Menú

All

credit card

11.01.2021

Liability for unauthorized use of credit cards

Francisco Javier Ortega Por Ortega Lopez-Bago , Francisco Javier

Liability for unauthorized use of credit cards has been regulated in 2018.

Law 16/2009 introduced, for the first time in our system, specific regulation on credit card contracts. This regulation has been modified by the new directive on payment services, PS2P (Directive 2015/2366).

This directive has been transposed into our legal system by Royal Decree 19/2018, on Payment Services.

The current legal framework pays special attention to cases of anomalous operation of credit cards. Either for  incorrectly executed orders or because the document has been used incorrectly. The law establishes different situations distinguishing between an incorrect execution and  an unauthorized operation.

In this article, we will focus on the responsibility derived from the improper use of the credit card. Specifically, the responsibility for unauthorized operations.

In this respect, the regulations govern a system of liability, both for the issuer and for the cardholder. We will now proceed to analyze the factual assumptions, the subjects responsible, and the consequences of the unauthorized use.

Contacto No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.

Assumptions of liability

We can distinguish three types of operations that may result in liability for unauthorized use:

  1. The first is given by the use of a previously stolen or lost card. A third party acquires possession of the payment instrument and uses it without the cardholder’s consent.
  2. The second is the use of the card as a consequence of its falsification. The main difference with the lost one is that the card does not have to be dispossessed by its holder. It would be a matter of getting an exact replica of the data on the original magnetic strip. However, this modality also admits the previous subtraction, to proceed to its later falsification.
  3. And a third modality, the subtraction and use of the card data in non-presential operations (online).

Responsible subjects

Issuing entity

The regulations are quite strict with the responsibility of the issuing entity. In general terms, the issuing entity will bear the economic damage generated by the unauthorized use. It can only be exempted if it has reasonable grounds for suspecting the existence of fraud. In this case it must notify the reasons to the Bank of Spain.

In this regard, it is important to mention the obligations of the card issuer:

  • To ensure that the personalized security credentials are only accessible to the authorized user.
  • To refrain from sending payment instruments that have not been requested.
  • To guarantee adequate and free means to enable the cardholder to notify the loss or theft of the card.
  • To prevent the use of the payment instrument once the loss or theft  has been notified.

Cardholder

The cardholder’s responsibility has changed significantly with the entry into force of PSD2. Previously, the responsibility assumed by the cardholder was limited in quantity and time. Quantitatively, as he was responsible for the first 150 euros. Temporarily, as the liability was extinguished when the issuer became aware of the fraudulent act.

With the new regulation, the cardholder assumes a lower amount, and not in all cases. The cardholder will assume the first 50 euros. However, it will be possible to release him/her from this payment by proving: (i) that it was impossible to detect the loss, or (ii) that the loss was due to the  inaction of the issuing entity.

However, the holder shall bear all losses arising from unauthorized payment transactions if he/she has acted fraudulently. As well as those derived from a deliberate failure to comply with its obligations.

The main obligations of the holder are those detailed below:

1.      To take all reasonable measures to protect their personal security credentials.

2.      In case of loss, theft or misappropriation, to notify the issuer, as soon as it becomes aware, without undue delay.

However, in case of loss or theft, the holder may be exempted when

1.      The transaction has been carried out by non-presential means.

2.      That is, using only the data printed on the card.

3.      There has been no fraud or negligence involved.

4.      The cardholder has notified the loss or theft.

5.      The cardholder has kept a record of the loss or theft of his/her personal credentials.

Conclusions

The regulations on payment services give special attention to cases of abnormal card operation.

It distinguishes between errors in execution and improper use of payment instruments. It establishes different obligations and responsibilities for issuers and cardholders.

However, the new regulations reinforce the trend towards a more user-friendly regulation.

If this article has been of interest, we also suggest you to read the following article published on our website: Usury in revolving cards.

Publicaciones relacionadas

¿Vender o Crecer? ¿Qué debe hacer con su negocio?

10 preguntas cuya respuesta le definen como empresario

90 días + 5 caminos para sanear su Cuenta de Resultados.

Lo más leído

Top 100

Subscribe

ILP en el Mundo