Credit card fraud is a widespread issue that affects a number of different parties. From the time a fraudulent transaction is charged on a credit card, the banks, cardholders, merchants and the scammer are all involved in a process that can take weeks or even months to fully resolve.
While credit cardholders may not be liable to pay for fraud or scams, someone eventually has to pick up the bill. With numerous scams and large-scale data breaches at companies, it is important to understand the various stakeholders that are affected by credit card fraud.
Fraudulent transactions continue to increase.
While fraud is sometimes unavoidable, the best way to deal with credit card fraud is to protect your personal data and take necessary precautions against hackers. Never give out personal information to anyone that asks you for personal data over the phone or by email, unless you initiated the contact. Avoid giving out critical information such as credit card numbers and social security numbers unless it is a trusted, reputable source that you know. Remember: if something doesn't feel right to you, it probably isn’t.
Other protections: keep a close eye on all your credit cards and cancel or put cards on hold as soon as they go missing. Don’t carry all your cards around at the same time in case your wallet gets stolen. Have strong passwords and protections for your personal and financial information online.
When fraud occurs, there are a variety of protections in place to keep cardholders from shouldering the entire burden. Credit cards tend to be more protected than debit cards, and often the banks and merchants will end up going back and forth over who should be the responsible party for the fraud.
Credit Cardholders
If you own a credit card, you can usually rest easy, knowing that you are protected from paying for fraud. Congress enacted the Fair Credit Billing Act, or FCBA, which says if your credit card is stolen or has an unauthorized use, the most that you can be liable for is $50. If you report the theft of your credit card before any loss occurs, however, your liability drops down to $0.
Debit Cardholders
Although credit cardholders have very little liability in the event of a theft, the story can be much different for those that own debit cards. If your debit card is found to be missing and you report it stolen before the thief can use it, you will not be liable for any potential charges.
However, if someone uses your debit card before you report it stolen, the protections are not as generous. Depending on how fast you report your stolen debit card, you could owe various amounts of money. If you report within two business days of learning about the theft, you may be liable only for $50. If you report after two business days, but less than 60 calendar days, you could owe as much as $500. If you report after 60 calendar days, you could be liable for the entire amount stolen.
Banks
Since credit cardholders have very limited liability under federal law, it is the banks and merchants that must shoulder most of the burden. The first institution to lose money is the bank, since the cash to make the purchase comes from banks, and they must reimburse the individual cardholders who were the victims of fraud. Under most circumstances, the individuals or groups that committed the fraud are typically not going to pay, unless convicted in a court of law. Legal cases could take months or years to complete. In the short term, the banks are out real money, and they will very likely turn to the merchant to be made whole. Banks may point to poor security or technological issues that allowed the merchant to be compromised. In many cases, banks have to issue new credit cards, which can be a significant expense when made in large numbers.
Merchants
During large cyber-security breaches, corporations are often responsible for paying millions of dollars in damages. After the massive Target data breach in 2013, the company was responsible for paying upwards of $162 million to its customers. As breaches of financial information often impact millions of payment cards, merchants often face class-action lawsuits and steep legal fees for having technological failures and unsecured data.
Merchants carry a significant burden when it comes to credit card fraud. If the merchant delivers products on fraudulent orders, they may have lost the product with a difficult road to getting it back. Banks often look to the merchant for reimbursements, since the bank is immediately out of the cash and can sometimes point to security issues with the merchant that allowed the fraud to take place. If there is a certain amount of fraud that occurs at a given store, payment processors could move to terminate the merchant’s account, and that store could be placed on a blacklist, meaning it may be very difficult to find another payment processing firm. While large businesses and corporations can sometimes withstand some losses, it can be devastating for small business owners.
Insurance Companies
In some rare cases such as large data hacks, insurance companies pay some of the costs associated with fraud on credit cards. In the 2013 Target data breach, insurance offset $90 million of the costs that Target was expected to pay its customers for their personal and financial information being hacked. Some corporations are now purchasing insurance policies for protection against computer attacks, cyber extortion, online fraud, and information breaches across networks and connected devices. As increased technological connectivity has granted cyber criminals more opportunities to hack consumers’ personal and financial information, cyber insurance offers additional protection against credit card fraud.