Home / Ask A Lawyer / Contact Us
print this page
Call 0845 003 5639
Enter your email address to receive our monthly ezine

Am I liable for Credit Card Fraud?

Thursday July 9, 2009 at 4:45pm

In the past 2 weeks I have been the victim of large scale internet fraud on 2 credit cards, and so I have taken a keen interest in liability and in ways to protect against future fraud.

I have been very careful to use only on line stores who encrypt customer details, but fraudsters have still managed to obtain my credit card details including security number, as well as my address, telephone number, date of birth. This can only be a result of sophisticated hacking, or criminal activity by an employee of one of the stores. The feedback from the coalface is that there has been a huge increase in on line fraud in the last 12 months, no doubt prompted by the success of Chip and PIN. It is not only cardholders but merchants who need to protect themselves.

The first question I wanted answering was to what extent I was liable. For orders placed on line or by telephone, the answer is quite simple. These are so called CNP (cardholder not present) transactions. The burden on proving whether a card transaction has been authorised by the card holder falls on the bank that issued the credit card. If the bank cannot prove it then the customer must not lose out. The transaction must be credited back. This applies to credit and debit cards. This is straight forward for on line and telephone orders. The only possible risk for the customer is where they have been negligent in failing to report the theft of a credit card, which has then been used for telephone or internet transactions.
In most cases the bank will recover the transaction value from the merchant and charge them a fixed penalty in accordance with their terms and conditions of use. If the merchant operates additional security measures to verify a transaction, such as Lloyds TSB Clicksafe®, then the burden of loss will normally return to the bank.

What did surprise me was the number of merchants willing to allow a new account to be set up on line, and goods with a high value to be delivered immediately, to an address different to the billing address of the credit card holder. In my opinion that is an invitation to fraudsters. Normally the card holder will not lose out, but it is a huge inconvenience having a card stopped as often it can take 7 to 10 days to get a new one issued and delivered. It is also possible that the credit limit be restricted until all paperwork has been completed, and in my experience this can take at least 3 or 4 weeks. However, it is the merchants who will have to bear the loss on the transaction and chargeback penalties to the banks. This could be crippling for SME’s, and many have stopped offering on line shopping for this reason.

There is no established law that merchants have a duty of care to cardholders generally. It will take a court decision to establish such a duty, and any slipshod procedures could then be targeted as negligent. Only then could a cardholder who has been the victim of fraud, and who has suffered loss in some way, recover compensation from the merchant.

In the meantime my advice is as follows:


1. Use only websites that have proper security measures in place with customer data encrypted.
2. Check the merchant’s web site address.
3. Always print out the order confirmation.
4. Log out at the end of every session.
5. Delete dormant accounts.
6. Report lost or stolen cards immediately.
7. Register your cards with an on line shopping protection service such as Lloyds ClickSafe® (for Lloyds TSB customers), or Verified by Visa or MasterCard® SecureCode
8. Choose passwords carefully. Do not use family names. Use different passwords for different accounts. Change passwords frequently.
9. When out and about never let your cards out of sight. Most skimming takes place at restaurants and petrol service stations. Keep an eye out for suspicious activity.
10. Subscribe to on line banking and check your statements regularly. Look out for a small transaction which is designed to go through unnoticed, and if successful will be followed by a large scale fraud, as the merchant will then be off guard.
11. Never respond to e-mails requesting bank details, personal information, and passwords, PIN numbers or card security numbers.
12. Never give out your PIN number.
13. Never keep your PIN number with your cards.
14. Before binning shred all paper with personal details, including statements, receipts, and even junk mail addressed to you.
15. Get insurance to cover card theft and fraud as well as identity theft. This may be provided on your household insurance policy but check the terms and cover provided.


1. Use only the most up to date and sophisticated web security utilising encryption of all customer personal data.
2. Do not accept orders by e-mail with credit card details.
3. Use an Address Verification Service.
4. Obtain the Card Security Code from the customer.
5. Check the Industry Hot Card file
6. Check all details with the issuing bank.
7. Never ship goods on a first order to an address different from the card holder’s card billing address.
8. If in doubt write to the card holder’s billing address quoting a unique code and suspend any order until the card holder has responded quoting the code.
9. Sign up to the available verification schemes offered by the banks, such as Lloyds ClickSafe, Verified by Visa, or MasterCard SecureCode as these will provide an additional layer of security and should in most cases protect you from chargebacks.

For advice on liability for credit card fraud and dispute resolution contact:

Nigel Musgrove

Business and Litigation Solicitor

Add to: Digg Add to: Del.icio.us Add to: StumbleUpon Add to: Furl Add to: Google

This blog is not intended to constitute legal advice, nor is it intended to be a complete and authoritative statement of the law, and what we say might be out of date by the time you read it. You should always seek legal advice to confirm whether or how any information in this article applies to your particular situation. We offer a free telephone consultation to discuss your particular circumstances.

1 Comment

Matt Miller | April 9, 2010 @ 7:33pm
How about if the card has been stolen and money has been able to be withdrawn from either an ATM or a bank teller with it??...

Leave a Comment

Your Name  
Email Address  
(kept hidden)
Human Validation Check  
What is 17 - 2 ? Answer

ask a lawyer
contact us
book appointment
Blogs By Lawyer
©2016 Cousins Business Law. All Rights Reserved. No unauthorised copying, extraction or other use is allowed except with our prior written permission.
Cousins Business Law is authorised and regulated by the Solicitors Regulation Authority under number 485128.
Head Office: Swan House PO Box 11543, Birmingham, B13 0ZL. Tel +44 (0)845 003 5639. Fax: +44(0)121 275 6155. VAT Reg No. 881 045625.