Fact Sheet 32:
Paper or Plastic:
What Have You Got to Lose?
Send to Printer
Privacy Rights Clearinghouse
Once you decide to buy something, you then must determine how to pay for it. Do you hand over cash? Write a check? Use your phone? Pay with a credit card? Or use a debit card and have the payment automatically deducted from your bank account?
Many of us decide quickly about the method of payment and spend too little time thinking about the potential costs or consumer protections of each method.
Credit cards, debit cards, and other plastic cards such as prepaid cards may look alike. However, if your card is lost, stolen, or otherwise compromised, the similarities end there. Your out-of-pocket loss could be nothing. Or, a thief could drain your entire bank account. It all depends on the kind of card you use and when you report the loss.
Debit cards typically put consumers at much greater risk than credit cards because they offer less legal protection in the event of a loss. In addition, debit cards access funds directly from your bank account, so your money may remain missing while you and your bank sort out any theft.
This guide seeks to inform you about your rights and outline the potential risks and benefits of different payment methods.
Privacy Rights Clearinghouse recommends that consumers never use (or even carry) debit cards (also known as check cards) because of their risks and their limited consumer protections.
By reading this guide, you will understand how a lost, stolen, or otherwise compromised debit card can result in your bank account being wiped out by a thief, without using your PIN number. Even if you promptly report the loss to your bank, under federal law the bank can wait up to two weeks (or longer in certain cases) to restore the funds to your account. That could make you unable to pay your bills or withdraw cash at an ATM. And if you wait too long to report the loss, you may not be able to recover the stolen funds.
Why the concern over debit and check cards?
Thieves have become increasingly sophisticated in gaining access to sensitive financial information. Databases of major retailers and restaurants have been compromised by hackers. Merchant card reading devices have been surreptitiously replaced with card skimmers. Restaurant employees have secretly captured card information on hand-held card readers. If you have a debit or check card and your account information is compromised, funds can quickly be withdrawn from your bank account without your knowledge. Your account can be emptied, resulting in overdrafts, fees, and an inability to pay your bills.
On the other hand, if you use a credit card, you will have an opportunity to dispute a fraudulent transaction before you have to pay the bill, so you will still retain access to the funds in your bank account.
But my bank offers a debit or check card fraud guarantee, so I’m covered, right?
Not exactly. Many banks do offer a fraud guarantee, and your fraudulently removed funds are likely to be replaced eventually, assuming that you comply with the specific requirements of your bank’s fraud guarantee program. The key word here is eventually. The important thing to note is that the bank is not obligated to restore the funds to your account for at least two weeks while it investigates. During this time period, you may not have your funds available in your account to pay your mortgage, rent, loans, or other bills. Many people cannot afford to be without their money for that length of time.
Don’t I need a debit or check card to get cash from an ATM machine?
Not necessarily. You can ask your bank to replace your debit card with an ATM card. With an ATM card, a PIN is always necessary to complete a transaction. ATM cards cannot be use for online, telephone, or mail transactions. If your ATM card is lost, stolen, or compromised, it cannot be used without your PIN. A debit or check card can be used by a thief without knowing your PIN.
How can I tell if my card is an ATM card or a debit card?
A debit card will have a Visa or MasterCard logo on the front of the card. ATM cards will not have a Visa or MasterCard logo on the front of the card. Both ATM and debit cards may have the logos of ATM networks (such as Star, Co-Op, and Allpoint) on the back of the card.
I don’t like to carry cash. How can I pay for my everyday purchases without using a debit or check card?
If you enjoy the convenience of paying for your everyday purchases with plastic, consider opening a no annual fee credit card account with a small line of credit for those purchases. Be sure to promptly pay off your bill in full each month to avoid any fees and finance charges. We recommend that you do not use any credit cards on which you carry a balance for this purpose, as that would increase your finance charges.
Are there places where it is particularly risky to use a debit card?
- Outdoor ATMs (particularly those in low traffic areas) are at higher risk for card skimming devices and pinpoint cameras than ATMs located inside a bank or business.
- Gasoline pumps pose an extraordinarily high risk for skimming. Skimming devices on gas pumps can be impossible to detect because they may be located inside the pump and utilize Bluetooth technology.
- Online transactions are risky because card information may be compromised at multiple points. Malware can steal data from your computer or other device, unsecured Wi-Fi is subject to eavesdropping, and it can be difficult to assess security at the vendor's site.
- Restaurants are high risk locations because servers generally must take your card to pay your check. While the card is out of your view, they can use a portable skimmer to copy the information from your card.
As a practical matter, there really is no safe place to use a debit card. Massive data breaches such as those experienced by Target, Michaels, Home Depot, TJX (Marshalls and TJ Maxx) and Nieman Marcus have exposed the information of millions of cardholders at thousands of retail locations.
When you use a credit card, a merchant, going through the card network, electronically contacts your card issuer (usually a bank) to verify your account number, expiration date, and credit availability. Once that information is verified, the card network authorizes the transaction. The merchant then is paid by the card network, and the card network collects the money from the card issuer, which bills you in your next statement. You can choose to pay the bill in full each month without interest or extend the payments over a number of months or even years while paying interest.
- With credit cards and charge cards, you can buy now and pay for the goods and services later. Used with discipline, no-fee credit cards are basically free, 30-day loans. This allows users to hold onto money longer while earning interest on balances before paying bills.
- Many cards offer extras, like rewards programs—cash rebates or points that can be exchanged for airline tickets, gift certificates, or merchandise—and extended warranties on purchases, along with car-rental insurance coverage.
- Widely accepted and easy to use, credit cards and charge cards can be especially helpful in emergencies, such as when you encounter unexpected health-care costs or expensive auto repairs.
- Strong consumer protection is another big advantage of credit cards. Credit cards generally offer the best legal remedies against billing errors, defective merchandise and other consumer problems (See below).
- Interest charges, fees, and penalties can mount up, especially if you don’t comprehend the details of how your card works. With many cards charging 24% or more interest on an unpaid balance, consumers can end up paying many more times the price of the item they bought.
- Identity theft often involves fraudulent credit and charge card use. A crook may use your credit cards in a variety of ways. Unauthorized charges may be made using your existing account information.
What are the consumer protections available for credit card transactions?
There are three distinct protections available for consumer credit card transactions:
- The first credit card protection shields you against liability for unauthorized use of your credit card, that is, when someone steals or otherwise uses your card or card number without permission.
- The second protection involves disputes about your bill (billing errors). These disputes may include a merchant overcharging you or charging you for products you never received.
- The third protection is the right to stop payment. Stopping payment is a powerful tool that you can use when you are dissatisfied with the quality of goods or services that you paid for with a credit card.
Remember that these three consumer protections only apply to transactions made with a credit card. They do not apply to debit card transactions.
What law applies to credit card transactions?
The federal Truth in Lending Act (TILA) (15 U.S.C. §§ 1601-1667f, as amended), requires creditors to disclose information about interest rates and other terms of credit.
The Credit Card Accountability, Responsibility and Disclosure Act (CARD Act), Public Law No. 111-24, 123 Stat. 1734 (2009), amended the TILA to enhance fairness and transparency for credit card customers.
The Fair Credit Billing Act (FCBA) (15 U.S.C. 1666-1666j), part of TILA, protects you against billing mistakes and unauthorized charges.
What do I do about unauthorized credit card charges?
The FCBA limits your loss from unauthorized charges to $50. However, if you report the loss before your credit card is used, the FCBA says you are not responsible for any charges you didn’t authorize. If your credit card number is stolen, but not the card, you are not liable for any unauthorized use.
In addition, most credit card issuers have a zero liability policy for fraudulent credit card transactions. To take advantage of this, you usually have to notify the card issuer promptly.
The Federal Trade Commission offers the following advice on using the FCBA to dispute unauthorized credit and charge card purchases:
- Write to the creditor at the address given for "billing inquiries," NOT the address for sending your payments. Include your name, address, account number, and a description of the billing error, including the amount and date of the error.
- Send your letter so that it reaches the creditor within 60 days after the first bill containing the error was mailed to you. If an identity thief changed the address on your account and you didn't receive the bill, your dispute letter still must reach the creditor within 60 days of when the creditor would have mailed the bill. This is one reason it's essential to keep track of your billing statements and follow up quickly if your bills don't arrive on time.
- You should send your letter by certified mail, and request a return receipt. It becomes your proof of the date the creditor received the letter. Include copies (NOT originals) of your police report or other documents that support your position. Keep a copy of your dispute letter.
- The creditor must acknowledge your complaint in writing within 30 days after receiving it, unless the problem has been resolved. The creditor must resolve the dispute within two billing cycles (but not more than 90 days) after receiving your letter.
The Consumer Financial Protection Bureau (CFPB) assumed responsibility for enforcing laws related to credit card transactions on July 21, 2011. Complaints about credit card companies can be made to the CFPB.
Does the FCBA allow me to dispute all unauthorized accounts or charges?
No. The FCBA only applies to unauthorized credit card purchases. If a thief used your debit card or got a car loan or other credit involving installment payments, the FCBA does not apply.
What are contactless credit cards?
Some credit cards now contain embedded Radio Frequency Identification (RFID) chips which enable "contactless payments." These "contactless" cards can either be waved in front of a merchant’s special reader or swiped through a traditional point of sale terminal. The RFID chip has your personal credit card information embedded in it, which can then be read by the merchant’s point of sale terminal. To minimize accidental reading of these cards, they are designed to be read at a distance of one to four inches from the reader.
Unfortunately, scanners that can read RFID cards are available to the general public, including persons with fraudulent intent. Scanners can be used to interrogate the RFID card and retrieve the cardholder’s account information. The credit card issuers generally contend that contactless credit cards are safe, either through use of encryption and/or with the use of dynamic one-time only numbers. Regardless, we recommend that you use an RFID-blocking wallet or sleeve for your contactless credit card.
What are EMV, "chip and PIN" or "chip and signature" credit cards?
EMV (Europay, MasterCard and Visa) is a global standard for authenticating credit and debit card transactions. EMV cards are smart cards that have a chip embedded into the card. The customer must enter a PIN to authenticate the transaction. Unlike traditional credit cards, EMV cards do not rely on a magnetic stripe on the back of the card. EMV cards are considered to provide greater security than traditional credit cards. EMV cards are the standard in Europe.
Chip cards differ from contactless credit cards and they generally do not contain RFID chips. In order to use a chip card, you must insert or "dip" the card into a merchant's reader. You do not "swipe" the card.
The chip stores the same information as the magnetic stripe on your credit card. The chip also contains additional security components not found on the magnetic stripe.
Visa and MasterCard expect to roll out EMV cards in the U.S. by 2015. Retailers that do not use EMV technology by October 2015 (October 2017 for automated fuel dispensers) will be responsible for fraudulent transactions.
Most U.S. chip cards will be "chip and signature" rather than the European "chip and PIN" cards. Instead of entering a PIN on a machine to verify your purchase, you may be asked to sign a receipt just as you now do for swiped credit cards. Chip cards will continue to have magnetic stripes on the back to accommodate merchants that do not have chip readers.
May a merchant require a minimum purchase when I pay with a credit card?
A merchant can require a minimum purchase when you pay by credit card, as long as the minimum purchase amount is not greater than $10. Most businesses have chosen not to implement a minimum purchase requirement, but they are free to do so as long as the minimum does not exceed $10.
Can a merchant add a surcharge or "checkout fee" when I pay by credit card?
It depends upon the state where the merchant is located. A November 2012 class-action settlement with Visa and MasterCard allows "checkout fees" to cover the cost of processing the credit card transaction, except in the 10 states where these fees are prohibited by law.
California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma and Texas have laws making credit card surcharges unlawful. However, these laws may only apply to certain types of transactions, and do not necessarily prevent offering a discount for paying by cash.
The California ban on credit card surcharges applies to private businesses, but does not apply to government agencies or public utilities. It specifically allows discounts for cash payments. California Civil Code Section 1748.1(a) provides:
No retailer in any sales, service, or lease transaction with a consumer may impose a surcharge on a cardholder who elects to use a credit card in lieu of payment by cash, check, or similar means. A retailer may, however, offer discounts for the purpose of inducing payment by cash, check, or other means not involving the use of a credit card, provided that the discount is offered to all prospective buyers.
What are Merchant Category Codes and how are they used?
Merchant Category Codes (MCC) are four-digit numbers that are used to describe a merchant's primary business. For example, the MCC 5311 indicates “Department Stores”, while MCC 7216 indicates “Dry Cleaners”. Some merchant category codes may even identify a specific merchant or type of transaction. When you make a purchase with your credit card, the MCC for the merchant is stored and tracked by your financial institution. MCC codes may allow card issuers to flag purchases that are unusual to the cardholder, and thereby can help prevent fraudulent purchases.
MCC codes may also be subpoenaed in both civil and criminal court cases. MCC codes can paint a picture of where you spent money, which can be relevant to proving a case. They are also used by businesses to determine whether certain transactions are reportable to the Internal Revenue Service. Internal Revenue Bulletin 2004-31 includes a full list of the MCC codes, and indicates IRS reporting requirements.
Can a merchant put a “hold” on my card for more than I spend?
A “hold" is when a merchant tells your bank to set aside a certain amount for an impending purchase. There are different rules for services like restaurants and hair salons then there are for travel businesses — hotels, car rentals, and cruise lines.
Hotels, cruise lines, and car rental companies can pre-authorize a charge. So if you’re booking a hotel, the hotel can place a hold on your card for the estimated cost of your stay, and then charge you the actual value when you check out. If it’s within a certain threshold of the estimated charge, they don’t have to go back and do a second round of authorizations.
For services with a gratuity, the initial authorization can only be for what you actually spent. If dinner was $50, then a $50 authorization appears on your account with a notice indicating that the value is subject to change. That $10 tip you added when you signed the receipt gets added later, and then you’re charged the full $60.
Debit cards (also known as check cards) look—but don’t act—like credit cards. Typically, they have a Visa or MasterCard logo on the front, but (unlike a credit card) will also say “Check Card” or “Debit” somewhere on the front of the card. They work more like checks because the money is deducted directly from your bank account. You or the merchant runs the card through a scanner that enables the bank to electronically verify the funds are available and approve the transaction.
Debit cards can function either with a Personal Identification Number (PIN) (on-line transaction) or without a PIN (off-line transaction). ATM (automatic teller machine) cards only function with a PIN (on-line transaction).
- An “on-line transaction” deducts the money from your account almost immediately and for safety reasons, requires you to give a Personal Identification Number, or PIN. PIN transactions take money from your account via electronic fund transfer (EFT), networks such as Pulse, Interlink, Star, or NYCE.
- An “off-line transaction” may not transfer the funds for a few days, and you generally sign a receipt instead of using a PIN. Signature purchases generally go through the MasterCard, Visa, or Discover networks, just like a credit card.
Banks that issue debit cards must offer at least two competing networks for processing your transaction. The merchant can decide which network to utilize in order to save on its processing costs (interchange fees). Merchants often steer customers toward using the PIN-type card because banks get higher fees from retailers when consumers use signature cards. A merchant may also offer a discount or incentive to steer you towards a particular method of payment.
Banks often steer their customers toward no-PIN transactions (signature transactions) because they collect higher interchange fees for no-PIN transactions.
- Using a debit card is easier and faster than writing a check, and they are widely accepted by merchants. Some consumers like the sense of security they get by spending only what money they have in the bank, though in some cases that may be a false sense of security. (See “minuses.”)
- Debit cards don't carry the same legal protection as credit cards. Federal law limits your liability on a debit card to $50, but only if you notify your financial institution within two business days of discovery of the theft. If you wait longer than 60 days after your bank statement was mailed, you could lose all the money in your checking account, and even more! We at the PRC have been contacted by many identity theft victims who have experienced debit card fraud. While in most cases their banks eventually replenished the stolen funds from their checking accounts, many were without access for several weeks while the bank conducted its investigation. In the meantime, they were caught short, unable to pay their bills.
- Consumer protections for debit cards are not as strong as those for credit cards. Because funds are deducted from your account quickly, you do not have the option to stop payment in a dispute.
Debit and ATM card transactions are included in the broader category of EFT or electronic funds transfers. Use of these cards and your potential loss are governed by the Electronic Funds Transfer Act (EFT Act) (15 U.S.C. §§ 1693-1693r)
- The big car-rental firms, including Hertz and Avis, have stopped letting people rent cars using debit cards. For years, these companies have used possession of a credit card as a way of weeding out potentially risky renters. But with banks issuing debit cards to nearly anyone with a bank account, the car-rental outfits have tightened their rules.
- Another debit card danger arises from merchant “blocking.” Blocking occurs when a merchant routinely withholds an amount on a debit card until the transaction is fully processed. This typically occurs at hotels, gas stations, and those rental car companies that still accept debit cards. When you use a debit card, the blocked amount can cause your bank account to be overdrawn.
- If you have opted in to your bank's overdraft transfer plan, you could incur a fee averaging $35 if a debit card transaction exceeds the available balance of your account. Note however that financial institutions are prohibited from charging fees for overdrafts
on debit card transactions at "point of sale" terminals in stores unless the individual opts in to pay those fees. If you do not
opt in, your bank's standard overdraft services won't apply to your
everyday debit card transactions. These transactions typically will be
declined when you don't have enough money in your account, but you will
not be charged overdraft fees.
- Even an inadvertent error by a merchant could result in large overdrafts and financial disaster. In August 2012, an error in a Southwest airlines promotion resulted in customers being charged numerous times for each ticket. Some customers reported thousands of dollars mistakenly withdrawn from their bank accounts.
- In addition, consumers who use debit cards to the exclusion of credit cards may be missing an opportunity to establish their creditworthiness. Responsible use of credit cards—unlike debit cards—helps build good credit scores. A good credit score can reduce the rates that you pay on car loans, mortgages, and insurance premiums.
Does use of a PIN make debit or ATM cards safer to use than credit cards?
A PIN may give you some comfort as long you closely guard your PIN and are alert to potential scams. For example, thieves have been known to “rig” ATM machines so your account number and PIN are surreptitiously recorded when you insert your card. Account information and PIN numbers have also been captured when unwary consumers buy gas or use a debit card for purchases.
You should also use caution when using a debit card to make online purchases. Remember, however, that although you choose to use a PIN with your debit card, a thief can use a debit card in a non-PIN transaction, thereby emptying your bank account without knowing your PIN.
How much can I lose from debit or ATM card fraud?
If you report a debit or ATM card missing before someone uses it, the EFT Act says you are not responsible for any unauthorized transactions. If someone uses your ATM or debit card before you report it lost or stolen, your liability depends on how quickly you report it:
- Your loss is limited to $50 if you notify the financial institution within two business days after learning of loss or theft of your card or code. But you could lose as much as $500 if you do not meet the two-day deadline.
- If you do not report an unauthorized transfer that appears on your statement within 60 days after the statement is mailed to you, you risk unlimited loss on transfers made after the 60-day period. That means you could lose all the money in your account plus your maximum overdraft line of credit, if any.
If someone makes unauthorized transactions with your debit card number, but your card is not lost, you are not liable for those transactions if you report them within 60 days of your statement being sent to you.
What happens after I report misuse my ATM or debit card?
The EFT Act requires the bank to investigate within the following timeline:
- The bank must investigate and resolve your complaint within 45 days.
- For errors involving new accounts (opened in the last 30 days), point-of-sale transactions, and foreign transactions, the bank may take up to 90 days to investigate the error.
- If the bank takes longer than 10 business days to complete its investigation, generally it must put back into your account the amount in question while it finishes the investigation. For new accounts, the bank may take up to 20 business days to credit your account for the amount you think is in error.
- If it finds no error, the bank must explain in writing why it believes no error occurred and let you know that it has deducted any amount re-credited during the investigation. You may ask for copies of documents relied on in the investigation.
The important thing to note is that the bank is not obligated to restore the funds to your account for 10 or 20 business days while it investigates. During this time period, you may not have your funds available in your bank account to pay your mortgage, rent, loans, or other bills. Contrast this with a credit card dispute, in which you have access to the money in your bank account during the investigation.
What if the bank doesn’t believe I’ve been a victim?
You can file a complaint against the bank or other financial institution with the appropriate federal agency. Even though the EFT Act requires an investigation, some financial institutions may give your complaint a cursory look, send you a “form” letter and refuse to restore your money. If this happens, be persistent, and, if necessary, speak with an attorney about your options.
Does the EFT Act cover preauthorized payments?
Not always. The EFT Act does not apply to electronic funds transfers within the same financial institution. If, for example, you authorize automatic mortgage payments and your mortgage is held by the same bank from which you are transferring payments, the EFT Act would not apply.
How can I protect my account?
- Immediately deduct your debit card transaction and fees from the balance in your checkbook. Also, keep your debit-card receipts so you can compare them to your bank statement.
- Safeguard your account number and PIN. See tips on how to do this at the end of this guide.
- Check your monthly statement and balance to spot any unauthorized transfers.
- Between bank statements, check the account balance printed on your ATM receipts. A suspicious drop in your balance could be a tip-off that a thief has tapped into your account.
Worried about carrying too much cash? Wonder what to give a friend for her birthday? Tired of stopping at the toll booth or fare-card machine on your daily commute to work? Don’t like the hassle of carrying travelers’ checks when you go on vacation? For these and other purposes, you can prepay “up-front” and get a gift card or a prepaid card.
Gift cards. When you purchase a gift card, be sure to read the terms and conditions (which may be printed on the card or its packaging). Provide both the terms and conditions and the receipt to the gift card recipient.
A gift card is generally identified by a specific number or code and not with an individual name. Thus, most gift cards can be used by any person in possession of the card. If a gift card is lost or stolen, its value may be lost. Therefore, you should treat the gift card like cash. Some gift cards can be registered by the owner, providing a mechanism for reporting lost or stolen cards.
Once you have spent the entire value on the gift card, you may still want to keep it in case you need to return merchandise that you have purchased with the card. Some retailers will only allow you to return merchandise when you present the original form of payment.
Federal law provides important consumer protections that apply to gift cards sold on or after August 22, 2010. These rules apply to both store gift cards, which can be used only at a particular store or group of stores (such as a book store or clothing retailer, also known as "closed-loop cards") and bank-issued gift cards (such as those with a MasterCard, Visa, American Express, or Discover logo, also known as "open-loop cards"). The law provides the following protections:
Limits on expiration dates. The money on your gift card will be good for at least five years from the date the card is purchased. Any money that might be added to the card at a later date must also be good for at least five years.
Limits on fees. Gift card fees typically are subtracted from the money on the card. Under the new rules, many gift card fees are limited. Generally, fees can be charged only if you haven't used your card for at least one year and you are only charged one fee per month. These restrictions apply to fees such as dormancy or inactivity fees for not using your card, fees for using your card (sometimes called usage fees), fees for adding money to your card, and maintenance fees.
You can still be charged a fee to purchase the card and certain other fees, such as a fee to replace a lost or stolen card. Make sure you read the card disclosure carefully to know what fees your card may have.
These rules apply only to gift cards, which are just one type of prepaid card. The new rules do not cover other types of prepaid cards, such as a reloadable prepaid card not intended for gift-giving purposes. For example, a reloadable prepaid card with a MasterCard, Visa, American Express, or Discover brand logo that is intended to be used like a checking account substitute is not covered. The rules also do not apply to cards that are given as a reward or as part of a promotion. For example, a free gift card given to you by a store if you purchase merchandise or services would not be covered by the rules.
In some states, consumers are protected by both the federal law and state gift card laws.
In California, most gift cards cannot have any expiration dates or service fees. In this respect, California law is more consumer friendly than the federal law. However the California law does not apply to multiple retailer gift cards such as mall gift cards or bank gift cards including Visa and MasterCard gift cards. For those types of gift cards, only the federal law would apply.
The California gift card law is complex and does not apply to all gift cards. There are numerous exceptions to the California gift card law. One unusual benefit of the California law is that a gift card with a remaining balance of less than $10 is redeemable in cash for its remaining cash value.
With many retailers recently filing for bankruptcy, you should be aware of the rules governing gift cards in a bankruptcy proceeding. A gift card sold by a seller that seeks bankruptcy protection may have no value. However, the holder of the gift card may have a claim against the bankruptcy estate. Sellers that file "Chapter 11" (reorganization) bankruptcy intend to stay in business, so they typically will ask the bankruptcy court for permission to honor gift cards in an effort to maintain good customer relations. If the bankruptcy court does not allow gift cards to be honored, or if the seller files "Chapter 7" (liquidation) bankruptcy, holders of gift cards are creditors in the bankruptcy case.
Some online sites allow users to trade, donate, buy and sell gift cards. Sellers use these sites because the gift card is not to a store of their liking. Buyers use them because they provide opportunities to buy these cards for less than they are nominally worth at the business.
Prepaid cards include payroll cards, flexible spending account (FSA) cards, government benefit cards, payroll cards, and cards intended as a checking account substitute (also known as general purpose reloadable prepaid cards or GPRs). Unlike gift cards, prepaid cards typically are issued in the name of individual account holders. They often may be used to obtain cash at an ATM machine. Prepaid cards may have a Visa or MasterCard logo and the word “debit” printed on the front of the card. Typically, the card’s value is recorded on a remote database, which must be accessed for payment authorization.
Many prepaid cards impose multiple fees on consumers. Moreover, when prepaid cards are lost or stolen, consumers may not protected by the same safeguards that enable other debit card users to recover their money. Prepaid cards may only have voluntary protections from the issuer.
Some prepaid cards may be reloaded with value, while others cannot. If a card can be reloaded, it's considered a general purpose reloadable (GPR) card. GPR cards are initially issued for a set amount, but consumers can add funds to the cards.
Federal laws do not limit the liability of GPR card users for fraudulent or unauthorized use. Therefore, consumers may face significant risk of loss when using a GPR card. However, Visa and MasterCard branded GPR cards may offer "zero liability" protection in the event of fraudulent activity. It's important to note that this protection does not extend to PIN-based transactions.
Unlike GPR cards, government benefits cards and payroll cards have protection under federal law for fraudulent or unauthorized use of your card. Some states now require benefit recipients to receive those benefits on a prepaid card rather than offering direct deposit of benefits to their own bank account. The National Consumer Law Center has a comprehensive survey of 42 states' unemployment benefits prepaid cards.
Stored value cards refer to products for which a value is recorded on the card itself. They are frequently used by many public transport systems and library photocopiers, where a simplified system (with no network) stores the value only on the card itself. To thwart counterfeiting, the data is encrypted, though not very strongly given the relatively low amounts of money involved.
Fees charged for stored-value cards vary greatly, and what you can do about a lost or stolen card depends on the terms of your agreement with the vendor. Stored-value cards also fall under the broad category of electronic payments, what the FTC calls “e-money.” However, the agency advises that payments with stored value cards are not protected by the Fair Credit Billing Act (FCBA) or the Electronic Funds Transfer Act (EFTA).
The Uniform Commercial Code (UCC), a version of which has been adopted by most states, includes consumer protections against check fraud. Generally, the UCC holds the bank responsible for fraudulent checks as long as you, the customer, exercise “reasonable” care, such as timely reporting.
A demand draft is a document created through an internet site to withdraw money from a bank account. Demand drafts don’t require a signature but include a bank-routing number, account number, and sometimes a valid email address. “Checks” may be sent through email and can be printed for payments.
Unauthorized access to your bank account is always possible if a thief knows your bank routing number and account number. More common complaints about demand drafts have come from people accepting fraudulent payments. For example, someone sells an item over the internet and accepts payment by demand draft, only to find out later the payment was a fraud. If someone uses an unauthorized demand draft to withdraw money from my account, you should notify your bank immediately.
Cashier’s Checks and Money Orders
Cashier’s checks and money orders work in some ways like stored-value plastic cards. You pay cash up-front for this paper and use the paper for other purposes. Like personal checks processed conventionally, cashier’s checks and money orders are governed by the terms of your state’s version of the Uniform Commercial Code. If you purchase these products from a bank, post office, or other reliable source, you can be assured that the paper is legitimate.
Your greatest risk involves accepting a cashier’s check or money order from someone who owes you money. Counterfeit paper that looks like a cashier’s check or money order is often associated with internet scams. When, for example, you sell personal items through an online auction site, a thief may send you counterfeit paper, often in an amount greater than the sales price, and ask you to refund the difference.
Like any other payment method, there are advantages and disadvantages in always paying by cash. On the one hand, you don’t have to worry about credit scores or overdraft fees. But, if your cash is lost or stolen, you do not have the protections you may have with other forms of payment.
Additionally, currency has always been a prime target for counterfeiting, which the US Secret Service calls one of the oldest crimes in history. Just as government printing techniques have changed to make official currency harder to duplicate, counterfeiters are ever employing the latest technology.
Mobile payment apps allow you to use a mobile device such as a phone instead of credit, debit, or prepaid cards. Consumers can make three types of payments with these devices:
- P2P payments or person-to-person payments including noncommercial payments from one consumer to another and commercial payments from a consumer to a small-scale merchant
- Goods and services purchased online on a mobile device
- Payments at a point of sale (POS) terminal at a retail establishment
Point of sale retail purchases account for the majority of mobile payments. Your mobile device essentially becomes a virtual or digital "wallet”. If all works as intended, your device is all that you need to carry out a transaction with a merchant. Typically this is accomplished by way of an app offered either by a merchant or by a payment service.
Digital wallets offered by payment services may allow consumers to store multiple payment options, charging either a credit card, debit card, bank account, or cell phone account.
How do mobile payment devices work?
Most payment systems may utilize near-field communication (NFC), which permits short range wireless communication between an NFC-enabled mobile phone (which incorporates a chip that stores the payment app and account information) and operates similarly to a contactless credit card.
Some wallets rely on a model where the payment card is on file, stored in a remote cloud server instead of in the device itself.
Other wallets may use coded images similar to bar codes or display a Quick Response (QR) code or 2D barcode to scan for payment. These two-dimensional barcodes can be scanned by a barcode scanner or other reader to complete the transaction.
A retailer must have the proper equipment to link your device to its cash register. Currently, many merchants do not have this equipment.
What are some of the major digital wallet brands?
There are many competing payment apps available. Some apps only work on one brand of phone (e.g., Samsung Pay, Apple Pay). Others only work for one retailer (e.g., Walmart Pay).
Some of the major brands include Android Pay, Apple Pay, CurrentC, PayPal, Samsung Pay, and Walmart Pay. Consumerist offers a summary of the major mobile payment apps that describes:
- Who owns it?
- How do I fund it?
- How does it work?
- Where can I use it?
What are some of the privacy risks and other concerns about mobile payments?
Mobile payments can expose your personal information to companies that would not be included in a traditional credit card transaction. In addition to credit card issuers and payment processors, mobile payment services may involve the mobile payment provider, the internet service provider, and any third party apps that consumers download. With mobile payments, these companies can get access to the consumer information revealed during a traditional credit card transaction and use this information in new ways.
A Federal Trade Commission staff report Paper, Plastic…or Mobile?: An FTC Workshop on Mobile Payments notes three major areas of potential concern for consumers. The report encourages companies to develop clear policies on how consumers can resolve disputes arising from a fraudulent mobile payment or an unauthorized charge. It also encourages industry-wide adoption of strong measures to ensure security throughout the mobile payment process. Finally, the report notes the privacy issues arising from the consolidation of consumers’ personal information in the mobile payment process. In a traditional credit card transaction, a merchant will have sensitive financial information about consumers, but will generally not also have their contact information and a record of their location. Mobile payment providers also potentially have access to a much larger cache of personal information stored on the consumer’s mobile device.
The CALPIRG publication The Future is Calling: A Consumer Guide to Mobile Payment Systems (Summer 2013) discusses the pros and cons of mobile payments, the risks to consumers, and contains policy recommendations. It explains how this technology challenges old regulatory frameworks.
Before you consider making a payment with your mobile device, be aware of any fees that may be associated with using the service. Also, you need to be aware that your legal protections may vary, depending upon the underlying payment mechanism tied to your device.
What are some of the disadvantages of mobile payments?
It's unlikely that digital wallets will replace traditional payment mechanisms anytime soon. In addition to the privacy concerns mentioned above, there are several disadvantages to mobile payments:
- Digital wallets cannot hold critical documents such as driver's licenses or health insurance cards, nor can they provide cash in situations where cash is the only accepted form of payment
- Competing technologies mean that one digital wallet app is unlikely to be accepted by all merchants that you patronize
- Digital wallets will still require backup with a traditional payment mechanism in the event of a depleted battery or other electronic failure
- Most people are more likely to lose a mobile device than a traditional wallet.
What are some of the potential advantages of mobile payments?
Some mobile payment platforms offer the ability to generate one time use account numbers. This can help prevent payment card fraud and prevent merchants from tracking your purchase history through your credit card number.
Some mobile payments systems use tokenization. Tokenization substitutes a unique one time use code or token for your payment information. The token is worthless for any additional transactions. Apple Pay and Android Pay use tokenization.
What laws protect payments from a mobile device?
A typical mobile payment transaction may involve a merchant, a wireless carrier, a payment service, and a bank. Unfortunately, the law often does not develop as rapidly as technology. As a result, your legal protections when paying with a mobile device will depend upon the underlying payment mechanism connected to the device. This might be a credit card, debit card, prepaid card, or the charges might appear directly on your cell phone bill. Your protections will vary, and generally are the same protections that are described elsewhere in this guide for credit cards, debit cards, and prepaid cards.
There may not be any legal protections if the charges are billed directly to your phone bill. It is best to use a credit card to fund your mobile payments, since credit cards offer the greatest level of protection.
How can I make my mobile payments more secure?
If you have enabled mobile payments on your device, make sure to treat the device the same as you would your wallet or purse. People are much more likely to leave a cell phone unattended then they would a traditional wallet. Make sure that you keep your device locked with a password.
It’s also a good idea to double password protect any payment mechanism. That is, have one password for your mobile device and a different password for the payment mechanism itself. Also, make sure that any downloaded payment apps come from reliable and trustworthy sources. Finally, use any security software that may be available for your particular device.
What are Person-to-Person (P2P) payments?
Person-to-Person (P2P) payments enable consumers to send, receive, or request a payment to or from another person or company. While they are most frequently used for personal payments, they can also be used to make payments to merchants who have chosen to accept P2P payments.
Some P2P services require you to know the other person's bank account and routing information. Other P2P services only require that you know the recipient's mobile phone number or email address. While P2P services may be offered as a standalone product, they frequently are integrated into mobile apps.
There are three distinct mechanisms for P2P services: (1) a consumer instructs a nonbank intermediary (e.g., PayPal) to transfer the funds; (2) a consumer interacts directly with a bank to request a transfer from the bank account of the individual to the bank account of the recipient; and (3) the payment is processed entirely over a credit card or debit card network.
Like mobile payments, P2P payments do not have a specific set of consumer protections. Your legal protections when paying with P2P services will depend upon the underlying payment mechanism. This might be a bank account, credit card, debit card, or prepaid card. Your protections will vary, and generally are the same protections that are described elsewhere in this guide for credit cards, debit cards, and prepaid cards.
- Credit Card Accountability, Responsibility and Disclosure Act (CARD Act), Public Law 111-24, 123 Stat. 1734 (2009)
U.S. Government Publications
- FTC Facts for Consumers: Credit Cards, ATM Cards, Debit Cards, What to Do If They’re Lost or Stolen,
- FTC Facts for Consumers: Disputing Credit Card Charges
- FDIC Chart: A Quick Guide for Consumers on Credit, Debit, and Prepaid Cards,
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.