. I think we completely overlooked, or at least have inadequately explored whether or not a mechanism can do a signature comparison. It may ultimately prove to be the only way to live with EFT.

Senator RIEGLE. It seems to me that the technology is unlimited. You could even have a visual check or a voice print or thumbprints. There are a lot of ways, it seems to me, of having a verification of whether you have the right person.

Mr. LEYMASTER. Absolutely. I think the kind of constraints and limitations we might impose today, absent that technology, would well be due for reconsideration when a more secure checking device becomes available.

The thing here is we have to live with the fact that there is a lot going on right now that is using those crummy little number codes

as substitutes for a signature. In that situation, I think we are forced to decide what to do about it, absent the technology. Waiting for it, I think, is a boobytrap.

Senator RIEGLE. Ms. Broadman.

Ms. BROADMAN. Another idea is to use thumbprints to verify the identity of the person.

I am not an expert on the technology. But that is another effective way to verify who you are dealing with.

We also prefer the dollar approach, because we feel the security systems are not adequate now and there should be as many incentives as possible built into the legislation to get the industry to adopt adequate technology. If the industry is liable for these kinds of errors, they will develop signature verification procedures, use thumbprints for verification or develop some other effective identity verification procedure.

Senator RIEGLE. It seems to me that that is really the key to the security issue. You still have a problem where somebody makes a payment for goods and then decides shortly thereafter that he or she has been shorted in some way and wants to stop the payment. That issure is still unresolved. But it seems to me the question of somebody getting your card and somehow accessing the system and emptying out your account, that danger can be eliminated with some proof positive at the moment the transaction occurs.

It would seem to me that that would very much be within the reach of technology. It is not free, but what is? There is a cost involved in the system that is not secure as well. Did you want to comment, Mr. Brown?

Mr. BROWN. Yes, I would like to, Senator. You raise, I think, the real crux of the matter, and that is the cost of the technology we are talking about. Computer experts have told me we can do just about anything we want with computers if we are willing to pay enough money. His way of putting it was "We can send a man to Jupiter if we want to pay $100,000 a mile to do it."

I think we are really talking about how can we provide the necessary security which must underlay any of these systems, while minimizing the costs.

Senator RIEGLE. Let me stop you there to make one comment. It has been alleged a number of times that there are large potential savings in the use of this system, at least to the banks, because EFT can minimize the paper crunch. So there may be some money here to work with. Whatever that gain it could be invested in safeguards. The question is what is the prudent and fair application of the benefits.

Mr. BROWN. If EFT is going to save the money that a lot of the proponents say it will, you are right, this money would be available and it wouldn't involve additional expenditures.

I wanted to comment additionally that I think your question portrays particularly well the essential intertwining nature of the consumer protection code and EFT. Related to the whole issue of liability for unauthorized use is the question of documentation, receipts, statements, all of these protections cannot be considered and viewed in the abstract. They must be considered in terms of the whole transaction that occurs where many of these protections as invisioned in S. 2065 for instruments would all come into play.

99-379 - 78 - 7

I also come to the belief that a dollar ceiling is probably the preferable way to approach this question, as much for policy reasons as for economic reasons that I referred to earlier.

It does impose a certain duty or in theory at least it imposes a duty on the consumer to notify the financial institutions when circumstances occur which lead him to the reasonable belief that unauthorized use has occurred. That, I think is clearly beneficial to the whole system, when you know your card is gone, you should notify the bank. This is the approach that has been embodied in the Wisconsin administrative rules. I think it also deals effectively with one of the problems of trying to impose a negligence standards which is carried over from the check model which for reasons outlined in my written statement would be inappropriate for an EFT system.

Senator RIEGLE. The second question I would like each of you to respond to is the extremely important issue or error resolution. The National Commission has recommended that financial institutions have 45 days to correct an error. The bill I put forward sets 3 days. There is quite a difference. I am wondering what your opinion is between those two quite different alternatives.

Mr. LEYMASTER. I guess the way I would describe this is another example of the double standard problem. The institutions are getting instantaneous debiting when they put their systems on real time. They are talking about all of the lag that is associated with a paper-based system disappearing. Then they turn around and give us a paper-based argument for the auditing function.

It seems to me the consumers are entitled to have that computer advice, with the ability to do a lot of small tasks very right, very fast. It would also apply in situations where the consumer wants the benefit of the machine speed and efficiency.

It seems to me that there is virtually no argument that I can respect that supports the 45-day argument when compared to the advantages that the institutions are deriving with very high speed functions.

I also don't think technology limits ability to provide a 3-day audit but for the fact that it was made that way. I can write a system that won't do things the system jolly well can, if I have no incentive to provide that feature. I suspect this is a classic example of that. If asked, I don't see any specific reason that these systems couldn't easily respond in a 3-day time frame.

Ms. BROADMAN. I think the suggestion that institutions be given 45 days to correct errors is absolutely outrageous. When you consider that errors could be substantial, and that consumers with limited resources could be deprived of the essential money for rent, food, et cetera, 45 days is just too long.

I would suggest that the committee investigate the possibility of requiring that the consumers account be immediately recredited if the consumer says there was an error. As I mentioned in my testimony, problems with fraud could be mitigated by requiring that the consumers post bond. And there are several other checks on fraud that should be considered. The subcommittee should focus on ways of implementing an immediate recrediting kind of system. We certainly do prefer the 3 days to the 45 days; 45 days is just too long.

Mr. BROWN. I agree with both speakers, that 45 days would be an inexcusable period of time in which to investigate and resolve an

error.

Aside from the dollar hardship on consumers that have been referred to by the previous speakers, I think it is important for the committee to bear in mind that EFT will have, as an integral part of it, an improved communicative ability among and between institutions. Consequently, the retrieval of necessary information should be improved over the present systems. We should be able to transfer information faster, more easily than they can presently. There is a problem to which I referred in my commentary and my written statement about getting sufficient information for a financial institution to investigate an alleged error. The problem is not in resolving the error once they know what it is they are looking for. If I can designate the ATM and the location and time where the alleged error took place, they can and should be required to resolve that error in no more than 3 business days. The problem may be I may not be able to specify the date or the location or even what kind of transaction was involved. That being the case, of course they are looking for a needle in haystack. Once they have the specific information, there is no excuse for requiring an extended period of time in which to resolve the dispute.

Finally, rather than impose standards that are too lax, we should impose standards that err on the side of strictness, because this, if nothing else, provides incentives to institutions to design systematic programs, systematic structures that can resolve errors within these relatively short periods of time.

Senator RIEGLE. Let me, again, thank the three of you for the care you have given to the preparation of your testimony and for your responses to these questions.

I may have other questions I will want to put to you, and if so, I would like to be able to do that in writing, so you can respond to those later and we can insert those in the record.

Again, I thank you for your help. We want to continue to think and work with you, because we want to get these issues resolved. Your testimony today will be very helpful toward that end.

The committee stands in recess until 10 o'clock tomorrow morning.

[Thereupon, at 12:55 p.m. the hearing was recessed, to reconvene at 10 a.m. the following day.]

[A copy of the bill being considered and additional data follow:]

95TH CONGRESS 1ST SESSION

S. 2065

IN THE SENATE OF THE UNITED STATES

SEPTEMBER 7, 1977

Mr. RIEGLE introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban Affairs

A BILL

To amend the Consumer Credit Protection Act to provide consumer rights and remedies in electronic fund transfer systems.

1

Be it enacted by the Senate and House of Representa2 tives of the United States of America in Congress assembled, 3 That the Consumer Credit Protection Act (15 U.S.C. 1601 4 et seq.) is amended by adding at the end thereof the follow5 ing new title:

6

"TITLE VIII-ELECTRONIC FUND TRANSFERS

7 "§ 801. Short title

8 "This title may be cited as the 'Electronic Fund

9 Transfer Consumer Protection Act'.

II