One thing that people need to be aware of, is that Visa does not get to set all of the rules for chargebacks and disputes. You have dispute/chargeback rights that are secured by federal law. They are not as comprehensive as Visa, but in some ways they can be stronger. The problem is there are very few attorneys who practice in this area. I know, because I’m one of them. But some of these protections have Real teeth.
For example, I recently had a client who had his crypto.com account hacked. That account was tied to his checking account. The hackers debited his checking account, by buying bitcoin, and then transfer it out the bitcoin. My client disputed the charges, and the bank denied all of his disputes.
This was all in the context of a well documented breach of a major telecom company. He had all of the substantiation. It was clear that the bitcoin had gone into a very large wallet for purposes of fraud. Despite all of this, he was denied his dispute.
Long story short, we got his $10,000 back, got him another $5000, and the bank pay my fees. That was all based on federal law, not visa dispute rules. So the good news is that these changes do nothing to diminish those lasting rights under the law. But it should put this issue on your radar. If they are starting here, it won’t be long until they start lobbying Congress to soften the protections in law as well
The problem is in most cases by the time you're talking about involving a lawyer, most consumers have given up the fight. A majority of the fraud cases I've had requiring charge backs have been in the 20-50 dollar range, so not nearly enough to justify legal assistance.
By putting the onus on the legal system it allows merchants to commit smaller scale fraud more easily because normal people don't have lawyers on hand and aren't willing to do so for a $30 case of fraud, as justified as it may be.
It really calls for streamlining small claims court filings for smaller losses, but your point stands about larger losses. Probably room for the CFPB and FTC to work together to provide for this in some capacity.
> That was all based on federal law, not visa dispute rules
In my experience, insurance adjusters are completely oblivious to the distinction here—that there are your company's rules, and then there's the rule of law, i.e. something bigger than you or your boss or your boss's boss, etc.
Insurance carriers especially benefit greatly from the misconceptions held by those in their workforce (and who end up seeding public perception with the same errors), even when they're pretty easily shown to contradict the law. It's almost certainly intentional.
Perhaps you could put some useful information in this anecdote by telling us what keywords we would need to give to a bar referral service to get a lawyer with your particular expertise?
The problem is that this area is so small that most people don’t bother with the niche. However I don’t wanna be completely unhelpful, so I would encourage anyone who’s looking to look for someone who has experience with “FCRA” cases.
That’s a really big niche And should turn up lots of attorneys, but there are some similarities between that type of practice and this other type of consumer protection practice. So even if they don’t have direct experience, they should still be comfortable in that realm.
> And why do you think it is fair to make a bank pay for your fees
Because if the bank broke their legal obligations to the customer and the consumer had to use a attorney to recover their money, the attorney deserves to get paid.
Banks are expected to know their customer and to take measures to prevent fraud, rather than watching money go by and shrugging because they made a few nickels.
You're right up to the point where the context is fraud.
the bank is not required to process transactions for an impersonator. the opposite in fact, it's supposed to filter out the fraudster's transaction! even if his password leaked, none of that matters. the transaction is valid only between the bank and the individual, any failure in communication between those two is the bank's problem, it just depends on how loud the scammed consumer is willing to be.
in China today there are people in Henan province that had their money completely stolen from their accounts... by the bank owner! and who's responsible? the central bank of course, and they will all be repaid, and very fast now because they protested very very loudly
Exactly my point: banks should be responsible for doing the job they are paid for, processing transactions, and should not be liable for someone else's lack of judgement.
The fact that it is legal to make banks pay for such things does not mean it is just, moral or ethical.
We have a few hundred years of legal tradition around banking and commercial transactions, that have been carefully balanced in ways to give everyone involved an incentive to prevent fraud and to produce a system in which the amount of fraud is manageable.
Externalizing all the risk out to the individual customers doesn't seem like a preferable system. Banks have done a whole lot of work to make the risks associated with this manageable and even profitable.
Consumers are safer, and also it is more reasonable to trust the payment system to have safe outcomes. As a result it is used more, and banks make more money.
> US banks in average lose 2-4 orders of magnitude more to fraud than banks outside of the US.
You think US banks lose 10000x as much to fraud as banks outside of the US?
Card fraud in Germany is 0.02% of transaction value. Does that mean it's 200% of transaction value here?
Most recent number I have for US is 6.81 cents per $100, or .07%. The regulatory regimes are not too different, between Europe and the US.
Banks are legally incentivized to reduce fraud, but even so US banks have resisted anti-fraud measures because they add friction to transactions. Witness them being slow to deploy chips to credit cards and electing not to deploy chip-and-PIN in the US.
P.S. I would avoid using the word "retarded", even misspelled.
Some anecdata: I used to work for a bank in Eastern Europe and we once lost a grand total of $6K to fraud one year with about ~1M cardholders.
10000x of that would be $60 per customer per year. Some neobanks here in the US lose more.
The point is, all the fraud loses end up being paid for by other customers.
So that guy changed his mind, filed a chargeback for a transaction he actually did authorize, and he and his laywer got paid by all other customers who did nothing wrong. And some folks who could have been happily banked ended up unbanked.
Every indication is that Europe has about half the payment card fraud rate of the US-- mostly explained by lower rates of card-present fraud due to use of chip-and-PIN.
I was surprised to see Eastern Europe have such a low rate of fraud from an issuing perspective, but it's still about half the European average. From the acquiring perspective, Eastern Europe is *ahem* well-represented in payment fraud.
> So that guy changed his mind, filed a chargeback for a transaction he actually did authorize,
That is not the facts or situation that the grandparent poster described.
You are looking at it from the wrong end, averages mask the issue.
Consider this: Romanian state employees generate multiple X less fraud than average Romanians. Bank serving them may lose cents per customer per year and make, say, $50 per year.
A neobank in the US engaged in predatory lending to gig workers may lose $60 per customer per year, but may make $200.
If you compare similar segments and similar business models, the difference can be 2-4 orders of magnitude, depending on segment.
That guy authorized crypto.com to access his bank account, crypto.com got hacked, and bank ended up paying him and his lawyer. What is not correct here?
Who had to foot the bill in the end?
> You are looking at it from the wrong end, averages mask the issue.
Your claim was there was 10,000x more payment fraud in the US than in these countries, due to the different regulatory regime.
Data indicates there's like 3-4x, and a lot of it is more easily explained by greater share of card-not-present transactions and lack of chip-and-pin.
> If you compare similar segments and similar business models, the difference can be 2-4 orders of magnitude, depending on segment.
Oh, so you want to compare the lowest-risk banking sectors in Romania to the highest risk sectors in the US? Sorry-- this does not make sense as a way to compare regulatory regimes.
In the end, banking losses due to fraud... and the systems used to mitigate fraud... cost just several basis points on payment cards in the US and a much smaller share than this on other transactions. This is tiny compared to the overall credit risks and the rest of the cost structure of the transactions.
When it comes to regulation E-- many banks even choose to compete by offering consumers greater protections than reg E requires.
I am merely giving you my experience running banks on both sides of the atlantic.
You can explain however you want. Chip and PIN is a big factor of course but is not the only one. ACH is a hot garbage and is a fraud vector which does not exist anywhere else. Remote account opening is a door wide open for fraud and, again, nowhere else.
Cost of fraud includes FTEs involved in managing fraud, software and infrastructure costs, lost opportunity etc. All those are incomparably higher in the US. I don't really care if you believe me or not, it is just my opinion.
LOL.
I just have to chuckle at trying to bring a moral or ethical argument in favor of banks, given their practices of maximizing of fees they charge to least able to afford them, how they reorder transactions to ensure people go over and they can then extract the most fees.
> I’m a litigator. The system is defined. The law is defined. I just operate within it.
I don't agree with the parent commenter, but I find this view to be widely held among lawyers, and I find it distasteful.
A good way to respond to the question: why should banks be subject to this risk? Because ultimately leaks like the one described shouldn't happen, the people affected by them should be swiftly made whole, and it's not hard to see that banks are in a better position to ensure this happens than the individuals themselves.
Just because from the consumer's perspective the bank "covered" the losses, there's no reason the bank should be understood to be forced to just eat those costs. If a company like crypto.com is ultimately liable, then the bank can more effectively pursue action, whether there was 1 person affected or if N of their customers suffered losses. In the event that there were multiple customers affected, those losses can be consolidated, and the bank can pursue the ultimately liable party to recover the costs that the bank had to (temporarily) foot the bill for. They're frickin' banks.
For example, I recently had a client who had his crypto.com account hacked. That account was tied to his checking account. The hackers debited his checking account, by buying bitcoin, and then transfer it out the bitcoin. My client disputed the charges, and the bank denied all of his disputes.
This was all in the context of a well documented breach of a major telecom company. He had all of the substantiation. It was clear that the bitcoin had gone into a very large wallet for purposes of fraud. Despite all of this, he was denied his dispute.
Long story short, we got his $10,000 back, got him another $5000, and the bank pay my fees. That was all based on federal law, not visa dispute rules. So the good news is that these changes do nothing to diminish those lasting rights under the law. But it should put this issue on your radar. If they are starting here, it won’t be long until they start lobbying Congress to soften the protections in law as well