In the world of fintechs, we recently experienced this possible damage from multiple parties not working with each other. Right now, there is still ~$85 million of user deposits unaccounted for (and much more frozen) while both the BaaS provider Synapse and Evolve Bank & Trust are still pointing fingers at each other. Successfully reconciling the two different versions of the “true” ledger may or may not ever happen.
However, it appears that having multiple parties involved can also impact the big players like Fidelity Investments, not just the tiny ones. Per this Reddit post, a CPA and former bank auditor had both their Chase and Fidelity ATM cards stolen and charged debit card purchases totaling $6,000 each. The theft was reported promptly. Chase Bank refunded the $6,000 immediately. But Fidelity is not a bank and has PNC Bank issue their debit cards. In turn, apparently PNC Bank contracts out to BNY Mellon Investment Servicing Trust Company to service the transactions.
Since the theft, Fidelity, PNC Bank, and BNY Mellon have been pointing fingers at each other, and nobody has stepped up to refund the $6,000. As of the most recent comment, this situation is still not resolved after 3 weeks. The official Fidelity rep(s) that actively monitor the r/Fidelity Subreddit have gone quiet as well. Thanks to reader Larry C for bringing this to my attention. I honestly thought this would be resolved quickly, but again I am wrong and disappointed.
Know your rights! When it comes to fraudulent transactions on your ATM debit card, the speed at which you notify your bank is very important. Federal Reserve Regulation E clearly lays out your potential liability based on your notification timeline. Here is a good explanation.
Access devices include ATM or debit cards, codes, or any devices used to access an account (even your mobile phone!). There are three tiers of liability when one is used:
– First Tier — The customer’s maximum liability is $50 when they notify your bank within two-business days of learning about the theft. The two-day period only begins when the customer becomes aware that their card has been lost or stolen, which could be days after the actual incident.
– Second Tier — The customer’s maximum liability is $500 when they give notification after the two-business day period above, but within 60 calendar days after the first statement showing the unauthorized EFT in question.
– Third Tier — The customer’s maximum liability is $500 plus all unauthorized EFTs after the 60-day period detailed in the second tier. It is important to note that the 60-day period begins when your bank sends out the statement either by mail or electronically, with some exceptions.
The Fidelity customer notified promptly and should be covered by Reg E. Many banks even provide additional customer protection and waive the $50 limit completely (you’ll see “zero fraud liability” advertised). What’s the problem here, Fidelity?! Does Reg E not apply because of this third-party situation?
In my recent international trip, I took advantage of the worldwide ATM rebates from my Fidelity Cash Management Account multiple times. Everything went smoothly. The ATM fees were credited automatically, and there was no foreign transaction fee charged so my exchange rate was basically as good as it gets (the 1% fee only applies to signature purchases right now*).
But still, this event concerns me. In practical terms, the value of this perk was worth maybe $20 in total. I’m sure the customer above would have gladly just paid the $20 in ATM fees to deal solely with Chase as opposed to the Fidelity/BNY Mellon mess. I certainly don’t use ATMs enough to justify the risk of such a headache.
A best practice appears to be to “lock” the ATM card on the Fidelity website until you need to use it, and “unlock” only when needed.
In order to lock your card, you’ll need to log in to Fidelity.com and follow the steps below:
Under “Accounts & Trade,” select “Cash Management”
Choose the “Debit Card” drop-down, then “Manage Debit Card”
Next to the appropriate debit card, click “Lock Card”
In addition, I also purposefully do not set up my Fidelity taxable brokerage account as an automatic backup funding source for my Fidelity CMA. If someone somehow gets access to my CMA, I don’t want them to be able to drain my larger account as well. I transfer over a limited cash balance in my CMA, and that’s it. With a debit card, thieves can only take what’s in the account. Everything else should bounce.
The larger lesson is that whenever you add additional parties, the buck starts to get passed around and things get messy. Even with a usually reputable firm like Fidelity Investments.
* Regarding that foreign transaction fee, I did some additional research and found that while officially, the Fidelity fine print states that there is a 1% foreign transaction fee that “may” apply, in practice, that 1% fee is only charged on signature-based purchases, not PIN-based transactions like ATM withdrawals. This was confirmed in this article by Robert Beauregard, Director of External Communications at Fidelity. This has also been confirmed by multiple anecdotal data points. You can check for yourself on a sample transaction using a calculator like this. Rather confusing!