Sounds like someone needed to explain to the boss that HE’S the one that may end up paying for cards used fraudulently. Don’t get me wrong, the merchant isn’t always out the money because someone used a stolen card, but the risk is there and, whether you win or lose the chargeback you’re a)out the money for a week or two while the investigation is happening (processor takes it back from you and holds it) and b)get charged for the chargeback…yup, I could use my credit card somewhere, dispute the charge, the business can prove I was there and everything was on the up and up and they’ll still have to pay a $20 or $30 fee. I assume that’s meant to incentive merchants to be proactive instead of reactive.
You’re exactly right, but in our case what I should have made clear was that there was ‘profit’ being made even after considering chargebacks.
Chargebacks – to your point – imply that somebody is paying attention to their credit card statement.
Lots of people apparently don’t. No chargeback in those cases.
I’m always amazed when I hear stories of people finally looking at their statements and realizing the gym has been charging them even though they cancelled 3 years ago or when we get a customer calling in about a charge they found on statement from 2 years ago. I understand that a lot of people (maybe even most people) just swipe their card and make a payment every month. I’m always surprised when, over the course of years they’ve never even taken a cursory glance at it.
Keeping an eye out for BS charges is one of the reasons I enter every single transaction into my software (Quicken). And I don’t just download them, I enter them by hand. A bit more time consuming but I’m far more confident a bad charge has never made it past me.
IANAM (I Am Not A Merchant) but my understanding is that for online (card not present) sales the card number, expiry date, security code and the billing location postal code need to be correct. If they are, no penalty to the merchant. If not, the card is declined or the merchant is responsible for the cost not the card issuer I suppose vendors like Uber are in a different situation as they don’t deliver an item to an address and don’t have a billing location to enter. I really hope the “name on card” has to match one of the Uber passengers?
Much information can be gathered when you use your card in a physical setting; fortunately I found (pre-covid) that many restaurants nowadays bring a wireless CC Reader unit to your table rather than disappearing into the back with your card like they used to.
It’s also confusing because the rest of the world- unlike the USA - uses PIN codes for card present sales along with chip. There have been some fraud issues where someone observes the person using their PIN then manages to steal the card (most recently heard about this last year with tourists in Mexico).
But yes, contact your bank and the onus is on the merchant to prove the charge was legit and consented to by the card-holder and the service or item was provided.
Several years ago I got an early-morning call from Amex saying my card was compromised and they would be cancelling it and issuing me a new one. The next day the old card was used to purchase a flight from Manila to Hong Kong in someone else’s name; so obviously “cancel” means something different for some Amex people. Keep checking your account. (I suspect it was compromised in a NYC area restaurant a few weeks earlier…)
What seems to have happened is that I ordered delivery from a restaurant, and the restaurant used “Uber eats” to deliver it to me. It appears that’s how they got my info. Now, I’m on disability, and only very rarely order from a restaurant–maybe 3 times during quarantine–and couldn’t possibly benefit from a subscription for multiple delivery fees. So I would never have checked a box accepting such an offer. I had no awareness even that the delivery driver worked for Uber. Whatever the cause, it’s been taken care of. Thanks everyone for your input.
This is probably true, but the card companies seem to give merchants a lot of leeway in processing transactions. To some extent it seems to be up to a merchant how much verification they choose to do, and effectively a business decision how much risk of chargebacks the merchant wants to accept. Albeit only within certain limits, as @DavidNRockies experience shows, but it seems to be pretty lax from my experience.
I had some fraudulent online charges for $'000s at what appeared to be an online store based in Spain. The charges were refunded immediately, but I followed up quite aggressively with the credit card company, because I wanted to find out exactly what happened - I wanted to see whether my card details had been stolen when I used the card somewhere else, did they know my name and address, etc.? I saw a physical copy of one of the receipts, and evidently they knew literally nothing. Not my name, not the CVV code, not the expiration date of the card, nothing. All they had presented to the merchant was a 16-digit number. And despite badgering them I could get no coherent answer from the credit card company about how a charge could possibly be approved by someone who had evidently just tried a random number, and did not know any identifying information, not even my name. All I got was mumble mumble “it’s up to the merchant” or something.
I’m guessing maybe the merchant was in on the fraud, but it seemed bizarre to me that the credit card company systems would not insist on at least some minimal level of identity verification. I didn’t lose any money, but it’s still annoying to have to go through the process of changing your card number. And it really makes you wonder about the billions that must be lost every year on smaller amounts that people just don’t pick up because they don’t check their statements.
Sounds like user error strikes again.
So it’s 100% on scummy practices by Uber. You were totally correct to take the approach you did and shame them on social media, good job.
Er… what? That’s a very strange interpretation of Uber not making it obvious and transparent that you’re signing up for some kind of subscription unless you proactively opt out. If there’s a class action lawsuit, that isnt suggestive of “user error”.
Why was there a charge for Uber? Because the user used their service and wasn’t careful about what they did or did not select.
Next time, be careful about what you attach a credit card to and what you are agreeing to.
Yeah, because business are never guilty of scummy deceptive practices that sign you up for repeated payments that you don’t want if you’re not paying attention to what boxes are ticked by default. I’m sure the responsibility lies entirely with people who are not as careful as you.
Feel free to join in on whatever class action suit you think is going to happen.
I can key a card into my machine and as long as the expiration date is correct, it’ll go through 99% of the time. It’s exceedingly rare for a card to get declined because of a mismatched CVV or zip code. It happens, but not often. Hell, I can use the wrong expiration date and as long as the month is correct, it’ll still go though*. Your name really isn’t required for anything. At most, they’ll check against the number portion of your street address and zip code, but not your name.
You can try it for yourself. Next time you use your card on a website, type in your name wrong and you’ll likely find it’ll still go through.
And it’s even worse if those boxes re-tick themselves if you filled out part of the form wrong (ie password and confirm password didn’t match). All your info is still there so you don’t have any reason to assume the boxes need to be unticked again.
I decided long ago that ‘caveat emptor’ is equivalent to ‘tort reform --’ a subtle way to ensure that no consequences ever befall the true guilty party.
I remember another e-commerce company that had to write a rather big check for comparable (if not similar) shenanigans:
Such simple website decisions as “opt-in vs. opt-out” can definitely have big impacts, big rewards, big consequences, and big pushback (and adverse PR):
That has nothing to with what happened here. lissner ordered from a restaurant and that restaurant, on their own, took his card info and used it to make an UberEats transaction to get an Uber driver to show up to do a delivery. That is not someone forgetting to opt out of some predatory charge. What the restaurant did is not OK and is a breach in and of itself.
I think we’re assuming a lot based on the information we’ve been given. It sounds to me like OP went to a restaurant website, put in the order, and was redirected to UberEats for the final transaction. I’ve seen plenty of restaurants that do that. Nothing scummy there. UberPass is specifically the extra service you can sign up for free delivery, etc.
I recall on a trip to Florida (over 10 years ago) trying to use a self-serve gas pump and it would not work without the zip code for the transaction. I later learned that using 00000 worked for Canadian Postal Codes in most such situations. (I haven’t tried 90210…)
Nope - when you use Uber or Lyft (have not personally used Uber, but have used Lyft), you first set up an online account where you enter your name, credit card info etc. Then when you book a ride through the service, it gets billed to whatever I set up when I created the account. If one of my kids uses my account, Lyft doesn’t care - they have my info on file.
Now, what happened to the OP is really, really scammy. It’s not out of line that there would be an initial charge from Uber, as I assume that’s how the one meal delivery was billed through - but if they’ve got checkboxes defaulting to “let us scam you forever” that is really scummy.