Fraudulent Use of Credit Cards

 In Consumer and user rights

In Spain, the number of fraudulent transactions with credit cards issued by Spanish banks reached 888,000 which means approximately 56 million euros, according to data from the Annual Report on the Surveillance of Payment Systems published by the Bank of Spain. Although fraud rates are still considered low, it is advisable to know the obligations and duties that are attached to the holder of a credit card.

The Ley de Servicios de Pago establishes the following under article 25.1: “The transactions will be considered authorised when the payer has given the consent for their execution. In the absence of such consent, the payment shall be considered unauthorised”.

The consent will be given as agreed by the parties which is usually with the introduction of a PIN code to know if there is authorisation of the cardholder or in those payments without the presence of the card, information that is on the card is usually requested such as security number or expiration date.

It is understood that the holder is the only one who knows this information due to the custody duties imposed by Article 27.a of the above mentioned law; obligation to protect the personalised security elements that it incorporates.

Article 27.b sets a notification duty in case of loss, theft or unauthorised use: “In case of loss, theft or unauthorised use of the payment instrument, notify it without undue delay to the service provider or to the entity designated by him, as soon as there is awareness of it”. 

It is an obligation of the payment entity to ensure that there is a line to make this communication and it must also be free.

In cases of fraudulent use of the card by a third party or payment transactions considered unauthorised, the following rules apply:

1.- If the client alleges that she/he did not authorise a payment, it is up to the service provider to prove that the client authorised it and also establishes that the one that has been registered is not enough to prove that it was correct. (Article 30.1 LSP).

2.- The payment entity will be responsible for all expenses caused by unauthorised payment transactions, as regulated by article 31 of the Law, in those cases in which it was due to his negligence (for example, system violation, cloning, etc.).

3.- In the event of fraudulent conduct or gross negligence, such as not having complied with any of its obligations (for example, in the custody of the card or the data thereof), article 32.2 of the Law foresees that the holder of the card will support all the economic burden caused.

4.- When negligent behaviours are not observed, neither in the credit institution nor in the card holder, in turn, the following rules will apply:

a) The credit institution will be responsible for all transactions that take place after the cardholder communicates the loss or theft of the card, except for fraudulent action by the cardholder (article 32.3 LSP).

b) Until the cardholder does not report the loss of the card:

b.1) Article 32.1 of the Ley de Servicios de Pagos establishes the limit of what the cardholder will bear in case of loss or theft of the card, which is currently at 150 euros, for the unauthorised payments produced before the communication to the payment entity.

The new Directive 2015/36 / EU reduces that amount to € 50 (Article 74).

b.2) If the loss of funds has not been due to the loss / theft of the card but, for example, has been due to the capture of data on the Internet and subsequent operations with them, the credit institution must answer for all (Article 31 LSP in relation to article 112 TRLGDCU).

Te Llamamos Gratis

Conozco y acepto la política de privacidad

We Call You for Free

I have read and accept the privacy policy