One of our clients called us with an interesting question regarding disputing a fraudulent transaction on their Business Debit Card. As part of our weekly newsletter series, we asked one of our staff members to research it and explain it in a way that mostly everyone could understand.
Here are the facts:
- They ran the transaction as a non-pin or “credit” transaction
- Their card is a Business Debit Card endorsed by Visa
- The merchant charged the business an erroneous fee on the transaction
When the business contacted their bank, the bank told them that business cards aren’t covered by “Regulation E” so there is nothing that can be done. Not willing to accept that answer, they contacted us to see if we could provide any insight. Based on our research, we were able to provide some clarity and understanding to help the business work with their bank to correct the issue.
What we learned is that there are three primary regulatory bodies that govern what happens in the event of fraud.
1. Consumer Financial Protection Bureau (U.S. Government)
2. Card Brands (Visa, MasterCard, Discover, American Express, etc.)
3. The Cardholders Bank/Issuer
In Regulation E (Electronic Funds Transfer Act) the Consumer Financial Protection Bureau (CFPB) outlines the regulations on liability held on “consumer” accounts, but doesn’t mention business. Which in the industry is interpreted to mean business accounts are excluded.
The next regulatory body, Visa in this case, maintains a zero liability policy for fraud on business check cards but provides exclusions for transactions alleged to be performed by:
• A Business co-owner
• The Cardholder or person authorized by the Cardholder
• Any other person with an interest in or authority to transact business on the account
Since the erroneous fee was not intentionally incurred by the cardholder, it would be safe to assume the disputed portion of the transaction wasn’t performed by the cardholder.
From the bank’s perspective, they are claiming exemption based on Regulation E, however they still maintain responsibility under the Limitation of Cardholder Liability clause of the Visa International Operating Regulations.
The conclusion, under the Visa operating regulations, the bank has a responsibility to verify the fraud and limit the liability to the business, unless it can verify that the transaction falls under an exempt category. We’ve instructed the business to try and reach out to their bank again, with their new knowledge of Visa operating guidelines, and see if they can get it resolved.
For a more detailed explanation or to answer any questions that you have, please feel free to contact us at [email protected]
The Agapay Team