yeah, its pretty much what he said. and as a side note, if the card is signed its actually against the cardholder agreement to require an ID as well.
yeah, its pretty much what he said. and as a side note, if the card is signed its actually against the cardholder agreement to require an ID as well.
If the merchant provides evidence of card presentment, signature, and/or authorization (ie. the charge was made be for you called in the card and reported it) the issuer/bank eats it.
If it is not supported by the merchant - they don't reply, they don't have a signed authorized charge, etc., the merchant may get the chargeback.
You as the cardholder may also be asked to sign an affidavit - this is mainly to discourage against "fraud frauds" and may be used as prosecution if it were that big a deal to the issuer/bank.
But pretty much most issuers count an expected amount of Fraud losses in their base operating expenses. Of course this is why they have risk modeling that does things like stopping approval on dodgy charges. Ever get a call after visiting some new niche website? That's the bank trying to mitigate risk and keeping that expense down.
that is even on top of the percentage they are charging the vendor which is about 2-3% of sales processed and up. so, damn straight the bank can eat the loss if i get defrauded on either end.You know that 21% interest you pay? Yeah, that's where its going...
Yeah, I vaguely touched on this. With the way that fraud generally happens these days it wouldn't really do much good anyway. Most fraud occurs when the card information is stolen and not the card itself. After that they either use it for online purchases or make a counterfeit card and can put whatever name they want on it so checking ID wouldn't do any good anyway.
Checking ID actually does next to nothing for preventing fraud, it just makes some people feel better.
Ok, I crunched some numbers at work for anyone who is interested. I'll say up front I have no idea how these compare to other financial institutions, so take this with a grain of salt.
Fraudulent activity accounted for .2% of the total dollars spent with out debit/credit cards in 2010. So as bad as fraud seems it really accounts for very little in terms of actual dollars spent. Of all those fraudulent dollars we were able to recover 40% of that from the merchants leaving us with a net loss of .12% of the total dollars spent. Another factor contributing to this is that for any transaction under $20 we automatically write it off since for amounts that small it isn't worth the time to try and recover. If we were to try and recover those it would put us much closer to a 50/50 split between us and the merchants taking the loss.
Most of these merchants taking the hit is because of online orders?
Yes, online orders don't have the same protections for merchants that in person transactions do. This also has to do with the fact that online fraud is much more common since it is easier to commit, you don't need to physically steal a card or even make a counterfeit one all you need to do is punch in the card number.
One of the most common sites for online fraud is actually iTunes, it is being used as a testing site to see if a card is valid before they move on and try to make larger purchases.
And coming from the merchants point of view, if you have to report real fraud at least try talking to the merchant to get help, not only does it usually help if you are honest but its cheaper overall for both the bank and merchant because of fees that come from VISA if it can be solved by the merchant directly.
And... if you are reporting fake fraud don't bother calling the merchant or you will get yourself caught in a lie at one point or another. Assuming the merchant in question actually cares about being a profitable business obviously. But no one reading this is that dumb right?... Yeah I thought so.
Oh and disputing if you really do have the product has really fun consequences that vary from merchant to merchant. :D
A few months back my CC had a random (but still 50$) food charge on it, plus two subscriptions to match.com (near 200 total).
I called my bank, told them what happened, and within a week I got my money back (they near instantly gave me a credit back for temp purposes, but later officially put it back in my account), a new card, and sent me some documents to fill out and send back.
Aside from the minor inconvience it was one of the best experiences ive had as a customer.
I had asked how they got my #, and they said either a waiter, or someone guessed it (apperintly there are places that just have people sit down and farm out numbers until they get a hit). I also asked who would be paying the money back, and they said match.com would refund, and the food would probably be a loss, depending if they could find the person who did it, etc.
The funny thing was that the match.com purchases were via snail mail, sooo.. who knows. All I know is that I <3 my bank; hell a few weeks ago I got an extra 10k to my spending limit and a reduced percentage rate on my plat card lul. I only use the thing for gas, pay eveything else in cash, and pay off my amount in full every month. Maybe I should buy a speed boat.
CREDIT TRANSACTION
It might help to get some understanding of the fundamental transaction going on.
There are four nominal parties involved in a credit card transaction, the issuer, the cardholder, the merchant and the acquirer.
A peripheral participant in the system that has to be mentioned is the network under which the card is issued. This is actually what Visa, MasterCard, etc are. They don’t actually participate directly in the transaction; instead they are more of a facilitator. They provide the tech and marketing to keep the system operating. They are loosely organized not for profit cooperative organizations made up of banks that participate in the system.
The transaction substantially involves:
• The issuer that issues a credit card -: (usually a bank/financial institution) agrees to pay for the purchase that the cardholder makes according to the contract it has with the cardholder o after reviewing the request for transaction and considering whether there is an undue risk that the transaction is fraudulent (usually a merchant waits for this confirmation before releasing goods/services)
• The cardholder/purchaser -: can make a purchase on the account by using the card directly or by using the number without the card (the various methods discussed by pharaun) and will later pay the issuer over time in accordance with their prior agreement
• The merchant -: accepting credit card as a form of payment and per agreement with an acquirer: o conducts an authorization transaction (ensuring that the transaction is being authorized by the cardholder) that is sent to the acquirer
• An acquirer -: (a bank that is a member of the applicable network) “acquires” the transaction from the merchant and sends it to the card network (for a fee of course)
• The network –: (MasterCard/Visa/etc) then sends the request/message to the issuer
The acquirer provides provisional credit to the merchant for the transaction (minus fee), subject to a right to charge back if the cardholder declines to pay. The network applies a credit to the acquirer’s account and debits the issuer for that amount. The issuer in turn bills the purchaser.
Thus, a credit card transaction is one in which it is proposed that a merchant accept conditional payment from a third party (the issuer/bank) on condition that the transaction is authorized by a cardholder to whom the bank issued the card. The issuing bank’s obligation to pay does not become final at the time of the initial payment to the acquirer.
The network rules places the risk of loss as between the merchant and the issuer/bank on the party that was in the best position to ensure that the condition has been satisfied (the merchant) and assumed the specified condition was satisfied (could be merchant or issuer)
Hence we see that where the merchant is using the verification system provided by the issuer, (namely confirming the signature and obtaining proper authorization for the transaction from the issuer) —fact to face transactions---, an issuer that makes the final decision to allow the transaction under these circumstances carries the risk of the transaction being fraudulent.
However, the risk passes to the merchant if it fails to use the basic verification system but obtains only initial authorization from the issuer anyway—remote transactions---, unless some other means of verification is used (i.e. proof of address discussed by pharaun)
The credit card system is regulated primarily by the federal Truth in Lending Act (TILA) and Regulation Z, promulgated by the Federal Reserve under TILA. The scope of the statute is limited primarily to consumer transactions and does not apply to transactions involving more than $25,000.
To challenge a billing error under TILA, the cardholder must provide written notice to the issuer within 60 days of the date on which the creditor sent the relevant statement to the cardholder. (TILA 161(a))
A “billing error” includes, among other things, claims that the cardholder did not make the charge (i.e unauthorized charges)
If the cardholder provides the proper notice, the creditor (bank/issuer) must send a written acknowledgement of the notice within 30 days and must resolve the claim within two billing cycles.
Where the billing error is premised on a cardholder’s allegations that the merchant did not deliver the goods or services covered by the charge, the bank/creditor cannot reject the claim without first conducting a reasonable investigation and determining that the property or services were actually delivered as agreed. (TILA 161(a)(B)(ii)); Regulation Z 226.13(f) n.31) (hence the importance of verification of authorization by a merchant in certain instances discussed by Pharaun)
If the creditor/bank does not accept the cardholder’s allegations, the issuer, within the two billing cycle period, must give the cardholder written explanation of its reason for not correcting the charge. Regulation Z 226.13(c)(2),(f); (TILA 161(a))
The creditor/bank is barred from closing or restricting the cardholder’s account for failure to pay the disputed amount while the dispute is pending. (TILA 161(d)); Regulation Z 226.13(d)
The bank/creditor can still accrue a finance charge against the disputed amount, and it’ll be due only if the dispute is resolved against the cardholder. (Regulation Z 226.13(d)(1) n.30)
A cardholder’s liability for unauthorized charges is limited to a maximum of $50. (TILA 133(a)(1)(B) Even where the cardholder knows that they’ve lost their card and never bothered to report the loss. The cardholder can cut off liability below the $50 threshold though, if they send such notice to the issuer. (TILA 133(a)(1)(E)
An “unauthorized use of a credit card” is defined as use without actual, implied, or apparent authority (agency principles) that does not benefit the cardholder. (TILA 1602(o)) (So… there are of course instances where the cardholder will be liable for the entire charge)
DEBIT TRANSACTION
Although credit and debit feature are often offered on the same card and they share the same processing network, a debit transaction is fundamentally different from a credit transaction, and regulation of the debit system is separate from the credit card system.
A debit card is really just an addition to a checking or savings account, it merely facilitates the bank customer’s ability to draw on funds that are already available in an account or through overdraft. It replaces a paper check with an electronic impulse that directs the bank to transfer funds to the customer (at an ATM) or a third party (a sales transaction.)
The paying bank’s obligation to pay becomes final at the moment that it authorizes payment to a merchant.
So, it’s an electronic funds transfer regulated by the federal Electronic Funds Transfer Act (EFTA). Debit cards can be PIN-based or PIN-less. The EFTA requires that debit cards have some minimal security feature for confirming transactions, either by PIN or some other method (i.e. signature/photograph/fingerprints) else the cardholder is not liable at all.
In the event of an unauthorized/fraudulent debit transaction, the network rules by contractual arrangements, places the risk of loss on the bank as between the merchant and the bank.
The rationale is that the bank is in a better position to mitigate the loss than the merchant because the bank designed the cards and maintains the system for authorizing withdrawals. Thus, with respect to debit transactions, the merchant generally wins and the EFTA provides limited liability for the bank customer, the details of which I need not go into, leaving the bank mostly SoL.
One of my favorite questions to hear at my job is "why didn't you ask for my SSN(or pin) when using my card, my bank requires that, to which I reply "funny your bank didn't require that to authorize the charge" but that mostly just makes me an ass.