/ Money

If a fraudster uses your Pin, who’s liable for the stolen money?

If money is fraudulently taken from your credit card account, your provider is liable, right? What if the fraudster used your card’s correct Pin? Some banks think that this means you’re liable, not them.

Few things in the financial services industry can be considered holy, but Chip and Pin is about as close as you’ll get. Unless Derren Brown’s in the vicinity, your Pin is yours and yours alone, providing instant access to your funds wherever you may be.

But woe-betide he who falls foul of card fraud with a Pin. Despite the rules being crystal clear, a recent horror story of credit card fraud shows that, unfortunately, confusion still reigns. As reported in The Times, Eve Russell was stuck with a £16,000 credit card bill after someone applied for the card in her name.

Despite Barclaycard admitting that it didn’t know who had applied, that the card was sent to a different address, and that the spending was out of character, they argued that because the correct Pin was used, Eve was liable for the bill.

It took 15 months, and an appeal to the initial Financial Ombudsman ruling – which ruled in favour of Barclaycard – for the charges to be waived.

Let’s get a few things straight

However, under the Payment Services Regulations, your bank – not you – is liable for unauthorised transactions unless it can prove you authorised a payment, acted fraudulently, or because you failed to protect your Pin or password in a way that allowed the transaction to occur. That’s prove, not make an educated guess, supposition, suspicion or hint – prove.

As detailed by the Financial Services Authority, your bank cannot simply say that correct usage of your password, card and Pin proves that you actually authorised a payment. Just because your Pin was used doesn’t prove diddly. The bank has to prove you were grossly negligent or acted fraudulently.

This doesn’t mean you are free from responsibility. Writing down your Pin or sharing it with someone else is clearly not allowed, including close family.

But there are a variety of techniques used by fraudsters to get hold of your Pin that aren’t down to your personal negligence, such as pinhole cameras attached to ATMs, skimming and good old fashioned phone fraud.

At the end of the day, it’s down to staff training. We know the rules, you know the rules too, so why are bank staff unaware that they’re obliged to refund customers in cases like Eve Russell’s?

Any of us could be a victim of fraud, but you shouldn’t be out of pocket, even if the correct Pin is used.


Until we have something better than a password containing only four numbers I think the banks should take responsibility. Like most people I have not had money taken from my account but if someone was determined they might manage to see me key in the Pin. I’m not even sure how I would change the number if I suspected that someone has seen it.

Some people make little or no effort to prevent others from watching them entering their Pin, and I don’t see why the banks should be liable for claims in these cases.

Maybe keep the Pin but add retina or fingerprint scanning.

Mikhail says:
9 November 2011

Why not also make retailers more responsible? They should check if the customer presents a genuine bank card with holograms, etc., and not just a reprogrammed hotel door key. The signature on the back is also not just for fun, however I’ve never seen a single shop which even checked it. I love verified by visa and securecode schemes, can’t understand why it hasn’t been implemented everywhere.

In your example, this must depend on where the pin number was sent. If it was sent to the same “wrong” address, then the issuers MUST be at fault – no question. Staff must also be trained better!!!!