What rights do credit card fraud victims have?
"I BELIEVE a fraudulent payment has been made with my credit card, I don't recognise the transaction at all. What are my rights?"
One in three people have become victims of a crime which averages at one theft every nine seconds. In the UK alone, around £1.2 million is lost every day, despite the advent of chip and PIN technology.
No wonder that the banks are sometimes reluctant to give fraud victims their money back. According to the FCA 10% of people that lose money due to fraud were actually not liable and should have been refunded.
How do you know whether you're liable? Read this guide.
When you're liable
According to the Lending Code, the consumer is liable for the cost of fraud - that is, must pay the cost of the fraudulent transaction - when:
- They've acted fraudulently: it's a criminal offence, though it's up to the lender to prove that this has actually taken place.
- They've acted without reasonable care: by, for example, writing down the card PIN number. Again, it's up to the card provider to prove negligence, they cannot assume it.
- They failed to inform the bank that a card was lost or stolen or that someone knows their PIN: though they're only liable to pay up to £50 and banks often clear even that amount.
- When shopping online, they didn't use the card provider's 3D Secure system (e.g. Verified by Visa, Mastercard Secure Code).
- If an additional cardholder is liable for any of the reasons above.
To recap, card companies can refuse to refund money, when the cardholder has voluntarily compromised their security.
According to the terms and conditions of American Express credit cards, for example, those who "contributed to, were involved in, or benefited from the loss, theft or [the card's] misuse" won't get a refund.
Writing the card's PIN on the card itself, keeping it written down in your wallet or telling someone else the PIN number (see the full guide to PIN fraud here) will all result in the cardholder being liable for the full amount of any unauthorised transaction.
You'll find the 3D Secure requirement in the small print of many credit cards: if cardholders don't use the extra password protection that is, in theory, an example of 'lack of reasonable care' and they could be liable in case of fraud.
However, we've never heard of an instance of a consumer actually being made to pay for fraud for this reason and, in any case, these 3D Secure systems are, as of 2014, less used than previously.
For more on additional cardholder liability see this guide.
The good news is that the burden of proof lies with the credit card provider. In other words: they need to prove you're guilty.
When you're not liable
Again, according to the Lending Code, consumers are not liable for fraud when:
- Their card was lost or stolen and they realised and told the bank before the fraud took place.
- Someone knew their PIN and they realised and told the bank before the fraud took place.
- Card details were stolen without the cardholder's knowledge: if, for example, it's a case of card not present fraud in which the details are stolen online.
Card not present fraud includes unauthorised transactions that are made over the phone, using the internet and through mail order companies.
This is the most common form of card fraud (under the category of identity theft) and requires the criminals to obtain the card's details but not the card itself, nor the PIN number.
Card skimming is the most common form of fraud at cash machines. Fraudsters attach small cameras and card readers to ATMs.
These record the card's details as well as the PIN that is entered. Skimming can also be carried out in shops, restaurants and petrol stations. In these cases, a corrupt employee uses a separate device to electronically copy the card's data from its magnetic strip.
A whole new credit card can then be made using this information, and subsequently used in person with the PIN.
Fraudsters also commonly use the internet to obtain the details of other people's cards.
Common ploys include viruses that redirect browsers to fake websites that then encourage users to enter their card details. They may also send emails to try and direct people to the fraudulent sites ("phishing").
Skimming and card not present scams require more vigilance. Avoid cash machines that look tampered with and religiously check all statements. Also ensure that all correspondence relating to the card's details is either kept safe or thoroughly destroyed.
See our full guide to the staying safe against fraud offered on credit cards for more on how you're protected.
All in all, it's reassuring to note that consumers are not liable for money lost through these types of scams.
First steps after fraud
The first step when an account has been compromised should always be to get in touch with the credit card provider to notify and reclaim fraudulent transactions as soon as possible.
Our full guide to help available if a card was lost or stolen is here.
Victims of card fraud may also want to contact the three credit reference agencies Callcredit, Experian and Equifax to check that no credit applications have been made in their name.