Rules bar fast help in card fraud


Your Money

September 25, 2007|By DAN THANH DANG

Denise Stanco was desperate.

Trying to stop a theft from her checking account in progress, the 54-year-old information technology specialist frantically e-mailed her last hope - in the Kingdom of Bahrain.

In three e-mail messages, the Catonsville resident explained that someone swiped her debit-card number, faked a passport in her name and purchased two tickets worth $1,201 on Bahrain's Gulf Air. Stanco pleaded with someone, anyone to help her.

Everyone she turned to thus far had disappointed her, since she'd learned from a credit-monitoring service that someone had used her debit-card number to purchase Gulf Air tickets, Birkenstocks and Asian Air tickets.

Securityplus Federal Credit Union said its hands were tied, even though the fraudulent charges had not been deducted from her checking account yet. The local police said they couldn't investigate without knowing where the bad guy was located. So e-mailing Gulf Air, in an effort to overturn the charge, was a last resort.

It brought the only real help she got.

The carrier investigated, discovered faked passports and then refunded Stanco's money - all except $24 due to the fluctuation in the value of the dollar.

"In this particular case, it was not a big issue as the contacts given in the booking were all fake and no response was received by phone/over e-mail," Lars Denlew, head of distribution and e-commerce for Gulf Air, said in an e-mail interview.

Investigating fraud, Denlew said, "is not always easy and is very tiresome. ... We are not fraud investigation specialists and do not have any interest of being that either!"

Meanwhile, closer to home, Securityplus dinged her $30 for a bounced-check fee. Since it was holding her money to pay the bogus Birkenstock charge, there were insufficient funds to pay a legitimate check she had written to her lawn service company. This all happened before the credit union let her close the compromised account.

By the time she e-mailed me, she was still out $54 ($24 for the depreciating dollar and $30 for the bounced check). But mostly, she was just whomperjawed.

Can't blame her. As much as I'd like to give Securityplus a big stink-eye for the way they handled this situation, I can't.

They were just complying with regulations.

"The problem is that the credit union approved those charges," said Robert Rutkowski, a partner at Weltman, Weinberg & Reis Co. in Ohio who also writes That Credit Union Blog. "Since they didn't decline those charges at the point of sale, they're responsible for it. Somebody has to bear the loss. The problem is that blind authorization."

Electronic transactions take place in two parts: the authorization and then the posting. At the point of sale, authorization doesn't mean someone has taken the time to make sure the sale is legitimate. It merely means that the financial institution has informed the merchant that there's enough money in an account to cover the charge. Posting is the amount of time it takes for the bank or credit union to release the funds after it's authorized.


The federal regulation that governs debit-card transactions, called Regulation E, was written to make debit-card transactions instantaneous, said John J. McKechnie III, director of public and congressional affairs at the National Credit Union Administration, the federal regulator that oversees most credit unions in the United States.

"Under Reg E, as soon as a card is used, the money is already, technically, gone," McKechnie said. "That's why there's no way to stop it. Reg E and Visa and MasterCard rules - because credit-card issuers have contracts with different financial institutions - require that the charge goes through."

Visa confirmed this statement.

"Visa's rules require that card-issuing financial institutions attempt to honor a transaction after it has been authorized," said Rosetta Jones, vice president of Visa USA.

What that means is that the use of a debit card equates to an immediate transfer of money, as if the thief had lifted cash out of Stanco's wallet.

Despite ads that promote zero percent liability when using debit cards, consumers need to be aware that under Reg E, you must report fraud within two days of discovering the loss. Within two days, you can be held liable for no more than $50. Wait longer, you could be liable for up to $500.

Consumers also need to know that if you report fraud on a credit card, you're automatically credited the money back to your account while the company investigates. When using a debit card, you're out the money until the fraud is investigated, McKechnie said.

So why not try to stop fraud at the point of sale? Easier said than done.

Not responsible

If you've ever written "Please Ask For I.D." on the back of your plastic, you'll know many merchants never even check for a signature - let alone your identification - before swiping your card.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.