Privacy When You Pay: Credit, Debit, Cash and More

  1. Introduction
  2. Credit Cards
  3. Debit Cards
  4. Gift Cards
  5. Prepaid Cards
  6. Checks, Money Orders and Cash
  7. Mobile Payments
  8. Peer-to-Peer (P2P) Payments

1. Introduction

Once you decide to buy something, you then must determine how to pay for it. This guide seeks to inform you about your rights and outline the potential risks and benefits of different payment methods.

2. Credit Cards

When you use a credit card, a merchant, going through the card network, electronically contacts your card issuer (usually a bank) to verify your account number, expiration date, and credit availability. Once that information is verified, the card network authorizes the transaction. The merchant then is paid by the card network, and the card network collects the money from the card issuer, which bills you in your next statement. You can choose to pay the bill in full each month without interest or extend the payments over a number of months or even years while paying interest.

What are the consumer protections available for credit card transactions?

There are three distinct protections available for consumer credit card transactions:

  • The first credit card protection shields you against liability for unauthorized use of your credit card, that is, when someone steals or otherwise uses your card or card number without permission.   
  • The second protection involves disputes about your bill (billing errors).  These disputes may include a merchant overcharging you or charging you for products you never received.  
  • The third protection is the right to stop payment. Stopping payment is a powerful tool that you can use when you are dissatisfied with the quality of goods or services that you paid for with a credit card.

Remember that these three consumer protections only apply to transactions made with a credit card.  They do not apply to debit card transactions.

What do I do about unauthorized credit card charges?

The Fair Credit Billing Act (FCBA) limits your loss from unauthorized charges to $50.  However, if you report the loss before your credit card is used, the FCBA says you are not responsible for any charges you didn’t authorize. If your credit card number is stolen, but not the card, you are not liable for any unauthorized use.

To dispute unauthorized credit card purchases under the FCBA, write to the creditor within 60 days after the first bill containing the error was mailed to you.  Use the address given for "billing inquiries," not the address for sending your payments.  Send the letter certified mail, return receipt requested. Include your name, address, account number, and a description of the billing error, including the amount and date of the error.

The Consumer Financial Protection Bureau (CFPB) is responsibility for enforcing laws related to credit card transactions. Complaints about credit card companies can be made to the CFPB

3. Debit Cards

Debit cards (sometimes known as check cards) look—but don’t act—like credit cards. Typically, they have a Visa or MasterCard logo on the front, but (unlike a credit card) will also say “Check Card” or “Debit” somewhere on the front of the card.  They work more like checks because the money is deducted directly from your bank account. You or the merchant runs the card through a device that enables the bank to electronically verify the funds are available and approve the transaction. Debit cards can function either with a Personal Identification Number (PIN) (on-line transaction) or without a PIN (off-line transaction). 

Are there places where it is particularly risky to use a debit card?

Four especially risky places to use a debit card are outdoor ATMs, gasoline pumps, online, and at restaurants.  

  • Outdoor ATMs (particularly those in low traffic areas) are at higher risk for card skimming devices and pinpoint cameras than ATMs located inside a bank or business.  
  • Gasoline pumps pose an extraordinarily high risk for skimming.  Skimming devices on gas pumps can be impossible to detect because they may be located inside the pump and utilize Bluetooth technology.  
  • Online transactions are risky because card information may be compromised at multiple points.  Malware can steal data from your computer or other device, unsecured Wi-Fi is subject to eavesdropping, and it can be difficult to assess security at the vendor's site.
  • Restaurants are high risk locations because servers generally must take your card to pay your check.  While the card is out of your view, they can use a portable skimmer to copy the information from your card.

As a practical matter, there really is no safe place to use a debit card.  Massive data breaches such as those experienced by Target, Michaels, Home Depot, TJX (Marshalls and TJ Maxx), Neiman Marcus, and numerous hotel chains have exposed the information of millions of cardholders at thousands of locations.

How much can I lose from debit card fraud?

If you report a debit card missing before someone uses it, the Electronic Funds Transfer (EFT) Act says you are not responsible for any unauthorized transactions. If someone uses your debit card before you report it lost or stolen, your liability depends on how quickly you report it:

  • Your loss is limited to $50 if you notify the financial institution within two business days after learning of loss or theft of your card or code. But you could lose as much as $500 if you do not meet the two-day deadline.
  • If you do not report an unauthorized transfer that appears on your statement within 60 days after the statement is mailed to you, you risk unlimited loss on transfers made after the 60-day period. That means you could lose all the money in your account plus your maximum overdraft line of credit, if any.

If someone makes unauthorized transactions with your debit card number, but your card is not lost, you are not liable for those transactions if you report them within 60 days of your statement being sent to you.

What happens after I report misuse of my debit card?

The EFT Act requires the bank to investigate within the following timeline:

  • The bank must investigate and resolve your complaint within 45 days.
  • For errors involving new accounts (opened in the last 30 days), point-of-sale transactions, and foreign transactions, the bank may take up to 90 days to investigate the error.
  • If the bank takes longer than 10 business days to complete its investigation, generally it must put back into your account the amount in question while it finishes the investigation. For new accounts, the bank may take up to 20 business days to credit your account for the amount you think is in error.
  • If it finds no error, the bank must explain in writing why it believes no error occurred and let you know that it has deducted any amount re-credited during the investigation. You may ask for copies of documents relied on in the investigation.

The important thing to note is that the bank is not obligated to restore the funds to your account for 10 or 20 business days while it investigates.  During this time period, you may not have your funds available in your bank account to pay your mortgage, rent, loans, or other bills. Contrast this with a credit card dispute, in which you have access to the money in your bank account during the investigation.

4. Gift Cards

A gift card is generally identified by a specific number or code and not with an individual name.  Thus, most gift cards can be used by any person in possession of the card.  If a gift card is lost or stolen, its value may be lost.  Therefore, you should treat the gift card like cash.  Some gift cards can be registered by the owner, providing a mechanism for reporting lost or stolen cards. 

When you purchase a gift card, be sure to read the terms and conditions (which may be printed on the card or its packaging).  Provide both the terms and conditions and the receipt to the gift card recipient.

Once you have spent the entire value on the gift card, you may still want to keep it in case you need to return merchandise that you have purchased with the card.  Some retailers will only allow you to return merchandise when you present the original form of payment.

Federal law provides the following protections:

  • Limits on expiration dates. The money on your gift card will be good for at least five years from the date the card is purchased. Any money that might be added to the card at a later date must also be good for at least five years.
  • Limits on fees.  Gift card fees typically are subtracted from the money on the card. Under the new rules, many gift card fees are limited. Generally, fees can be charged only if you haven't used your card for at least one year and you are only charged one fee per month.  These restrictions apply to fees such as dormancy or inactivity fees for not using your card, fees for using your card (sometimes called usage fees), fees for adding money to your card, and maintenance fees.
  • You can still be charged a fee to purchase the card and certain other fees, such as a fee to replace a lost or stolen card. Make sure you read the card disclosure carefully to know what fees your card may have.

In some states, consumers are protected by both the federal law and state gift card laws.  

In California, most gift cards cannot have any expiration dates or service fees.  In this respect, California law is more consumer friendly than the federal law. However the California law does not apply to multiple retailer gift cards such as mall gift cards or bank gift cards including Visa and MasterCard gift cards.  For those types of gift cards, only the federal law would apply.

The California gift card law is complex and does not apply to all gift cards. There are numerous exceptions to the California gift card law.  One unusual benefit of the California law is that a gift card with a remaining balance of less than $10 is redeemable in cash for its remaining cash value.

With many retailers recently filing for bankruptcy, you should be aware of the rules governing gift cards in a bankruptcy proceeding.  A gift card sold by a seller that seeks bankruptcy protection may have no value.  However, the holder of the gift card may have a claim against the bankruptcy estate. Sellers that file "Chapter 11" (reorganization) bankruptcy intend to stay in business, so they typically will ask the bankruptcy court for permission to honor gift cards in an effort to maintain good customer relations.  If the bankruptcy court does not allow gift cards to be honored, or if the seller files "Chapter 7" (liquidation) bankruptcy, holders of gift cards are creditors in the bankruptcy case.  

5. Prepaid Cards

Prepaid cards are similar to debit cards.  However, they are not tied to your bank account. Typically, the card’s value is recorded on a remote database, which must be accessed for payment authorization. There are different types of prepaid cards including:

  • General purpose reloadable prepaid cards.  These cards are usually purchased in a retail store and allow you to add money to the card whenever you need.
  • Payroll cards are prepaid cards that you receive from your employer to pay you.
  • Government benefit cards are used by a government agency to pay government benefits, such as unemployment benefits.

Some prepaid cards allow you to have your paycheck automatically deposited by your employer through direct deposit.  Many also allow cash withdrawals at ATM networks.  Prepaid cards can be useful as an alternative to credit cards if you find it difficult to stick to a budget. However, a prepaid card will not help you build a credit history.

New consumer protections for prepaid cards became effective on April 1, 2019.  If you have registered your prepaid card with the card issuer, you have protection in case of an error or an unauthorized transaction.  You generally can’t be held responsible for unauthorized charges or other errors on prepaid cards if you report the error immediately.

6. Checks, Money Orders, and Cash

Checks

The Uniform Commercial Code (UCC), a version of which has been adopted by most states, includes consumer protections against check fraud. Generally, the UCC holds the bank responsible for fraudulent checks as long as you, the customer, exercise “reasonable” care, such as timely reporting.

Cashier’s Checks and Money Orders

Like personal checks processed conventionally, cashier’s checks and money orders are governed by the terms of your state’s version of the UCC. If you purchase these products from a bank, post office, or other reliable source, you can be assured that they are legitimate.

Your greatest risk involves accepting a cashier’s check or money order from someone who owes you money. Many consumers have become victims of fraud involving a fraudulent cashier’s check.

Cash

Like any other payment method, there are advantages and disadvantages in always paying by cash. On the one hand, you don’t have to worry about credit scores or overdraft fees. But, if your cash is lost or stolen, you do not have the protections you may have with other forms of payment.

Additionally, currency has always been a prime target for counterfeiting. Just as government printing techniques have changed to make official currency harder to duplicate, counterfeiters are ever employing the latest technology.  If you suspect a counterfeit bill, report it to the U.S. Secret Service or to your local police.

7. Mobile Payments

Mobile payment apps allow you to use a mobile device instead of credit or debit cards. Point of sale retail purchases account for the majority of mobile payments.  If all works as intended, your device is all that you need to carry out a transaction with a merchant. Typically this is accomplished by way of an app offered either by a merchant or by a payment service.

Mobile wallets offered by some payment services may allow consumers to store multiple payment options, charging either a credit card, debit card, bank account, or cell phone account.  Some digital wallets can store coupons and shopper loyalty card information.

Mobile payments can expose your personal information to companies that would not be included in a traditional credit card transaction. In addition to credit card issuers and payment processors, mobile payment services may involve the mobile payment provider, the internet service provider, and any third party apps that consumers download. With mobile payments, these companies can get access to the consumer information revealed during a traditional credit card transaction and use this information in new ways.

8. Peer-to-Peer (P2P) Payments

Peer-to-Peer or Person-to-Person or (P2P) payments enable consumers to send, receive, or request a payment to or from another person.  They are most frequently used for small payments, such as sharing the cost of a restaurant bill, sending a cash gift, or paying a babysitter.  P2P services are generally intended for the transfer of money from one person to another person that you already know.  Most P2P services cannot be used for commercial purposes, although some can be used to make payments to merchants who have chosen to accept P2P payments.

Opening a P2P account generally requires you to establish a payment source.  This could be a bank or credit union deposit (checking or savings) account, a credit card, or a prepaid card.  Funds used to pay people will be taken out of the source account.  Some P2P services will hold your funds within your P2P account itself (stored value or digital wallet), rather than accessing your money from an external source each time that you make a payment.

There are a number of things to consider when using a P2P app:

  • Understand the P2P service's privacy policy.  It should explain how your personal information (and that of your recipients) is used and shared.  Find out if information about your transactions will be shared with other users, such as your social media friends. Set any available privacy settings to the most restrictive settings to avoid oversharing. 
  • Avoid making payments to people you don’t know, particularly for selling or buying things from strangers.  A buyer/scammer can often cancel a P2P transfer after receiving the goods but before the money is taken out of their account.
  • Be aware of any possible costs or fees, such as a fee to send or receive payments.  Generally, you can make P2P payments from a linked bank account or from the P2P account for free.  Some providers charge fees to process payments from a credit or debit card.
  • If using the P2P service for business purposes, rather than personal payments, make certain that the service allows commercial payments.