If someone makes unauthorized charges on one of your customer’s credit or debit cards, your customer may be responsible for some of the charges. However, in most cases, your financial institution is also liable for a significant portion of the fraudulent transactions. Financial institution liability for fraudulent card transactions varies based on the type of card, what was stolen, and when the customer reports the issue.
So that you know what to expect, here’s a closer look at financial liability for credit card and debit card fraud.
Financial Institution Liability for Stolen Credit Cards
Financial institutions bear the most liability for fraudulent credit card transactions, including stolen credit cards. If your financial institution issues credit cards, you need to have measures in place to detect fraud quickly so that you can shut down credit card numbers before scam artists make too many charges. With credit cards, your financial institution is responsible for all charges over $50, and in some cases, the financial institution may be responsible for everything.
There is no time limit on this liability. If a thief takes your customer’s credit card and charges $10,000 over a three-month period, your customer is responsible for $50, and you must pick up the rest of the tab.
However, if the customer reports the credit card as lost or stolen before charges occur, you (the card issuer) are responsible for all the losses. To prevent any charges from appearing on the account, make sure that your system is set up so that you can immediately shut down a card when a customer calls in and reports that it is missing.
Liability for Stolen Credit Card Numbers
Additionally, your financial institution is also responsible for all fraudulent charges if the credit card number gets stolen but not the card itself. This can happen if a hacker lifts credit card details from an unsecure ecommerce site, if a dishonest employee steals the card number from the cardholder while they’re shopping in a store or eating at a restaurant, or if a thief obtains the number in another way. Usually, credit card holders don’t have any way to know their numbers have been compromised in this way until they receive their statement, look at their transactions online, or get an alert from the bank.
As a result, when just the number gets stolen, the thief may be able to make a lot of purchases before the customer finds out. Often, the customer doesn’t realize anything is happening until they receive their statement weeks later. Worse yet, if they don’t look at their statement closely, they may not notice for a few statement cycles.
To minimize your liability in these situations, you need to have credit card fraud detection tools in place. If you have machine learning tools that get to know your cardholders’ spending patterns, those tools can alert you about unusual transactions, and you can minimize losses and by extension reduce your liability and protect your bottom line.
Financial Institution Liability for Stolen Debit Cards
Financial institutions have less liability for debit card fraud than they do for credit card fraud. For debit cards, the timing plays a big role in determining whether the customer or the card issuer is liable. Here is a breakdown of your liability as a financial institution based on when the customer reports a stolen debit card:
- If the customer reports the debit card as lost or stolen before charges appear on the account, you are liable for all unauthorized charges.
- If the customer reports the card as lost or stolen within two days, you are liable for all charges over $50.
- If the customer reports the debit card as lost or stolen after two days but within 60 days, you are liable for all charges over $500.
- If the customer reports the debit card as lost or stolen after 60 days have passed, you are liable for nothing.
These rules also apply to ATM cards. If someone steals your customer’s ATM card or if a customer loses their card, their liability can range from nothing to everything depending on when they notice and report the issue.
Financial Liability for Lost Debit Card Numbers
Just like with credit card fraud, liability rules with debit cards are also different if the number gets stolen but not the card. If only the number is stolen, the customer has no liability for fraudulent purchases as long as they alert you within 60 days of receiving their bank statement.
Sixty days is a big window of time. If the account has a large balance or if the debit card ties to a generous line of credit or an overdraft account, the thief can make a lot of purchases. Once your customer reports the issue, your financial institution ends up being responsible for everything. Again, to minimize losses, you need solutions in place that can detect debit card fraud long before your customers open their statements and notice issues.
Minimizing Financial Institution Liability for Debit and Credit Card Fraud
As you can see, financial institution liability for fraudulent credit, debit, and ATM card activity ranges from $0 to the entire amount of all the fraudulent purchases. To minimize your liability as much as possible, you need to educate your customers on the importance of keeping track of their cards and not compromising their card numbers.
However, even if your customers are diligent about card security, they may still be subject to misplacing their cards or having them stolen. To reduce your liability when this happens, you need to detect the fraud as quickly as possible. When you run a financial institution that processes thousands of transactions every day, that can be impossible to do manually, and to protect yourself and your business, you need the right tech solutions in place.
At SQN Banking Systems, we focus on fraud so our customers can focus on running the rest of their financial institutions. Ready to learn more about our credit and debit card fraud prevention and detection tools? Then, contact us today.