Online payment systems are becoming increasingly secure. However, concern about the security of credit card details sent over the Net continues to hamper the growth of online commerce. Thus, as the commercial world races to hop on the E-commerce bandwagon, security-conscious consumers are joining the ride with one foot on the brakes.
Secure(?) Payment systems
In response to consumer concerns, many E-tailers have secure payment systems. These systems rely mainly on encryption techniques to ensure that consumer information remains confidential. Credit card details are scrambled and transmitted in a format that can only be viewed by an authorised recipient.
Encryption-based security systems however, do not prevent those with authorised access to the decrypted details, such as E-tailers or their employees or agents, from using the details in an unauthorised manner. So what happens when security is breached?
Who pays?
Online transactions, which involve the use of a credit card without a PIN or signature, are not covered by the existing Electronic Funds Transfer Code of Conduct 1998 (the "EFT Code"). As a result, when payment card details obtained in online transactions are misused, the specific credit card issuer determines who must pay.
E-tailers - Beware credit-card charge -back systems
When choosing their preferred method of payment, E-tailers should be wary of accepting credit cards, which are party to a "charge-back system". These systems permit the card issuer, in certain circumstances, to charge-back to the merchant's account the value of unauthorised transactions. This means the E-tailer does not get paid.
Who will pay?
A draft Revised Version of the EFT Code covering new EFT technologies has recently been released.
The draft Code proposes a number of possible approaches to dealing with liability for misuse of payment card details:
Adapt the existing fault-based system so the consumer is liable if the consumer has been at fault;
Divide liability between the consumer and account institution on a no fault basis unless the account institution can prove that the consumer was fraudulent or grossly negligent; or
Hold the Consumer liable for a capped share of losses incurred by delays in reporting lost or stolen cards or failing to report unauthorised transactions on credit account statements. The draft Code states that where both credit card rules and the revised EFT Code may be applied , the rules that are most favorable to the consumer must be used.
Even under the revised EFT Code , liability for misuse of payment card details will continue to rest chiefly with the credit card institution or E-tailer. E-tailers and credit card issuers should thus heed the security concerns of their net smart customers and do everything possible to ensure that consumer credit details are kept safe.
Technological and legal advice must be sought when choosing the right system of secure payment. Clarks International Business Lawyers have created a specialised E-commerce Law Group equipped with the expertise to advise on net security issues and the specific legal challenges brought by the new net-focussed millennium.
This is a very brief introduction to liability for unauthorised use of credit card details and is not intended to be legal advice. This publication cannot be relied on as a substitute for appropriate legal advice suited to your circumstances. Given that this is the case, you should seek and retain the advice of a solicitor if you require a comprehensive and up to date analysis of the law pertaining to
your circumstances.
2000
February, 2001
|
