Who Pays For Fraudulent Credit Card Transactions?
Credit card fraud is a widespread issue that affects a number of different parties. From the time a fraudulent transaction is charged on a card, cardholders, banks, merchants and the scammer are all involved in a process that can take weeks or even months to fully resolve. While credit card users may not be liable to pay for fraud, someone eventually has to pick up the bill. With numerous large-scale data breaches at companies including Adobe, Macy’s, Target, and Equifax, it is more important than ever to understand the various stakeholders that are affected by credit card fraud.
While fraud is sometimes unavoidable, the best way to deal with credit card fraud is to protect your personal data and take necessary precautions against hackers. One good rule of thumb is to never give out personal information to anyone that asks you for personal data over the phone or by email, unless you initiated the contact. Also avoid giving out critical information such as credit card numbers and social security numbers unless it is a trusted, reputable source that you are familiar with. Remember—if something doesn’t feel right to you, it probably isn’t.
The only time you’ll want to give that critical information is if you are dealing with a reputable organization, such as your bank. And even then, you’ll only want to give that information if you started the conservation—such as you would if you applied for a loan or a new credit card. Identity thieves have been known to pose as credit card companies and student loan processors, sending out unsolicited emails in hopes that you respond with credit card numbers, social security numbers and other personal information that they can use to commit fraud. Cyber-hackers and thieves are pros at tricking people into giving out critical information—don’t fall into the trap.
When fraud occurs, there are a variety of protections in place to keep cardholders from shouldering the entire burden. Credit cards tend to be more protected than debit cards, and often the banks and merchants will end up going back and forth over who should be the responsible party for the fraud.
Credit Cardholders Liability Limited
If you own a credit card, you can rest easy knowing that you are protected from paying for fraud. Congress enacted the Fair Credit Billing Act, or FCBA, so that you won’t have to worry about shouldering the large burden of a fraudulent charge. Under the FCBA, if your credit card is stolen or has an unauthorized use, the most that you can be liable for is $50. If you report the theft of your credit card before any loss occurs, however, your liability drops down to $0. If your credit card number is stolen, but not your card, you will not be liable for any authorized use. Since online credit card fraud is growing, it is likely you will be a victim of a stolen card number than the theft of your physical credit card. While you have guaranteed federal protections that limit your losses, it is always smart to carefully review your credit card’s terms and conditions so you know how best to deal with credit card fraud. Be sure to let your card issuer know if you think your card has been lost or stolen so the necessary precautions can be made to prevent potential fraud.
For Debit Cardholders, Liability Can Be Much Different
Although credit cardholders have very little liability in the event of a theft, the story can be much different for those that own debit cards. If your debit card is found to be missing and you report it stolen before the thief can use it, you will not be liable for any potential charges. This policy is similar to what you can expect from credit card policies in terms of liability protection.
However, if someone uses your debit card before you report it stolen, the protections are not as generous. Depending on how fast you report your stolen debit card, you could owe various amounts of money. If you report within two business days of learning about the theft, you are liable only for $50. If you report after two business days, but less than 60 calendar days, you could owe as much as $500. If you report after 60 calendar days, you could be liable for the entire amount stolen. Should unauthorized transactions be made with your card number, but your physical card has not been lost or stolen you will not be liable if you report the transactions within 60 days of your statement being sent to you. If you have a debit card, it is important to be vigilant about checking your accounts and credit history for fraud. As with all credit and debit cards, read the terms and conditions carefully so you know what your protections are.
Who are the Stakeholders in Credit Card Fraud?
Many know the sinking feeling of seeing a large charge on their credit or debit card that they don’t recognize. While credit card holders feel the most personal impact of credit card fraud, there are many entities that are involved in the process. According to federal law, cardholders cannot be held liable for fraud, beyond the $50 max that may apply, so the burden of credit card fraud usually moves to banks and merchants.
Because credit cardholders have very limited liability under federal law, it is the banks and merchants that must shoulder most of the burden. The first institution to lose money is the bank, since the cash to make the purchases comes from banks, and they must reimburse the individual cardholders who were the victims of fraud. Under most circumstances, the individuals or groups that committed the fraud are not going to pay, unless convicted in a court of law. Legal cases could take months or years to complete. In the short term, the banks are out real money, and they will very likely turn to the merchant to be made whole. That’s because most banks will point to poor security or technological issues that allowed the merchant to be compromised. Still, in many cases, banks have to issue new credit cards, which can be a significant expense when made in large numbers.
During large cyber-security breaches, corporations are often responsible for paying millions of dollars in damages. After the massive Target data breach in 2013, the company was responsible for paying upwards of $162 million to its customers. As breaches of financial information often impact millions of payment cards, merchants often face class-action lawsuits and steep legal fees for having technological failures and unsecured data.
Merchants carry a significant burden when it comes to credit card fraud. If the merchant delivers products on fraudulent orders, they are out of the product with a difficult road to getting it back. Banks often look to the merchant for reimbursements, since the bank is immediately out of the cash and can sometimes point to security issues with the merchant that allowed the fraud to take place. If there is a certain amount of fraud that occurs at a given store, payment processors could move to terminate the merchant’s account, and that store could be placed on a blacklist, meaning it may be very difficult to find another payment processing firm. While large businesses and corporations can sometimes withstand some losses, it can be devastating for small business owners.
In some rare cases such as large data hacks, insurance companies pay some of the costs associated with credit card fraud. In the 2013 Target data breach, insurance offset $90 million of the costs that Target was expected to pay its customers for their personal and financial information being hacked. Customers and corporations are now purchasing insurance policies for protection against computer attacks, cyber extortion, online fraud, and information breaches across networks and connected devices. As increased technological connectivity has granted cyber criminals more opportunities to hack consumers’ personal and financial information, cyber insurance offers additional protection against credit card fraud.
Protect Your Information and Cancel Missing Cards Quickly
When it comes to credit card fraud, there are significant consumer protections in place. While consumers can be confident in the protections in place against credit card fraud, debit cards do not offer the same protections for cardholders. When applying for a new credit card or when trying to deal with fraud, it is always important to carefully read your card’s terms and conditions in relation to fraud protections.
However, while customers are protected by federal law, merchants and banks do not have the same protections when it comes to fraud and data breaches. That usually means that both parties will have to determine who pays, and how much. Customers are usually left out of these negotiations, but it is important for cardholders to understand the various stakeholders affected by fraud. Either way, banks and merchants can be left with significant losses that can have adverse effects, especially for small merchants and regional banks.
Below are some final tips on how to deal with credit card fraud if it ever happens to you:
- Keep a close eye on all your credit cards and cancel or put cards on hold as soon as they go missing
- Don’t carry all your cards around at the same time in case your wallet gets stolen
- Never give out your financial information online or by phone or email, unless it is a conversation that you initiated with a reputable source
- Have strong passwords and protections for your personal and financial information online
- Read card terms and conditions carefully before using your credit or debit cards