Last week I got a text from my bank that my card has been used in Indianapolis. I live in Florida and have never stepped foot in Indianapolis, much less bought gas at a Rickers.
I had to go through the usual rigamarole of closing my card, waiting for the new one to arrive, and updating my information for my online accounts (just my SunPass and Amazon). The bank put the money back yesterday, so I’m whole.
My question is, who is out the money? Does the bank eat it or did they tell the gas station the charge is fraudulent and will not be paying the money? I spoke to a business owner on Saturday and she said her business card was used fraudulently and with business cards, they have no protection from the bank. She had to contact the business directly and let them know not to honor the charge. Is is possible the other business would just say, “Too bad so sad, we’re keeping the money?”
It was just about $100. I did reach out to the gas station (I could tell from my account where the charge was made) in case they wanted to review transactions or surveillance tapes, but I suspect like “shrinkage” that’s the cost of doing business.
The answer is, as always, the consumers (the bottom feeders) are out the money. Sooner or later, the profit realized by the top end will catch up and be covered for the loss, by charging it off to their customers.
You seem to realize that you are not the one out the money so we’ll skip the part about cardholder liability.
I used to manage billing and payment systems for a large company. I had a copy of the contracts with VISA, Master Card, etc. They all say that if the merchant has acquired a signature, and the signature matches the back of the card, the merchant will not be liable for fraudulent use. We were an online merchant. They introduced the CCV (or whatever name) around this time. They told us that if we got a CCV and it matched on authorization, the bank would treat that as equivalent to a matching signature.
In addition, the agreement prohibited us from asking for additional identification. They want to make it as easy as possible to use a credit card. If they are willing to bear the risk of fraud, who cares? (That’s why I never understand why some merchants do ask for ID, and I never understand why some consumers write “Check ID” in the signature block on the back of their card.)
So if the merchant follows the rules, the bank takes the loss. If the merchant did not follow the rules, the merchant could possibly have to take the loss.
But that’s the short-term micro answer. To the points above, neither the banks nor the merchants are in business to lose money so on balance fraud losses are made up by higher merchant prices and higher credit card fees and interest rates.
Because, even though the bank will reimburse my loss, it’s a pin in the butt to have to replace the card and wait while it’s done. Of course, in most places now the merchant never even sees the new chip cards. And how any one could compare my signature to one of those images produced when you sign in the little box (often with your finger because the stylus is missing) is beyond me.
I should clarify this was a debit card. I don’t use credit cards.
When I buy gas, I pay at the pump. There is no verifying of my signature. I enter my zip code and I’m good to go. I assume that’s what happened in Indianapolis. So who would take the hit here? (understanding there is no real “hit.”)
But if someone physically steals your actual credit card (the only thing “see ID” supposedly protects against), you still have to replace it, because someone stole it.
Is your debit card branded as a credit card (shows a VISA or MasterCard logo on the front)? That is, could you use it the same way you can use a credit card? I am guessing yes, because they don’t ask for a zip code when you use a debit card with a PIN. In that case the answer is probably the same as for regular credit cards, since the transaction goes through the association (e.g., VISA, MasterCard). If you use the card with a PIN it goes through a different network and the protections are not the same.
Gas stations do not collect a signature for PATP credit cards. Neither do some high-volume, low-amount merchants like McDonald’s and Chipotle. In cases like that I don’t know whether the merchant takes on the risk, or whether they have a deal with the associations.
The issue of legible signatures on digital pads, and whether the merchant bothers to check the signature, is not a new one. If you google “credit card signature experiment” you can find countless cases where people screw with merchants by using fake signatures and nobody notices. There was a very widely circulated blog on this many years ago that is probably still out there somewhere.
Why do you say there is no real hit? The station owner let somebody have 10 gallons of gas, if he doesn’t get paid for that, he’s taken a hit. If he does, the bank took a hit.
It’s not an isolated transaction. It’s part of the overall revenue and expense equation. Generally, credit card fraud on any given day can’t be predicted but it can over a year. So a gas station owner knows he’s going to get $x in transactions that he can’t collect and bank knows they are going to have $y in charges that they can’t collect. That information goes into determining prices, interest rates, fees, etc. So ultimately what a customer pays for gas includes a little profit for the gas station, the wholesale cost of the gas, overhead and labor for the gas station, and a little bit to cover fraud. Same thing for the bank.