When Zero-Liability isn’t Really the Case: Target Breach

In the wake of the Target breach, I was reminded that zero-liability on credit and debit cards isn’t necessarily, well, zero-liability.

James Wester, a research director at IDC Financial Insights, sent me a note. “There are costs,” he wrote. “Both direct and indirect.”

He’s right.

There is a difference between consumer liabilities for credit and debit cards, as well as how card issuers treat fraudulent transactions.

(From Wester’s email:)

Credit card liability is zero dollars and any dispute will likely mean your credit balance is reinstated while the dispute is settled. Not so with debit cards. Liability on debit cards is only zero if reported before any charges are made. Before two days liability goes up to $50. Before 60 days the maximum liability is $500. After that any monies lost are gone for good.

The caveat he mentions is that the time starts from when the consumer first learns of a lost or stolen card.

I wrote about the Target breach for this morning’s AJC (I know, it’s behind a paywall):

Target admitted Thursday that hackers had infiltrated the payment system used in all its brick and mortar stores. The admission came a day after digital security reporter Brian Krebs broke the story.

The nationwide retailer stressed that its estimate of the number of people affected, 40 million, is just an approximation. Many of those shoppers will probably never experience any fraud on their accounts.

For now, exactly how this particular breach happened is unclear. Target had little to say on that subject.

“Clearly this was a sophisticated crime,” said Target spokeswoman Molly Snyder, in an email. “However, it is an active and ongoing investigation so I cannot comment further.”

Wester went on to point out that any money stolen from a bank account is not replaced while an active debit card dispute is being settled.

“That means any other payments that need to be made cannot be made while consumers wait to get their own money back,” he wrote. “Plus any payments that are returned because of insufficient funds will have charges applied.”

The issues with debit card liability are one of the reasons why I am annoyed at issuers, merchants, etc. pushing debit cards. It’s cheaper for them but that comes at the expense of consumer safety. If we just taught people to pay their credit cards off every month they would have better protection, better rewards and better credit scores. But merchants would rather see their transactions costs lowered so they push the “convenience” of debit cards.

There are also costs to the overall system.

Though consumers have no liability with their credit cards, they are paying for fraud through higher fees, interest rates, etc. Issuers currently pay for fraudulent transactions and they pass it along to consumers. The issuer’s cost to replace stolen cards will eventually be carried by Target once the issuers sue Target. That too will be passed along to consumers. Even the fines that Visa/MasterCard will undoubtedly levy against Target due to the breach will be passed along to consumers.

Here’s to hoping that the Target breach might cause the payments industry to wake up a bit. But probably not.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s