The Payment Services Regulations 2009 protect you if you're the victim of card fraud. They place legal requirements on your bank and establish your rights to a refund
The Payment Services Regulations
The Payment Services Regulations 2009 (the "Regulations") set out the rules relating to all 'payment services' including the services provided by banks, building societies and debit card providers.
The Regulations also outline what consumers can expect their bank to do if there has been unauthorised use of their account details or their debit cards.
The principles in the Regulations are reflected in the Financial Conduct Authority handbook called Banking: Conduct of Business and Sourcebook (BCOBS)
This is a handbook that sets out the rules that all service providers (including banks, building societies and card providers) must follow.
The Regulations set out what payment service providers must do if there has been unauthorised or fraudulent activity on your account.
Subject to the exceptions noted in this guide, you should be able to get your money back as long as your provider can't prove that you hadn't taken reasonable steps to keep your card or account information secure.
Lost or stolen debit card
If your debit card is lost or stolen and then used to buy something, and you report the unauthorised transactions without undue delay, your debit card provider should refund you immediately.
However this is subject to the following exceptions:
- If your debit card provider can show that you failed to take reasonable steps to protect your security features (e.g. your PIN), then it can make a £50 deduction from any refund it pays to you
- If your debit card provider can show that you acted fraudulently, it can refuse to give you a refund
- If it can show you were grossly negligent in not taking reasonable care of your card's security features (e.g. your PIN), your card provider would have grounds to refuse to refund any of the sum disputed - except where the card or card details were used to make a distance contract under the Consumer Contracts Regulations (e.g. online or on the phone)
However, your debit card provider can't make any deduction or refuse to refund you if the disputed transaction was made after you had reported the card lost or stolen.
If the unauthorised payment(s) caused you to incur interest or any other charges (such as an overdraft fee, for example), your debit card provider must also refund those charges so that you are in the position you would have been in if the unauthorised payment had not taken place.
These provisions don't apply to credit cards as the Consumer Credit Act 1974 already sets out rules that apply to credit cards.
The Consumer Credit Act says that if your credit card is lost or stolen and used without your consent, the most you should be responsible for is the first £50 of any unauthorised transactions made before you reported the card missing.
Unauthorised debit card transactions
The Regulations can also help if there is a transaction on your card that you know nothing about.
If your debit card has not been lost or stolen and someone else uses the card details to buy something (for example if a card is cloned or someone uses details you gave to a retailer when buying an item over the phone or online), then the Regulations mean you should be refunded in full as long as your report the unauthorised transaction promptly.
The Regulations treat unauthorised card usage the same as they do lost or stolen cards. As outlined above, if your provider can show that you hadn't taken reasonable steps to protect the security of your card (i.e. your PIN or online security details) you could be liable for the first £50 of any loss you incur.
And if your provider can show that you acted fraudulently, you won't be entitled to any refund.
As with lost or stolen cards, if you were grossly negligent, then the service provider can refuse to credit any money back to you - except where your card or account details were used to enter into a distance contract under the Consumer Contracts Regulations.