title: The magic spell that makes banks give you your money back
author: Complex Systems with Patrick McKenzie (patio11)
contenttype: podcast
publication: Complex Systems with Patrick McKenzie (patio11)
published: 2026-01-08T08:00:00
sourceurl: https://pscrb.fm/rss/p/prfx.byspotify.com/e/media.transistor.fm/31f15fb1/55fc5551.mp3
word_count: 6900
Welcome to Complex Systems, where we discuss the technical, organizational, and human factors underpinning why the world works the way it does. Hi, to you all, everybody. My name is Patrick McKenzie, better known as patio 11 on the Internet. So I read my chat GBT recap for 2025, and it called me the person most likely to quote Reggie at a dinner party, regulation E. And for reasons that will come obvious to you in a minute, that's actually probably reasonably accurate. I have factually quoted Reggie at dinner parties, and I just love it, both for what it says about this nation, for its distributional effects, for its actual impact on the operation of the credit card industry, among many other industries, near and dear to my heart, and for the frequent and successful use of it in helping people who are out, who are in diminished financial circumstances, and I'll tell you a little bit about that anecdote in a few minutes. But Regulation E has recently come up in a couple of big spout money issues, including how gift cards have such an asymmetric issue with fraud and unwillingness of either the card issuers or the card program managers to deal with it, and shake responsibility for it, in a way which surprises people who have dealt with similar things on, say, credit cards or debit cards, where the banks feel very responsive to them. I would argue with some evidence behind it that the reason for that responsiveness is fundamentally regulation E, and think everybody should know a little bit more about it than most people do. And so, without further ado, I want to talk through both the history of Regulation E and some live controversies, and particularly around one payment method sell and potentially some future payment methods. And so reading a bits about money issue, consumer protection and its discontents, and it will periodically interject to that commentary as we go. The US is often aligned as being customer hostile compared to other comparable nations, particularly those in Europe. One striking counter example is that the government, by Regulation, outsources to the financial industry and effective, virtually comprehensive, and extremely costly consumer protection apparatus, covering virtually the entire economy. It does this by strictly regulating the use of what we're once called electronic payment methods, which you now call just payment methods in Regulation E. Reg E is not uniformly loved in the financial industry. In particular, there has been a concerted effort by banks to renegotiate the terms with respect to Zell in particular. This is principally because Zell has been enormously expensive, as Reg E embeds a strong, intentionally bank-funded anti-fraud regime, but Zell does not monetize sufficiently to pay for it. And thus the history lesson, a primer, and an explanation of a life public policy controversy. These newfangled computers might steal our money. If you were to ask your friendly neighborhood reference librarian for the Electronic Funds Transfer Act, Regulation E, 44 Federal Register, 18,465 from March 28, 1979, you might get a document yellowed by with age. Congress, in its infinite wisdom, intended the Electronic Funds Transfer Act to reign in what it saw as the downsides of automation of the finance industry, which was in fuel swing by this time. Many electronic transactions might not issue paper receipts, and this would complicate key-set, bank-set, dispute resolution. So those were mandated. Customers might not realize transactions were happening when they didn't have to physically pull out a checkbook for each one. Therefore, institutions were required to issue periodic statements via trustworthy scale distribution system paper delivered by the United States Postal Service. And electronic access devices, the magnetic striped cards, the key fobs, and whatever the geek streamed up next, might be stolen from customers. And therefore the banks were mandated to be able to take reports of misled access devices, and there was strict liability transfer, where any unauthorized use of a device was explicitly and intentionally laid at the foot of the financial institution. Or as you footnote here about key fobs. The first credit cards were not the plastic with a MagStripe form factor, which came to dominate, but rather charge plates. They were fiscal tokens, which pointed out a record in, for example, a department store's internal accounts, usually by means of an embossed account number. To be read by the Mark 0 human eyeball, and later copied to a paper record via ink. Many were metal and designed to be kept around a key ring. As Matt Levine and many others have mentioned, the crypto community has speed around hundreds of years of financial history, and keeping your account identifier on etched metal, enjoyed a short Renaissance recently. Unlike the department store's bookkeepers 100 years ago, crypto enthusiasts lost many millions of dollars of customer funds by misplacing their metal. See page 20 in the right up about the prime trust bankruptcy in Nevada. Back to the essay. Some of the concerns that were top of mind for lawmakers sound even more outlandish to us today. Financial institutions can't issue credit cards without receiving a quote oral or written request. And quote for the credit card. That sounds like, why would you even need to clarify that? Let alone legislate against it. Unless you have the recent memory of Bank of America issuing a credit card to every person in the post office could find in a city, and then just waiting to see what happened. And now for a fun side note about the Fresno Drop. Market research in the 1950s was hard. The short story of the Fresno Drop. Thank you for America lost money due to abuse by a small segment of users in the city of Fresno, where they delivered substantial effort when a credit card without them asking for it. But this successfully proved that the middle class would happily use plastic transaction. If it were offered and if it were generally accepted by businesses as opposed to being tied to a single store, which had been status quo for the last few decades. It then scaled the 60,000 card pilot to millions within a year. Visa is the corporate descendant of that program. Mastercard of what the competitors did in response to it. Back to the body of the essay. The staff who implemented Reggie and the industry advocates commenting on it devoted quite a lot of effort to timelines, informed by their impression of the cadence of life in a middle class American household and the capabilities of the operations department at financial institutions across the US's wide range of size and sophistication. Two business days felt like a reasonable timeline after the theft of a card to let a financial institution know. They picked 60 business days from the postmark for discovering an unauthorized transaction in your periodic statements. That felt like a fair compromise between wanting to eventually give financial institutions some level of funality while still giving customers a reasonable buffer to account for holidays and vacation schedules. The time it takes for a piece of mail to travel from New York City to Hawaii. And the intrinsic fact of not being themselves a well-resourced financial institution with the staff of people paid to open an act upon mail. And very importantly for the future, Congress decided that unsavisticated Americans might be conned into using these new fangled electronic devices in ways that might cost them money. And that was unacceptable. Fraudulent use of an electronic funds transfer mechanism was considered an error as brave as the financial institution simply making up transactions and had the same remedy. The financial institution corrects their bug at their cost. Quoting reggae. Unauthorized electronic funds transfer means an electronic funds transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer. And from which the consumer receives no benefit. Reggae provided for two caps on consumer liability for unauthorized electronic funds transfers. $50 in the case of time we noticed that the financial institution as sort of a deductible, Congress didn't want to encourage moral hazard. $500 for those customers who couldn't organize themselves sufficiently to give the financial institution notice. Above those thresholds, it was the bank's problem. Reggae also establishes some procedural rights and obligation for institutions to investigate claims of unauthorized funds transfers. Among other areas, Congress was quite aware that banks frequently made math and record keeping mistakes to provisionally credit customers during those investigations. Strict timelines for the financial institutions and a presumptive burden of proof. In this privately administered court system, the bank is the prosecutor, the defendant, and the judge simultaneously, and the default judgment is guilty. It can exonerate itself only by had its own expense and peril, producing a written record of evidence examined. This procedural hurdle is designed to simplify review by the United States' actual legal system, regulators and consumer advocates. Quoting Reggae. The institution's report of the results of its investigation shall include a written explanation of the institution's findings and shall note the customer's right to request the documents that the institution relied on in making the institution's determination. Upon request, the institution shall promptly provide copies of those documents. Having done informal consumer advocacy for people with thinking and debt issues for a few years, I cannot overstate the degree to which this prong of Reggae is a gift to consumer advocates. Many consumers are not impressively detailed-oriented, and Reggae allows an advocate to conscript to financial institutions' operations department to backfill the consumer's files about a transaction they do not have contemporaneous records of. In the case that the operations department itself is an organized, great, at least from my perspective. Reggae says the bank just ate the loss, and indeed, several times over the years, the prototypical grandmother in Kansas received a letter from bank vice president of consumer lending explaining that the bank was in receipt of her reggae complaint. It had credited her checking account, and it considered the matter closed. This felt like a magic spell to me at the time, and as an aside, I'll give you a little bit of the backstory of what people do when they're under employed in their 20s. While not playing World of Warcraft. So when I first got to Japan in my early 20s, I did something which all the guides for people establishing their adult lives said was what you would do if you were a responsible person trying to get a handle around your finances for the first time. First, ask for a copy of your credit report, which you can get from the free website, and so I did. And I was surprised to learn that despite my expectation that the only thing that I had ever borrowed money for was to attend college, my credit report listed more than $100,000 in debt dating in some cases before when I was born. This set me into an absolute panic load. I thought I would be bankrupt before I even got my first paycheck from a real job. I thought there was potentially the possibility of litigation. I was deeply unsophisticated at the time as a man who consumers are. And so I went out to the internet and I found a few watering holes where people who had problems with banks and debt collectors and similar gathered. And I learned the rules about the Fair Debt Flesh and Practices Act and the Fair Credit Reporting Act. And after about six months, I had straightened out my own situation and my credit report correctly listed only my student loan debts and one ding from a encounter with the United States Healthcare establishment that I hadn't understood at the time. It wasn't paid for by somebody else. But I stayed on these forums and people would routinely ask questions that were similar in character to the questions I had had. You know, the bank is telling me this thing. People are calling me at all hours of day and night. I have no idea. I'm so overwhelmed. What do I do to get out of this? And being the helpful internet does that I was. I would go to the forum and say the thing you need to do is just write a quick professional letter to the bank, explain in the circumstances and they will take care of it. Sometimes when people hear me say it and that total voice, they think I am charmingly and naive about how financial institutions operate. But I do genuinely have a strong regard for the probability of American financial institutions. So often the people who I gave this advice to would say, look dude, that might as well be on the moon for me. And indeed many of the people who end up in financial precarity with the large debts with large conflicts with the financial institutions are not socially advanced. They genuinely do find it difficult to just write a quick letter in a professional tone of voice. They find it difficult mustering the social capital for financial institutions take them seriously. So here I was a 20 something in a living in central Japan with no formal authority and no formal expertise on this matter with only one asset to my name. I write really, really well. And yeah, I went to a good university in America and I can adopt the mean of the American professional managerial class from required to. And so I told the people on the on the forums, if you can't write the letter, no worries. Send me the circumstances. I will go straight a letter for you. You can sign it and put it in the mail. And when they write a response back, pass that over to me. I'll tell you what you're doing response to it. Was this the unlicensed practice of law? Who cares? Anyhow, so that was the thing I did for a few years in my 20s. I don't do it anymore, but that greatly informs why I love regulation, eat more than any rational person does. Back to the essay. The contractual liability waterfall in card payments. Banks do not like losing money, citation, hopefully unnecessary. And part of the business of banking is arranging for liability transfers. Insurance is many people's paradigmatic way to understand liability transfers. But banks make minimal use of insurance and core banking services. A bank which is robbed almost always self insures. And the loss, averaging about four figures and trending down for the FBI, is so tiny that it isn't works specifically budgeting for. Liability transfer, which most matters to Reggie is a contractual one. From issuing banks to card processors and from card processors to card accepting businesses. These party's obligations to banks and car holders are substantially broader than the bank's obligations under Reggie. But the banks use a fraction of those contracts to defray a large portion of their Reggie liability. For example, under the various brands, card rules. Brands is, by the way, the industry term of art for Visa Mastercard American Express and similar. An issuer, that's the bank that is named on your plastic. Must have the capability for a customer to say that a transaction which happened over plastic or the electronic equivalent thereof. Simply didn't meet their expectations. The issuer's customer service representative will briefly collect facts from the customer and then initiate an automatic process to request information from a representative of the card accepting business. On receipt of that information or non receipt of it within a specified window, a separate customer service representative makes a decision on the case. This mechanism is called the charge back in the industry. And some banks are notorious for favoring the high income, quite favorable customers who hold their plastic over the, for example, restaurant that the bank has no relationship. My eggs were undercooked. It's a sufficient reason to ask for a charge back and will result in the bank restoring your money a large percentage of the time. In the case where the complaint is, my card was stolen and used without my knowledge, essentially the same waterfall activates. Perhaps with an internal note made that this dispute is Reggie sensitive. As an aside, why did you need that internal note? Well, your regulator is very likely to ask you once a year or so. So how many Reggie had disputes if you had this year and you need to have an exact count ready for that question? Mechanically, it will be quite similar. The bank tells the processor customer search fraud. The processor tells the business the business replies with the facts and the big staff reviews the facts and to judge the case. There are about 5 million criminal cases in the formal US legal system every year. There are more than 100 million complaints to banks. Some of them alleging a simple disagreement, undercooked eggs, and very many of them alleging prime, like fraud. It costs banks billions of dollars to adjudicate these. The typical physical form of an adjudication is not a week long trial with multiple highly educated representatives debating in front of a more senior finder effect. It is a CSR, clicking a button on their web apps interface after three minutes of consideration. And the entire evidentiary record often fits in a tweet. Customer ordered from online store. Customer asserts they didn't receive the item in six weeks, no response from store. Customer wins. Next. Customer ordered from online store. Customer asserts they didn't receive item. Store provided evidence of shipping via UPS. Customer does not have a history of fraudulent chargebacks. Customer wins. Next. Customer's bookkeeper asserts ignorance of software as a service provider charge. Business provided written statement for customer CEO, stating chargeback filed an error by new bookkeeper. Customer wins. Next. I'm still annoyed by that last one years later. But one has to understand why it is rational for the bank. And the software company is clearer minded moments. Rational for them to accept the risk of this given how lucrative software is. As inside, since we don't have the tyranny of column and she's constraining us here, why is the bank more likely to rule against the business that is the vendor versus the business that is the consumer? One reason is, well, assuming that this is actually a legitimate business relationship. And that these two parties actually do deal with each other on an ongoing basis. They'll work it out between themselves, so for the course of the next couple of weeks. Clearly, the SaaS company just needs to send another invoice. And that CEO who gave the affidavit will pay it if the CEO in fact did give the affidavit. In the case where the CEO didn't give the affidavit, well, I want to rule on the side of caution, give him his money back and let him decide where the vault needs to be. And explaining that as many words to people who run SaaS companies is something that gets stuck. Something that gets them very, very hot under the color. However, the actual realized experience for most companies in the economy is that they're abused relatively little by the chargeback guarantee. This is one of the reasons why I wrote the essay that the optimal amount fraud is not zero back in the day. We wouldn't want to erect barriers as high around the chargeback guarantee as we do around the legal system, because they would cause customers to use it less. Sounds great, says businesses, but no, you don't actually want that. Because the existence of the chargeback system, the fact of nature that transacting on plastic is virtually riskless to the customer, without the customer having to do any sort of underwriting of their counterparty, without the customer having to be particularly careful. I give out my visa and nothing bad ever happens to me. That fact of nature is worth billions of dollars. It is why people can transact on the internet at all. And we spent a stupidest amount of money as the card industry broadly writ, convincing customers in the 1990s. Yeah, you might have heard in the media that the internet is a hive of scum and villainy, but don't worry about any of that. Don't worry about the hackers. We'll try to teach you what a lock means and what SSL means, but we know you're never going to go for 256-bit encryption anyhow, so just internalize this message. If something goes wrong with your credit card, the bank has your back. And that requires a different burden of proof and different evidentiary standards than the formal legal system has. It also implies very different cost burden on the businesses. Sure, if you want to have the formal written record of your dispute with customer reviewed by someone who went to Yale Law, that is something you can purchase from the United States legal system. Opening bit is $100,000 goes up from there. It's basically impossible to do a court case below that. Well, that sounds great. If your average transaction size is $80, like say the economy at large, $100,000 dispute resolution process doesn't exactly sound what the doctor ordered. The typical dispute resolution process in the case of a chargeback is free to the customer, obviously, and costs $15 plus the cost of the chargeback to the accepting business. And as long as the business doesn't accumulate an anomalous number of them, it's basically consequence free long term. Payback the money, you lose one sale, the margin, oh well, cost doing business. Ranted. Chargebacks are not distributed fairly or evenly across the economy. There are some sectors which are relatively fraud plagued for various reasons, one being that the fraudsters can most easily get money out of them. Also, bluntly customers who are predisposed to fraud do not consume all goods at equal rates. And so, you know, things like, for example, video games on the internet suffer a greatly disproportionate amount of fraud. Counterintuitively, charity suffer a greatly disproportionate amount of fraud. And not because fraudsters are just so civic minded, but because victimizing the charity is the first step in the fraud supply chain for validating the credit card that the fraudster has perloigned by a nefarious means, and validating that can be used in any transaction increases the value of that credit card. And when they sell it on just someone else in the fraud supply chain or when they send it to their colleague, we'll be doing the actual exploitation, safe in the knowledge that this card is active versus the other cards that were already deactivated. I think the acknowledgement up in Adread sounds cooler in Japanese. And now a few words from our sponsor, MongoDB. You're a developer who wants to help innovate. Instead, you're fixing bottlenecks and fighting legacy code. MongoDB can help. It's a flexible unified platform that's built for developers by developers. MongoDB is acid compliant, enterprise ready. With the capabilities, you need to ship AI apps fast. That's why so many of the Fortune 500 trust MongoDB with their most critical workloads. Ready to think outside rows and columns? Start building at MongoDB.com slash build. I have an engineering degree and sold to software companies. And I associate building marketing websites with pain and suffering, particularly the maintenance burden, which nobody talks about. Framer is the next generation website builder, which gives your design teams the ability to make something beautiful, your marketing teams and all in one platform. And your engineering teams, they're scheduled back. You can do real-time collaboration with colleagues and, as soon as you hit publish, it's live on the internet. Landing pages. Live. A quick microsite to support that new campaign. Live. A ground-up redesign of your entire.com. Live, if you want. Thousands of businesses from weeks old start-ups to the Fortune 500 use Framer to accelerate their ability to ship sites their customers will love. Learn how you can get more out of your.com from a Framer specialist or get started building for free today at framer.com slash complex systems for 30% off a Framer Pro annual plan. That's framer.com slash complex systems for 30% off. Framer.com slash complex systems rules and restrictions may apply. Back to the main body of the essay. The funds flow in a chargeback mirrors the contractual liability waterfall. The issuing bank gets money back from a financial intermediary who gets back from a card processor like Stripe, which I once worked for and which doesn't specifically endorse things in my own spaces. Who will then attempt to get it back from a card accepting business. That attempt is important. What if the business doesn't have sufficient money to pay the aggrieved customer or they can't be located anymore when the system comes to collect? Oh, look how reggae specifies neither of those as valid excuses, says Congress, and 50 years of progress. The card processor then eats the loss. The same frequently happens to cover the provisional credit mandated while the bank does its investigation. And the opposite happens in the case where the issuing bank decides that the card accepting business is in the right and should be restored the money they charge to customer. This high frequency privately funded alternative legal system has quietly ground out billions of cases to the last half century. It is a foundation upon which commerce rests. It even exerts influence internationally since the card grand rules essentially embed a variant of the reggae rights for card holders globally. And since nowhere in reggae is there a carve out for transactions that a customer might make electronically with their US financial institution while not physically located in the United States. If you are mugged and forced to withdraw money in an ATM in Caracas, Uncle Sam says your bank knows that some tiny percentage of card holders will be mugged every year and mandates that they pay. Enter Zell. Zell operated by early warning systems, which is owned by a consortium of large banks. This is substantially real-time electronic transfer method between US bank accounts. Bank web and mobile apps have for decades supported peer to peer and customer to business transfers via push ACH and less frequently by wire. But ACH will in standard practice take a few days to be credited to the recipient and a few hours until it will become known to them as pending. Zell is substantially a blocking play against Venmo, CashApp and similar. Those apps captivated a large number of mostly young users with the P2P payments. For use cases like, for example, splitting a bill for dinner, spotting a buddy $20 or collecting donations for Christmas gift for the t-shirt from all the parents in the class. After attracting these users with those features, they kept them with the product offering, which both in the limit resembled bank accounts and which actually had bank accounts under the hood for at least some users. And so the banks, appearing that real-time payment rails would not arrive in time, Fed now has been fed later for a decade, and RTP has relatively poor coverage. Stood up Zell. On the theory that this feature could be swiftly built into all the bank gaps, Zell launched in 2017. Zell does enormous volumes. It crowed recently and oppressed release that it did $600 billion in volume in the first half of 2025. Zell is much larger than the upstarts like Venmo, which is about 15% or so of PayPal's 1.7 trillion in annual volume, and CashApp, which does about $300 billion in customer inflow annually. Zell is not nearly in the same legus card payments, which are about $10 trillion annually, or ACH transfers, which are almost $100 trillion, but it is quite considerable. All of it is essentially free to the transacting customers, unlike credit cards, which are extremely well monetized. I describe elsewhere how credit cards actually monetize that is under-understood by many people, including many people whose job it is to understand it, but you can read that and say if you want more detail on it. And here's the rub. Zell is an enormous fraud target. Hiya, this is Susan, calling from your bank. Your account has been targeted by fraudsters. I need you to initiate a sell payment to yourself to move to a safe account while we can conduct our investigation. Just open your mobile banking app, type the password, select Zell from the menu, and send it to your own phone number. Thank you for your cooperation. Susan is not actually calling from any bank. Her Confederates have convinced at least one financial institution in the US that the customer's phone number is tied to a bank account, which fraudsters control. That financial institution registered it with Zell, so that when the victim sends money, the control account receives it substantially and instantaneously. They will then attempt to immediately expel trade that money, sending it to another financial institution, or buying a gift card, or sending it to a crypto exchange, to make it difficult for investigators to find it faster than they can spend it. This process often repeats professionals call this layering, one of the three prongs of the anti-money laundering intellectual apparatus. So, some days later, when the victim calls the bank and asks what happened to the money the bank was trying to secure from fraud, what does the bank tell them? Zell is quick to point out that only 0.02 percent of transactions over it have fraud reported, and they assert this compares favorably to competing payment methods. Splendid, then do the banks want to absorb only $240 million a year in losses from fraudulent use of a technology they built into their own apps, which is indisputably by any intellectually serious person and electronic funds access device? Frequently, in the last few years, the bank has said, well, as Gen Z would say, that sounds like a bit of a skill issue, bro. And Reggie, we've never heard of it. Kaffee out in Thor. To be slightly more sympathetic to the banks, they're engaged in fine-grained decisioning on Zell frauds, which have many mechanisms sent flavor texts. They are more likely to reimburse as required in the case of account takeovers, where the criminal defines a customer's password, pops an email address, or steals access to a phone number, and then uses it to empty a bank account. They are far less likely to reimburse, where the criminal convinces the customer to operate their access device, mobile phone to you and me, in a way against their interests. Skill issue. Banks like to pretend that the dominant fraud pattern is, for example, a, quote, social media scam, where an ad on Facebook or TikTok video leads someone to purchase sneakers with a Zell payment from an unscrupulous individual, who doesn't actually send the sneakers. This pattern matches more towards, well, that's a disagreement about how your aids are redundant, not a disagreement about how we operate our payment rails. Use the card and we'll refund the eggs, be it getting the restaurant to pay for them, don't, and we won't. So, in some, and in scale practice at call centers, the bank wants to quickly get customers to admit that their fingers were on their phone when they were defrauded, if so, no reimbursement. This rationale is new, and is against our standard practice for decades. If you are defrauded via a skimming device attached to an ATM, the bank is absolutely liable, and will almost always come to the correct conclusion immediately. It would be absurdly cynical to say that you intended to transact with the skimming device and demonstrate your ascent by physically dipping your card past. Bank recalcitrance caused the consumer financial protection bureau, CFPB, to sue a few large banks in late 2024. The CFPB alleged they had a pattern in practice of not paying out claims for fraud conducted over Zell rails. The banks will tell you the same using slightly different wording. Chase, for example, now varies in the fine print. Neither Chase nor Zell law offers reimbursement for authorized payments you make using Zell, except for a limited reimbursement program that applies for certain imposter scams where you send money with Zell. This reimbursement program is not required by law, and may be modified or just continued at any time. The defensible loss of bank's position on purchase protection, is that the purchase protection that customers pay for in credit cards, which makes them whole for eggs not cooked to their liking, is not available for Zell payments. Okay, fine. The indefensible extension is that banks aren't liable for defrauded customers. That is a potential policy regime, which many upstanding nations have. The United States is not one of those nations. Our citizens, through their elected representatives, made the considered choice that financial institutions would need to provide extraordinary levels of safety and electronic payments. In reliance upon that regime, the people of the United States transacted many trillions of dollars over payments rails, which was and is lucrative for all concerned. The CFPB lawsuit was dropped in early 25, as CFPB's enforcement priorities were abruptly curtailed. Readers interested in why it might seek to banking and debunking and search for, once some examples made. To the extent that CFPB still exists after being gutted early in 2025, it is fighting for its life. There's currently court case ongoing as to whether the Trump administration is allowed to not pay the CFPB money that has been proven for them under law. One of the legal issues under discussion here is what's called an impoundment, which is referenced in the impoundment control act of 1974. Briefly, the appropriations cause in the Constitution, no money shall be drawn from the Treasury, but in consequence of appropriations made by law, establishes that Congress has the power of the purse and the take care clause, Article 2, Section 3, the President shall take care of the laws be faithfully executed, collectively create a bind on the executive branch, which was then encoded into law explicitly, that the executive branch doesn't have the discretion to simply not spend money that Congress has appropriated for the execution of laws that Congress has passed. You don't get to sort of veto anything you don't like just by saying, well, I don't actually need to do that, so you can have your money back at taxpayer. And so this has been one of the arguments that's been raised in the CFPB matter after a dose terminated the employment of over 90% of CFPB staff in early 2025 and has variously tried to curtail their activities back to the essay. But knifeing the CFPB doesn't repeal Reggie in theory, any bank regulator, and many other actors besides, can hold them to account for obligations under it. One of the benefits of Reggie is that a single national standard is easiest to reason about, but in the absence of it, one can easily imagine a patchwork of state-by-state consumer protection actions and or coalitioning between state attorney generals. I will be unmoved if banks complain that this is also complicated and they would welcome regulation, but it has to be a single national standard. Banks may attempt to extend the Zell precedent. Having, for the moment, renegotiated their Reggie obligations via asserting they don't exist and mostly getting away with it, some banks might attempt to field their own submit and assert that customers bear fraud risks more generally. For example, in my hometown of Chicago, there has been a recent spate of tap-to-pay donation fraud as reported by the Chicago Tribune. The fraudster gets a processing account in their own name or that of a Confederate or a dupe to collect donations or a local, little charitable cause. This is not in itself improper. The financial industry understands that the parent and charge of a short fake sale will not necessarily be able to show paperwork to that effect before the cookies get stale. Bad actors purporting to be informal charity is a cost to coagulants on the street and ask for a donation via tap-to-pay. But the actual charge donation was absurdly larger than the intent of the donated. $4,000 versus $10, for example. The bad actor then exits the scene quickly. A donor who discovers the fraud in the moment is then confronted with the unfortunate reality that they are outnumbered by young men who want to rob them. This ends about as well as you'd expect. Chicago has an arrest rate far under 1% for this. A cynic might say that if you don't kill the victim, it's legal. I'm not quite that cynical. But Reggie doesn't care about the safety of city streets in Chicago or anywhere else. It assumes that payments instruments will continue to be used in an imperfect world. This case has a very clear design outcome. Customer calls bank. Bank credits customer $4,000 because they were fraudulent and really induced to transact. Bank pulls $4,000 from credit card processor. Credit card processor attempts to fold $4,000 from informal charity. Credit card processor probably fails in doing so. Card processor chalks it up to tuition and improving its fraud models in the future. Except at least some banks, British Chicago Tribune's reporting, have adopted specious rationalists to deny these claims. Some victims surrender physical control of their device. And banks argue that this means they authorize the transaction. Some banks asserted the manufactured out of their hindquarters rationale that Reggie only triggers when there is a physical receipt. This inverts the ex-responsibility graph, where banks were required to provide physical hardcopter receipts to avoid an accountability sink swallowing customer funds. For too disly, banks will often come to their senses after being contacted by the Chicago Tribune, other media, or someone with social power and gravitas who knows how to cite Reggie. But it is designed to work for even less sophisticated customers who don't know the legislative history of the state machine. They just have to know, call your bank if you have a problem. This should work, and we are diminished if it doesn't. Reggie encompasses almost every technology which exists and many which don't yet. With the limited number of carfouts, for example, wire transfers, Reggie is intentionally drafted to be future proof against changes in how Americans transact. This is why when banks argue that some new payments rail is exempt because it is different, the correct legal response is usually some variant of, it doesn't matter that's Reggie. Did he punch you in your face and steal your card? Doesn't matter that's Reggie. Did she call from the bank? Except it was a lie. Doesn't matter that's Reggie. Did he copy your back stripe onto? Blank plastic. Doesn't matter that's Reggie. Did your computer catch a virus? Doesn't matter that's Reggie. Did your computer with a privilege session? Join a botnet. Doesn't matter that's Reggie. Did cosmic rays corrupt a database? Doesn't matter that's Reggie. Didn't an attentive banker make a typo? Doesn't matter that's Reggie. Did he punch you in your face? And steal your card? Doesn't matter that's Reggie. Did she call from the bank? Except it was a lie. Doesn't matter that's Reggie. Did he copy your back stripe onto? Blank plastic. Doesn't matter that's Reggie. Did your computer catch a virus? Doesn't matter that's Reggie. Did your computer with a privilege session? Join a botnet. Doesn't matter that's Reggie. Did cosmic rays corrupt a database? Doesn't matter that's Reggie. Our friends in crypto generally believe that Reggie is one star in the constellation of regulations that they're not subject to. They created Schrodinger's financial infrastructure, which is the future of finance in the boardroom, and just some geeks playing with an open source project once grandma gets defrauded. There is an unresolved tension in saying traditional financial institutions like Visa are adopting stablecoins. And in the no evil reimburse no losses to attitude issuers and others in the industry take towards fraud which goes over their rails. Reggie doesn't have an exception in its text for electronic funds transfers which happen over slow databases. A hypothetical future CFPB given the long-standing premise that fraud is not an acceptable outcome of consumer payment systems would swiftly come to the conclusion that if it walks like a checking count, and it's marketed as an alternative checking accounts, then it is almost certainly within Reggie scope. This isn't free, it never was. Thanks very much to listening to this episode of Complex Systems and we'll be back next week. Thanks for tuning in to this week's episode of Complex Systems. If you have comments, drop me an email or hit me up at patio 11 on Twitter. Ratings and reviews are the lifeblood of new podcasts for SEO reasons, and also because they let me know what you like.