I was on the phone with our little company’s little bank, wondering why a $5000 charge had been declined. The banker explained that the limit on our card was $3000 per day. “It is to protect you,” he said. “Federal law makes banks liable for fraud on consumer cards, but for business cards we are not responsible.”
Bank of America explains in large print that they offer a $0 Liability Guarantee under Fraud Protection. How about the fine print? “The $0 Liability Guarantee covers fraudulent transactions made by others using your Bank of America consumer credit cards and consumer and small business debit and ATM cards.” (emphasis added)
Could this be a significant difference between the monster banks that we all love to hate and the little banks for which we have nostalgia? And what about BofA’s “small business debit” note? Does that mean a “big business debit” card opens a company to unlimited fraud liability? How about the limit to “consumer credit cards”? Are all business credit cards a potentially serious liability for the company?
[In fairness to the little bank, the phone was answered by a human and I was connected to a banker who could solve our problem within 10 seconds. That doesn’t happen too often at one of the megabanks!]
I experienced business debit card fraud about 10 years ago, and my then mega bank covered my loss. It was a series of overseas charges – $15k in total. My mega bank looked into it, and promptly returned the funds (almost immediately, as I recall).
I don’t think they were just being generous.
I am pretty certain that banks are just as responsible for debit card fraud, though the reporting requirement is still there. From what I understand, the difference between debit and credit card fraud handling is the allowable time frame for returning funds. For credit, they will do so immediately – but for debit, I believe they can wait until they have completed their ‘investigation’ (or some regulatory time frame) to return your funds. In either case, though – assuming fraud is reported in a timely manner – I would expect to see a credit/funds returned.
That daily debit card limit can also be crippling to a business. About a decade ago, my business debit card limit was then $5k a day. After a couple of years, the limit was lifted entirely. This was important because I used it to pay for my business adwords account. No adwords, no sales. And it eventually saw me spending $10-15k a day. BTW, with the mega bank, I got cash back on debit card purchases. Those adwords expenditures returned around $30k a year in cash.
Small banks can work, and I’d certainly use them. But I am also a big believer in businesses using multiple banks to cover their bases. If one suddenly gets risk-averse and tightens limits, you’ve got a backup. This is especially important if you are revenue-dependent on a credit card merchant account (never have just one merchant account if you do most sales by credit cards).
Separate question: Why isn’t it all-fraud all-the-time? If I give my card #, expiration date, billing address, and security code to a merchant, doesn’t that mean that the $12/hour person who took my order can then charge whatever he or she wants using the information? Can we conclude from this that 99.99% of people are actually honest?
“Separate question: Why isn’t it all-fraud all-the-time? If I give my card #, expiration date, billing address, and security code to a merchant”
1) I suppose because it’s an easy fraud to detect and somebody who’s not a professional/Chinese/Romanian trickster wouldn’t dare try. (If you’re a $12/hr merchant and you casually called from an unusual phone and ordered to an unusual address…)
2) Since it’s easy to detect it’s probably stopped often enough (though I usually get an instant decline+text+email about any unusual transaction I try – they do use some sort of pattern matching and AI nowadays)
3) Most people are probably honest/If you work in such position you may even get training from your employer or Card company to ‘educate’ you on their fraud detection/consequences…(just a guess)
Credit card fraud is a federal crime; they’ll get ya.
Phil,
Great post and greater follow-up re the question of why we don’t see more fraud when we hand over vital credit card information to a call-center employee in Birmingham, Alabama.
I’ve thought many times of how the person to whom I just gave my essential digits could spin around and buy themselves all sorts of goodies using my cc info. I guess you’re assumption is correct: most o the time, we prove to be an honest lot.
I use a smaller regional bank for my commercial lending and the founder/president/CEO refuses to give us online banking!!?? Since I know him personally, I’ve repeatedly asked why he’s holding out and his pat answer is one word: fraud.
There is a second aspect to how American banks deal with security. The ACH withdrawal is based on unearned trust, anybody who knows your routing and account number can claim they have your approval to withdraw money. I call this a pull system. Most Europeans banks require a push system, where the consumer approves regular transfers (electronic bills) up to a limit, and other transactions must be initiated by the consumer, where he is logged onto his account, and will be asked to enter his time dependent six digit pin to push money to the recipient. This is a better security than what the American consumer is offered.
Another problem is that if somebody empties your bank account by ACH withdrawal, the banks liability ends if you have not detected the fraud within 60 days. This sucks if you are traveling around the world.
I did ask my bank if they offered an account that doesn’t allow ACH withdrawal, and the only option is a CD, perhaps your rich friends have access to better banking services. To me, this is an argument for banking abroad.
Here’s some interesting ATM card fraud committed by two “bankers” that worked at the Bed-Sty Chase bank
NYT, 12/29/15 – 2 Bankers Charged With Creating A.T.M. Cards to Steal From Accounts
http://www.nytimes.com/2015/12/29/nyregion/2-bankers-charged-with-creating-atm-cards-to-steal-from-accounts.html?_r=0
The 15 JPMorgan Chase bank accounts had a few things in common: They had high balances, there was little activity on them and they belonged to elderly clients — indeed, at least eight were dead. And all 15 of the accounts got regular cash infusions, thanks to direct deposits from the Social Security Administration.
That caught the eye of two private bankers who worked at a Bedford-Stuyvesant branch of JPMorgan Chase, Jonathan Francis and Dion Allison, according to an indictment filed this month in State Supreme Court in Brooklyn. Creating cards for automated teller machines and forged documents, the men and their accomplices withdrew about $400,000 from the accounts over two years…
Mr. Allison, 30, and Mr. Francis, 27, created bank cards for several of the dormant accounts. (While prosecutors believe most, if not all, of the account holders have died, benefit checks continued to be deposited because of faulty reporting to the Social Security Administration.)…
JPMorgan Chase has already faced accusations of fraud among staff members this year. In April, an investment adviser, Michael Oppenheim, was charged in Federal District Court in Manhattan with stealing $20 million from seven of the bank’s clients.
Also in April, another employee, Peter Persaud, who worked at a Chase branch in Brooklyn, was accused of selling customer data — including account numbers, Social Security numbers, addresses and dates of birth — to an informant and an undercover officer. Mr. Persaud was charged with fraud and identity theft in Federal District Court in Brooklyn…
He had told Chase investigators that he had looked for high-value accounts, issued and used the A.T.M. cards, sold some of the cards and account data, and worked with Mr. Francis on the scheme, Mr. Zion said. Also, he had logged onto the Chase system with his co-workers’ credentials when they were away from their desks, according to Mr. Zion.
I wonder where these two “bankers” went to B-school?
And “faulty” reporting to the SSA – try NO reporting to the SSA – the checks just kept coming!
I keep just enough in my BoA checking account to avoid the minimum balance fee. I only need to use the ATM card once per month for some cash.
I’ve had a credit freeze on my credit with the three credit bureaus for over ten years.
Right before I make an on-line purchase, I open another window log in to my Citi Bank MasterCard account and generate a one-time use virtual MasterCard number; then switch back and make my purchase.