Shared responsibility in case of card misuse on the Internet, News
The position of the NBS is that the bank cannot be released from responsibility for the amount of 27,000 dinars by proving that the person who misused the card entered the correct information about the cardholder
Card payments on the Internet have become massive, so abuses, despite the protection systems, cannot always be avoided. In the event that the card is misused, the bank that issued it may be fully liable to the extent that it has no liability at all. This is provided by the Law on Payment Services. The general rule is that the bank is responsible for the execution of a payment transaction for which there is no consent of the payer and is obliged to return the amount of the transaction immediately after learning that it is an unauthorized payment transaction. These are cases when the bank, due to a certain technical problem, duplicates the transaction, ie executes it twice in the same amount, and the user has given consent for only one such transaction.
There are also cases of shared responsibility up to the amount of 3,000 dinars, but also when the bank is responsible for the entire remaining amount of the unauthorized payment transaction. Namely, the Law on Payment Services envisages a situation when the payment is made by misusing the card without the use of personalized security elements such as personal identification number, one-time password and the like. This can be the case when a lost or stolen payment card is used to pay online without using a one-time password.
Another situation is when the transaction was made by misusing the card, using personalized security features, for example using the correct personal identification number and PIN, when that security feature was known to the person who misused the payment card, because the payer failed to protect this personalized security element. According to the National Bank, in order for the bank to be released from liability for a loss of more than 3,000 dinars, it is necessary to prove, ie make certain, beyond any doubt, that the payer acted fraudulently or intentionally or negligently failed to fulfill its obligations. relate to the use of the card, protection of personalized security features and notifying the bank of the loss, theft or misuse of the card.
In other words, if the card was misused for online payment in the amount of 30,000 dinars, there is a presumption of shared responsibility, according to which the user will bear a loss in the amount of 3,000 dinars, while the bank will reimburse him 27,000 dinars. The position of the NBS is that the bank cannot be released from liability for the amount of 27,000 dinars by proving that the person who misused the card entered the correct information about the cardholder, card number, card expiration date, ie that this fact does not prove that the user, due to his intention or gross negligence, has not taken all reasonable and appropriate measures regarding the use of the card and the protection of security features.
“It is up to the bank, depending on the circumstances of the specific case, to decide in which way it will prove that it was a deceived action of the payer, ie that the payer acted with intent or extreme negligence in fulfilling its prescribed obligations.” This may include circumstantial evidence concerning the manner of keeping the card and the user’s PIN, the manner of using the card and payment instruments in general, the manner of using the card by the person who misused it, historical data regarding the use of specific user cards, but also other products, on the basis of which banks can indicate the pattern of customer behavior. Arguments and evidence provided by the bank and the user are valued individually and overall in the context of the specific circumstances of each individual case. The practice so far shows that, if, for example, the user took photos of his cards and sent those photos to other people, this can be taken as proof that it is the ultimate negligence of the client, which means that in case of misuse of the card, the user bears the entire loss. When the card is misused with the use of the PIN, and the camera footage shows that the person using the card reads the number written somewhere, it indicates the extreme negligence of the user in protecting the secrecy of the PIN, which means that he bears the full loss caused by abuse”, Politika writes.