Insights for consumers
When making an online purchase, have you ever seen the drop-down message asking if you want the merchant to save your card details? While it may be convenient to save your details for future purchases, if you change your mind, or if the merchant is fraudulent, only your card provider can remove the authorisation.
What happened?
Roimata noticed fraudulent transactions on her credit card account and asked her provider to stop the transactions and compensate her for the money she had lost. The credit card provider agreed that the transactions were unauthorised, and processed a ‘chargeback’, reversing the transactions.
Although Roimata had not lost any money, she complained to FSCL that her credit card provider had told her she could not permanently stop the fraudulent transactions, and her only option was to close the account entirely. Roimata said this was unreasonable.
How did FSCL help?
We called Roimata’s credit card provider to find out more and passed the explanation on to Roimata.
The provider explained that etokens allow a cardholder to authorise a merchant to debit their card without having to go through the usual process of entering their card number and personal details every time they make a purchase. Consumers may remember seeing a drop-down box that asks if they want to save their account number when making an online purchase. While this is convenient for consumers, by accepting this invitation, consumers are allowing merchants easy access to their credit card.
Having accepted the invitation, the etoken authorisation attaches to the consumer’s account status, not their card. This means that if a consumer simply asks their provider to cancel the card because it has been used fraudulently and receives a new card, the etoken will transfer over to that new card. To prevent an etoken authorisation transferring through to a new card, the provider must remove the etoken from the account status.
Although Roimata had understood that the only way she could stop the fraudulent transactions was by closing her credit card account entirely, the provider explained this was not the case. Roimata could safely continue to use her credit card, and get a replacement physical card, because the provider had removed the etoken authorisation from Roimata’s account status, not just her card. The provider reassured Roimata that if she experienced any further problems the provider’s fraud team was available to help.
What was the outcome of FSCL’s investigation?
After we emailed Roimata with the provider’s explanation, Roimata did not pursue the complaint any further and so we discontinued our investigation.
