Re: Really?
There's more details in our paper summarised here https://www.benthamsgaze.org/2016/06/02/international-comparison-of-bank-fraud-reimbursement-customer-perceptions-and-contractual-terms/
Basically, in the US Federal Regulations E and Z require a bank to promptly refund any disputed transaction. In the EU the Payment Services Directive (PSD), and its replacement (PSD2) allows the bank to refuse to refund in a number of situations, the most important being if they believe the customer to have been negligent. What this means is that if (on the basis of an internal audit report that the customer can't see) it is more likely that a disputed transaction was the result of negligence on behalf of the customer rather than a technical failure of the bank, then the customer is not entitled a refund.
What the banks usually claim is that the customer didn't protect the PIN according to the bank rules, which is not surprising since bank rules are regularly broken for very legitimate reasons https://www.benthamsgaze.org/2016/02/17/are-payment-card-contracts-unfair/