Card Fraud Blame Shift

Mar 10, 2014 by

credit cardsLike me, you probably have a vague idea that you can’t be held responsible for fraudulent use of your credit card, as long as you report the fraudulent charge to the card issuer sooner rather than later.

That may be what an Ontario man (let’s call him Jason, because that’s his name) thought when he reported an $81,276 charge to his Canadian Imperial Bank of Commerce (CIBC) card that he claims he did not make or authorize. The eighty+ grand went toward the construction of a custom race car. But CIBC refused to cover the charge on the ground that a PIN authorized the charge on the customer’s chip-embedded card, saying “it is not possible to process a chip and PIN transaction without the Visa card and the confidential PIN.”

First, lets get the facts straight about credit card fraud liability.

Credit Card Fraud Liability in Canada

According to the Financial Consumer Agency of Canada:

By law, if your card is issued by a federally regulated financial institution (FRFI), your credit card agreement must explain your maximum liability (no more than $50) in the case of a lost or stolen credit card, or the unauthorized use of your credit card number.

But the $50 maximum cardholder liability doesn’t apply to Jason’s race car charge because his card was not lost or stolen (he says), and CIBC claims the use was, by definition, authorized since a PIN was used in combination with a chip-embedded card.

Credit Card Fraud Liability in the U.S.

Similarly, U.S. law limits a cardholder’s responsibility for fraud to $50, if the fraud is reported within 60 days.

(In actual practice, most, if not all, credit card issuers in both countries hold defrauded cardholders completely blameless and, generally, absorb 100% of the cost of fraudulent transactions. This is purely a business decision, not an act of corporate altruism. Credit card fraud is so rampant that if consumers were repeatedly dinged $50 every time a crook made a charge to their account, the credit card business as a whole would take a big hit as cardholders closed their accounts. Card issuers are far too smart to shoot themselves in their corporate foot by doing anything that would injure their extremely lucrative credit card business.)

The Fine Print: Your Credit Card Agreement

You may feel comforted by the laws outlined above, but don’t get complacent. Your credit card agreement probably includes conditions that provide excuses the issuer can—not necessarily will, in every instance—use to hold you responsible for fraudulent charges to your account.

For example, Jason’s credit card agreement includes this language:

The primary cardholder is liable for any transactions made on the Visa account if any cardholder uses a PIN to make the transaction.

That seems pretty straightforward, which is not to say fair. The implicit assumption is that a charge is literally impossible unless the cardholder provides his or her confidential PIN, thereby authorizing the charge. I have only a layperson’s knowledge of the security surrounding credit cards, but I must say, based on nothing other than my common sense observations of today’s world, I’m extremely skeptical that it’s technically impossible for a fraudster to make a charge to a card without having obtained the PIN from a cooperative cardholder. I suspect Target thought impossible the sort of hacking that recently afflicted 70 million of its holiday season shoppers who used credit cards. The presumed technologically impossible happens every day.

When I read of Jason’s predicament, I reviewed (for the first time) my own VISA card agreement’s content about fraud liability. I found these—rather alaming!—clauses:

…if you select a PIN…that can be easily discovered, such as a number the same or similar to an obvious number combination including numerical sequences such as “1234”, your date of birth, bank account numbers or telephone numbers, or if you keep your card and your PIN in a way that would enable someone else to use them together, you will be liable for all debt, including interest, arising from their unauthorized use (bold added).

Yikes. The potential to argue about things like whether a number combination is “obvious” is one reason the world is awash in attorneys.

Like Jason’s, my card agreement also says this:

…if your card is lost or stolen, you will not be liable for any unauthorized use, as long as the unauthorized use does not involve use of your PIN. If your PIN is used in such a transaction, you will be liable for the full debt, including interest arising from such use (bold added).

Yikes again.

How Can You Prevent Your Own Credit Card Fraud Liability?

Unless the PIN authorization + embedded chip technology is absolutely fraud proof—and what is?—seems to me that all you can do to assure you’re not stuck with charges you did not make is preemptively close your credit card account. Seriously. Living with no credit card account is challenging these days, but, to me, the potential for fraud liability is a great reason to have the fewest accounts with which you can get by.

I would prefer to have just one credit card account, but I need two—one for use in Canada where we live, and one for use in the U.S. where we regularly travel (I refuse to pay my Canadian bank card issuer’s international transaction fees and to get screwed on its exchange rate.)

Have You Been Vicitimized by Credit Card Fraud?

If you’re a living, breathing adult, I suspect you’ve been the victim of credit card fraud. But have you had to fight with your card issuer over charges you knew you did not make?

Digiprove sealCopyright secured by Digiprove © 2014 Kurt Fischer
All original content on these pages is fingerprinted and certified by Digiprove