Chip and Pin liability - some clarity
Options
MPH80
Posts: 973 Forumite
in Credit cards
Since Watchdog have raised this ...
I have emailed the financial ombudsman to get some clarity on the position of liability for different types of cards. They have responded that they believe my understanding to be correct. If you wish to PM me - I can forward the content of the email - but it's not that interesting.
Just quickly before I post this - I'm not a lawyer, merely someone who has read the financial ombudsman's website, read the appropriate portions of the act and communicated with the FO. Do not take this as legal advice.
This is what I sent to them:
The key points here are that when your card is used to issue credit - either through the form of a credit card or a debit card accessing your overdraft - you are covered under section 84 of the Consumer Credit Act which makes no mention of increased liability due to negligence.
It is also important to note that under the banking code - the wording was changed from 'grossly negligent' to 'without reasonable care' with regard the level of responsibility the person had to take over their pin. The change in wording was not intended to change the level of neligence, merely to make the wording more accessable. However, some providers are taking it this way and the financial ombudsman is trying to get this changed back or to a more suitable wording.
The appropriate section of the act is detailed below:
http://www.johnantell.co.uk/CCA1974.htm
EXCEPTIONS
As with everything - there are exceptions.
Firstly - if the fraud is commited with a debit card - and you are not in your overdraft and the fraudster does not take you into your overdraft - you are as liable as the banking code makes you. This *should* be £50. However, because the wording is unclear - it may prove harder.
Secondly - all of this protection is wiped out if you give the credit card/debit card to someone else and authorise them to use it. If they make transactions which you did not authorise - you will still be liable because you gave it to them in the first place.
Third - you may have problems if the bank can prove that the chip is read, since it has not yet been shown that the chip can be cloned. As such that would suggest that it was the actual card that was utilised and this will make your story harder to prove. However, if you can be certain the card has never been out of your posesssion and no family member/friend has had access to it, you can use the Watchdog example of how a fraud might be commmited. Although it's worth noting that the complications involved in this form of fraud are extreme.
Conclusion
It's quite simple - if you use your plastic card for credit - then negligence with a PIN is not, by itself, a reason for the bank to refuse to refund your money. You may still be held liable for £50 - but that is all the Consumer Credit Act allows them.
Providing you didn't hand your card out - then if your bank is refusing to pay out - quote the law at them - threaten to take them to the Financial Ombudsman - and if they still won't pay out - DO IT! But please bare in mind the liability I set out at the top of this post because you'll only waste your own time if you've given the card to someone else and they've allowed the fraud to take place.
The examples and information from the Ombudsman is here:
http://www.financial-ombudsman.org.uk/publications/ombudsman-news/46/46_plastic_cards.htm
It is worth reading this page - especially the examples to see how the FO regards liability and responsibility.
The complaint form for the Ombudsman is here:
http://www.financial-ombudsman.org.uk/consumer/complaints.htm
Perhaps we can put this to bed now?
M.
I have emailed the financial ombudsman to get some clarity on the position of liability for different types of cards. They have responded that they believe my understanding to be correct. If you wish to PM me - I can forward the content of the email - but it's not that interesting.
Just quickly before I post this - I'm not a lawyer, merely someone who has read the financial ombudsman's website, read the appropriate portions of the act and communicated with the FO. Do not take this as legal advice.
This is what I sent to them:
- If you use a credit card - you are never liable, providing you did not authorise someone to make the transaction or did not personally authorise the transaction, for more than £50.
- If you use a debit card - and the card is used while within an overdraft or fraudulently takes you into an overdraft - you will not be liable for more than £50 based on the same premise as above.
- If you use a debit card - and the card remains outside the overdraft
- you are as liable as the card terms and conditions/banking code set out - which based on the banking code should only be £50.- Prepaid credit cards would count as the same as 3
The key points here are that when your card is used to issue credit - either through the form of a credit card or a debit card accessing your overdraft - you are covered under section 84 of the Consumer Credit Act which makes no mention of increased liability due to negligence.
It is also important to note that under the banking code - the wording was changed from 'grossly negligent' to 'without reasonable care' with regard the level of responsibility the person had to take over their pin. The change in wording was not intended to change the level of neligence, merely to make the wording more accessable. However, some providers are taking it this way and the financial ombudsman is trying to get this changed back or to a more suitable wording.
The appropriate section of the act is detailed below:
http://www.johnantell.co.uk/CCA1974.htm
84 Misuse of credit-tokens
(1) Section 83 does not prevent the debtor under a credit-token agreement from being made liable to the extent of £50 (or the credit limit if lower) for loss to the creditor arising from use of the credit-token by other persons during a period beginning when the credit-token ceases to be in the possession of any authorised person and ending when the credit-token is once more in the possession of an authorised person.
(2) Section 83 does not prevent the debtor under a credit-token agreement from being made liable to any extent for loss to the creditor from use of the credit-token by a person who acquired possession of it with the debtor’s consent.
(3) Subsections (1) and (2) shall not apply to any use of the credit-token after the creditor has been given oral or written notice that it is lost or stolen, or is for any other reason liable to misuse.
(3A) Subsections (1) and (2) shall not apply to any use, in connection with a distance contract (other than an excepted contract), of a card which is a credit-token.
(3B) In subsection (3A), “distance contract” and “excepted contract” have the meanings given in the Consumer Protection (Distance Selling) Regulations 2000.
(4) Subsections (1) and (2) shall not apply unless there are contained in the credit-token agreement in the prescribed manner particulars of the name, address and telephone number of a person stated to be the person to whom notice is to be given under subsection (3).
(5) Notice under subsection (3) takes effect when received, but where it is given orally, and the agreement so requires, it shall be treated as not taking effect if not confirmed in writing within seven days.
(6) Any sum paid by the debtor for the issue of the credit-token, to the extent (if any) that it has not been previously offset by use made of the credit token, shall be treated as paid towards satisfaction of any liability under subsection (1) or (2).
(7) The debtor, the creditor, and any person authorised by the debtor to use the credit-token, shall be authorised persons for the purposes of subsection (1).
(8) Where two or more credit-tokens are given under one credit-token agreement, the preceding provisions of this section apply to each credit-token separately.
EXCEPTIONS
As with everything - there are exceptions.
Firstly - if the fraud is commited with a debit card - and you are not in your overdraft and the fraudster does not take you into your overdraft - you are as liable as the banking code makes you. This *should* be £50. However, because the wording is unclear - it may prove harder.
Secondly - all of this protection is wiped out if you give the credit card/debit card to someone else and authorise them to use it. If they make transactions which you did not authorise - you will still be liable because you gave it to them in the first place.
Third - you may have problems if the bank can prove that the chip is read, since it has not yet been shown that the chip can be cloned. As such that would suggest that it was the actual card that was utilised and this will make your story harder to prove. However, if you can be certain the card has never been out of your posesssion and no family member/friend has had access to it, you can use the Watchdog example of how a fraud might be commmited. Although it's worth noting that the complications involved in this form of fraud are extreme.
Conclusion
It's quite simple - if you use your plastic card for credit - then negligence with a PIN is not, by itself, a reason for the bank to refuse to refund your money. You may still be held liable for £50 - but that is all the Consumer Credit Act allows them.
Providing you didn't hand your card out - then if your bank is refusing to pay out - quote the law at them - threaten to take them to the Financial Ombudsman - and if they still won't pay out - DO IT! But please bare in mind the liability I set out at the top of this post because you'll only waste your own time if you've given the card to someone else and they've allowed the fraud to take place.
The examples and information from the Ombudsman is here:
http://www.financial-ombudsman.org.uk/publications/ombudsman-news/46/46_plastic_cards.htm
It is worth reading this page - especially the examples to see how the FO regards liability and responsibility.
The complaint form for the Ombudsman is here:
http://www.financial-ombudsman.org.uk/consumer/complaints.htm
Perhaps we can put this to bed now?
M.
0
Comments
-
Thanks MPH80, you've obviously taken the effort to get a bit of clarity on this.0
-
Thanks MPH80 and you're spot on about worth reading the page setting out the examples.
If there was ever a case for not having a PIN, especially with a credit card - you've illustrated it.
Many thanks.0 -
I'm in a similar situation to previous posters in that my account was emptied without my consent or knowledge. The Financial Ombudsman website detailing the Consumer Credit Act states that If you inform your bank if your card is lost or stolen you are not liable. The morning after my card was stolen, and before the charges were made I went into a branch of my bank (Royal Bank of Scotland) and informed them of the situation and asked to cancel my card. It was only when I returned home and went into my local branch to withdraw cash a week later (I was under the impression that a new card was being sent to my home) that I was informed my account had been emptied, overdraft and all. My bank is saying that no note was ever made that I wanted to cancel my card, and as I have no proof, I am liable. I will being using the information provided previously to argue that I am not liable for the £1150 worth of debt these people have put me in, but I am so angry that even though I cancelled my card these transactions were able to be made.
Any help would be greatly appreciated.0 -
MPH80 Great Posting with a few exceptions, re liability for fraud where a PIN is concerned.
You can say what you like about 'quote the law' to them. Fact is, it's not a law, it's a code of practise. Second point is that the FOS is financed by the Industry and IMHO isn't independent. Last but not least the FOS can and do base some of their findings on probability. This means that a victim can end up paying the cost of fraud.
I look forward to the out come of the following Job V The Halifax PLC.
Mahalo click on Job v The Halfiax, it just may help you.0 -
V. useful, thanx!iaye carramba!0
-
You can say what you like about 'quote the law' to them. Fact is, it's not a law, it's a code of practise. Second point is that the FOS is financed by the Industry and IMHO isn't independent. Last but not least the FOS can and do base some of their findings on probability. This means that a victim can end up paying the cost of fraud..
I thought I'd just follow this up - when I said "quote the law" - I'm talking about the 'Consumer Credit Act 1974'. If that's not a law - I don't know what is James.0 -
I hope the BBC Newsnight Video is used as evidence in the Job V Halifax Case.
Newsnight Video (Click Here) (The portion all victims of PIN based fraud should listen to start at 5 Mins 45 Secs into the Broadcast).0 -
Unfortunately the law is not always enough... "access to justice" is an issue too. Challenging things can be such a struggle. Look at the £12 thing... for years credit card companies charged pretty much what they liked for penalties, instead of restricting themselves to the amount of liquidated damages as per UCCTR. The OFT (I think) stepped in and said they'd regard anything above £12 difficult to justify (I'm heavily paraphrasing), so £12 is now a de-facto standard. But the law doesn't say they can charge £12! If paying late actually only costs a company £5 in admin, then that's as much as they can charge.
Gone are the days (if they were ever there) that companies as a matter of policy tried to comply with the law. Now at best it's just a risk assessment issue - ie the risk of getting caught out and suffering enforcement balanced against the gain of ignoring the law or paying lip service to regulations.
Applies to individuals too - how many people don't park on a yellow line because they feel it's wrong to break a rule? Or is it just a fear of a ticket....0
This discussion has been closed.
Categories
- All Categories
- 343.6K Banking & Borrowing
- 250.2K Reduce Debt & Boost Income
- 449.9K Spending & Discounts
- 235.8K Work, Benefits & Business
- 608.8K Mortgages, Homes & Bills
- 173.3K Life & Family
- 248.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards