Credit Card Fraud: Who Pays?

Who pays when your CC details are stolen?
Who pays when your CC details are stolen?

OK – this subject is always a hot topic for the media, not to mention a Day of Armageddon for the Nervous Neds and Nellies of the world.

So what really happens when your credit card is used online, somewhere in the world, without your knowledge or permission?

Who pays? How are you affected?

Well, let me tell you as I have recently experienced this first hand!

Last Saturday morning I awoke to find I had received a text from NAB in the wee hours of the morning informing me they had frozen my VISA card as they had detected some “suspicious transactions”.

I logged on to investigate, and sure enough, there were two transactions that weren’t mine:

  • Green Peace $16.43
  • Sainsbury’s Newcastle UK $1,231.99 (now that’s a big grocery bill !!)

The text message directed me to phone the Fraud Division of NAB to discuss the transactions.

Well, I must say this was all very exciting, albeit unexpected, for 6am Saturday morning. I sprang out of bed and headed to my home office to make the call.

After a series of voice prompts and security questions I spoke to a nice gentleman named Mark (not his real name :) ). Here is how our conversation went:

“Yes, Mrs Coulthart we are questioning the Sainsbury transaction.”

“Correct, that wasn’t me, and neither was the Green Peace one. I think that was probably their test transaction.”

“Right, got it – I have listed those two as fraudulent. We will cancel your card and issue you another one; it will take 3-5 working days to arrive. I have also dispatched a letter that you will need to sign to have those two transactions reversed.”

“OK, great! Just one question. What about…”

“Your automatic deductions will need to be set up again on the new card.”

“Oh, OK. No, I have another issue. On Monday I need to pay for some OS flights, and if I don’t pay for them on Monday, we lose our booking.”

“Have you go another credit card?”


“OK, I have made a note of that. Please call us on Monday just before the transaction is processed and we will manually approve that transaction and then cancel the card once the transaction is approved.”

“Sound like a winner, Mark. Let’s do that. How did this happen?  I am always very careful about the details of my card.”

“Two possibilities, either one of the companies with an automatic payment didn’t store your credit card details securely, or the hackers have run an algorithm to generate credit card numbers, and they keep trying until they get one that works. They generated the right numbers and got yours. It’s nothing you have done or haven’t done.

“Good to know. Thank you!”

“No problem, have a lovely day. Please call us if you need anything else or have any further questions.”

After that call, I spent the next 15 minutes sending off emails to all the businesses I have DD arrangements with advising them of the situation and that I would update my payment details as soon as I received the new card.

Done! Sorted! Thank you, NAB!

So, what have I lost?

$1,248.42? – Only temporarily until I sign the letter and they reverse the transactions.

Can’t use my card for a week? – Well, that probably isn’t a bad thing 😉

A few declined transactions? – possibly, but I have notified the relevant parties of the situation.

Flights? – Nope, all sorted!

Time wasted? – Only about 30 minutes in total.

Did I lose anything? Nothing really, NAB was all over it, and in 3-5 working days I will be back in the position I was on Friday before any of it happened.

The victim?

To be honest, I wasn’t really worried when I saw the transactions. I knew it wouldn’t be too hard to have them reversed because I am the cardholder.

The party who pays is the merchant, or at least their insurer. If a merchant wants to dispute the reversal of a transaction, they must be able to provide evidence that the transaction is authorised (signature, pin, CSV code, billing address, etc.). That is why they ask for all sorts of information that identifies you as the authorised holder of the card, especially if it is an online transaction.  If Sainsbury’s has already shipped the goods before the reversal of the transaction, they may be out of pocket, but only until they claim on their insurance.  They will also likely disclose the details to their local fraud squad, including the address to which they shipped the goods.

Did the hackers win?

Not really – at most they may have received some free groceries, but the fraud squad and Karma will eventually catch up with them!

Should I be worried and stop buying online?

Not at all. We live in a digital age, and we buy things online, all the time. There is a risk, but I don’t think the risk online is any greater than it was before online purchasing, when someone could just as easily have stolen your wallet or picked your pocket and used the physical card to do the same thing.

It happens, it’s part of life, but thanks to the digital age and online purchasing, our banks have stepped up and are constantly monitoring transactions and looking for “suspicious activity” which will automatically freeze the card in question before things get out of hand.

We should all take reasonable measures to keep our credit cards and personal information secure, but stuff happens, and at the end of the day it all gets sorted, so we shouldn’t become paranoid or Nervous Neds or Nellies. Armageddon did not arrive – not today!

Leave a Reply