How long can a company legally retain my cc details?

Adrian_Prescott

We moved house last September. We had some issues with the removal firm we used, surrounding their having misquoted at the outset, and subsequently damaged items during the move.

At the time of the move, the owner was verbally abusive to both my wife and I on the phone, but ultimately they begrudgingly did the job as originally quoted, and reimbursed us for the damages.

The last dealing we had from them was the refund for damages at the end of October.

Earlier this year, I noticed a transaction dated 3rd Feb, for £48 from this removals firm on my cc statement. I had not authorised it, and was surprised they still had my cc details. I stopped the transaction with my cc company, and contacted the removal firm by email to query the transaction.

The £48 was immediately refunded, without explanation. When I queried what it had been for, and why they still had my cc details, they replied to say that I should be grateful that they had refunded it straight away. No elaboration or explanation.

My fear is that had I not spotted it, they would have continued to make small transactions such as this every month or two undetected. I am certain that the activity is fraudulent.

I am hoping to get chapter and verse from my cc company as to what the law says about the retention of cc details, so that I fully understand the situation. After that, I am currently considering calling 101 to report this as a fraud.

Can anyone give me any guidance on how long the company can legally retain my details, and the best channels to use to bring this fairly unseemly gentleman to book for this fraud?

Thanks in advance for your time.

grumbler

AFAIK, generally there are no any restrictions, but some card payments processing companies can stipulate restrictions for the companies they provide services to.

A recent thread: Companys holding onto Credit card details?

Adrian_Prescott

OK, many thanks for that Grumbler. Any thoughts as to the best means for me to raise the issue with the authorities? My cc company only seem concerned that it has been refunded.

grumbler

Don't know about authorities, but you can try cancelling (non-existent) CPA with your bank. Should the money is taken again, they will be supposed to process the refunds without your intervention: : How do I cancel a recurring payment?

Cancelling the card and getting a replacement with a new number can work too, but not guaranteed.

eskbanker

Adrian_Prescott wrote: »

My fear is that had I not spotted it, they would have continued to make small transactions such as this every month or two undetected. I am certain that the activity is fraudulent.

Unfortunately there's a significant difference between being afraid of CC abuse and being able to prove fraud. My suspicion is that, if challenged, the firm would simply claim that it was a one-off administrative or clerical error - the prompt refund would aid their case (assuming they processed this rather than your CC company).

What do you see as the desired outcome here? You're financially protected in that even if the firm don't refund unauthorised transactions your CC company will, i.e. there isn't any need to go to small claims, etc, to recover any loss, and any action between the CC company and the merchant is likely to remain confidential. If you're hoping to make some sort of criminal prosecution out of this I suspect that you'll find you'd need a lot more to action this!

Is the firm a member of any trade associations perhaps?

Finally, from a purely pragmatic perspective rather than a legal/moral one, you might also wish to consider just how much you wish to antagonise someone who you've already fallen out with and who knows where you live....

GingerBob_3

eskbanker wrote: »

Finally, from a purely pragmatic perspective rather than a legal/moral one, you might also wish to consider just how much you wish to antagonise someone who you've already fallen out with and who knows where you live....

:rotfl:What, just in case they send the boys round?

Fact is, there are far too many companies and other organisations who think that when they've got your CC details it gives them carte blanche to charge what they want, when they want.

If appropriate, you should inform merchants that unless a transaction is EXPLICITLY authorised you'll regard it as fraudulent.

Thankfully, you can nearly always get a full refund if you complain to the CC card company, but the system itself is generally found to be wanting.

eskbanker

GingerBob wrote: »

:rotfl:What, just in case they send the boys round?

Glad you find it amusing, but I was just recognising the difference between being in the right and potentially pursuing this too vigorously, in the context of an acrimonious dispute involving verbal abuse from someone who sounds quite volatile.

GingerBob wrote: »

Fact is, there are far too many companies and other organisations who think that when they've got your CC details it gives them carte blanche to charge what they want, when they want.

On what basis do you consider this to be a fact rather than an opinion?

GingerBob wrote: »

If appropriate, you should inform merchants that unless a transaction is EXPLICITLY authorised you'll regard it as fraudulent.

You can regard it as whatever you like, but as per previous post, there's a big difference between a transaction being unauthorised and this constituting actionable fraudulent activity.

GingerBob wrote: »

Thankfully, you can nearly always get a full refund if you complain to the CC card company

Agreed!

GingerBob wrote: »

but the system itself is generally found to be wanting.

In what way?

GingerBob_3

Eskbanker, forgive me for not replying to the points/questions you raise individually. Suffice it to say I have personally experienced this problem on numerous occasions, the worst offenders being hotels who take "a swipe" of your card at check-in. Other gross offenders are, of course, car hire companies (no personal experience of problems here, but many colleagues who have).

The system is found to be wanting because of the precise issue being discussed. Once a company has your card details they can, to a large extent, do what they like in terms of charging you. There needs to be procedures where by deafult the use of a card relates to an individual, authorised, transaction. These companies are treating use of a credit card like a direct debit rather than a one-off transaction. It's not good enough.

MPH80

GingerBob wrote: »

Eskbanker, forgive me for not replying to the points/questions you raise individually. Suffice it to say I have personally experienced this problem on numerous occasions, the worst offenders being hotels who take "a swipe" of your card at check-in. Other gross offenders are, of course, car hire companies (no personal experience of problems here, but many colleagues who have).

The system is found to be wanting because of the precise issue being discussed. Once a company has your card details they can, to a large extent, do what they like in terms of charging you. There needs to be procedures where by deafult the use of a card relates to an individual, authorised, transaction. These companies are treating use of a credit card like a direct debit rather than a one-off transaction. It's not good enough.

I'm curious as to how you would allow hotels (for example) to work for additional expenses? Would you:

a) Say they can't do the transaction until someone checks out? So what happens if the person just walks out of the hotel? How do you stop that?

b) Say that the person has to choose the amount the hotel puts on hold and then the hotel has to prevent them going over their limit?

c) Say there has to be a formal amount charged at the start and then refunded? How much should that be?

Hire car companies have the same problems ... in Toronto (for example) there's a toll-both free toll road - it's all electronic readers. So you drive on the toll road - the hire car company get's a bill a month later. You can't stop anyone driving on the toll road. So does the company have to invoice and chase payments from a whole bunch of international users? Or should they put a transaction on someone's credit card and reverse it later? Or should they continue to do what they do now - charge the card already on file?

I agree that abuse takes place - but it seems like the best compromise for companies and individuals.

GingerBob_3

MPH80 wrote: »

I'm curious as to how you would allow hotels (for example) to work for additional expenses? Would you:

a) Say they can't do the transaction until someone checks out? So what happens if the person just walks out of the hotel? How do you stop that?

b) Say that the person has to choose the amount the hotel puts on hold and then the hotel has to prevent them going over their limit?

c) Say there has to be a formal amount charged at the start and then refunded? How much should that be?

Hire car companies have the same problems ... in Toronto (for example) there's a toll-both free toll road - it's all electronic readers. So you drive on the toll road - the hire car company get's a bill a month later. You can't stop anyone driving on the toll road. So does the company have to invoice and chase payments from a whole bunch of international users? Or should they put a transaction on someone's credit card and reverse it later? Or should they continue to do what they do now - charge the card already on file?

I agree that abuse takes place - but it seems like the best compromise for companies and individuals.

Well how did hotels and car hire companies operate before the days of credit cards?

It's pretty simple really. If they require pre-authorisation it should only cover specific, agreed, items, not anything they choose. So, I authorise you to charge for the room, breakfast and any drinks I assign to my account. I don't authorise you to charge anything else to my card. Other items must be queried with me directly.

An example of where this works against you; in Malta last year I had to pre-authorise TWO credit card slips for car hire. What was the second one for, I enquired. In case you get a speeding or parking ticket. Brilliant eh! So you'll pay up when I might want to contest it!

In dealing with hotels, hire car companies or a myriad of other organisations, would you be happy to give them your bank details with an invitation to take what they wanted, now or at any time in the future? Probably not.

eskbanker

I think this seems to have gone a bit off track here - legitimate pre-authorisation is a separate issue, and in the scenarios discussed above, it's used because the exact amounts aren't known in advance.

Clearly it gives rise to the possibility of abuse but there is a huge difference between having the opportunity to abuse a card and actually doing it, and the bottom line remains that the onus is on the merchant to prove that a charge was authorised, so the cardholder is still protected if the merchant is unscrupulous.

So it seems OTT to me to regard all pre-authorising hotels and car hire companies as 'offenders' even when this doesn't lead to any issues - in my experience hotels will give you the opportunity to review your final bill at checkout anyway.