One of our clients called us with an interesting question regarding disputing a fraudulent transaction on their Business Debit Card. As part of our weekly newsletter series, we asked one of our staff members to get to the bottom of it and make sure our customers knew how to protect themselves.
Here are the facts:
- Our customer’s card is a Business Debit Card endorsed by Visa.
- A merchant ran a transaction from the business (our customer) as a non-pin or “credit”
transaction, when it should have been run as a debit.
- The merchant charged the business (our customer) an additional erroneous fee on the
When the business contacted their bank, the bank told them that business cards aren’t covered by “Regulation E” so there is nothing that can be done. So, essentially the error, or fraud, could not be disputed. Not willing to accept that answer, they contacted us at Agapay to see if we could provide any insight. Based on our research, we were able to provide some clarity and understanding to help the business work with their bank to correct the issue.
What we learned is that there are three primary regulatory bodies that govern what happens in the event of fraud:
- Consumer Financial Protection Bureau (CFPB, a U.S. Government entity)
- Card Brands (Visa, MasterCard, Discover, American Express, etc.)
- The Cardholders Bank/Issuer (Chase, Capital One, BofA, Wells Fargo, etc.)
Our customers bank wanted to follow what is called Regulation E that outlines the rules on liability for “consumer” accounts. However, it doesn’t mention businesses. Which, in the industry, is interpreted to mean business accounts are excluded from protection.
The next regulatory body, Visa in this case, maintains a zero liability policy for fraud on business check cards but has exclusions for transactions alleged to be performed by:
- A Business co-owner
- The Cardholder or person authorized by the Cardholder
- Any other person with an interest in or authority to transact business on the account
Since the erroneous fee was not intentionally incurred by the cardholder, it would be safe to assume the disputed portion of the transaction wasn’t performed by the cardholder.
From the bank’s perspective, they are claiming exemption based on Regulation E. However, Agapay’s point was that the merchant was still liable because the transaction was run through the Visa system, which allows for protection for our customer, a business. In this case, Visa’s protections overrule the bank’s denial of liability.
Under the Visa operating regulations the bank has a responsibility to verify the fraud and limit the liability to the business (our customer) unless either the bank or the merchant account can verify that the transaction falls under an exempt category. We instructed the business on this course, and are glad to report the issue has been resolved.