Question: Recently, we had a customer cause more than $10,000 worth of damage to our equipment. We charged the repair cost to his credit card, but he disputed the charge. He initially admitted in writing that he actually used the machine, but claimed it was defective upon delivery. When that didn’t work, he disputed the charge with his credit card company saying a member of his family actually signed the charge authorization, not him. Is this even legal? What can we do?
Answer: As most of my clients can tell you, experiences like yours are not uncommon. It is not illegal for a cardholder to allow someone else to use his credit card unless fraud is involved; it’s foolish and inadvisable, but not illegal in most cases. In this case, however, fraud actually may have taken place, and in any event, the cardholder’s actions probably constitute a violation of the cardholder’s agreement with his credit card issuer. Both may be of help to you.
Most credit card agreements prohibit loaning a credit card to someone else, or at least make it clear that the cardholder will be held responsible for all charges made by the borrower, even if the charges themselves were not authorized by the cardholder.
Federal law generally limits the liability of a cardholder for fraudulent charges to the lesser of the value obtained through the unauthorized use of the card before the card issuer is notified or $50 (CFPB Comment No. 12(b)(1)(ii).2 to the Truth in Lending Act). That protection, however, is largely eliminated if the cardholder willingly turns his or her card over to someone else, even a family member or employee. Therefore, absent some written agreement limiting the charges for which the cardholder would be liable — for example, a written credit card authorization that specifically includes such a limit — the cardholder potentially can be held liable not only for his family member’s rental charges, but also for any other charges his family member might decide to make, either at the rental store or elsewhere. Worse, if that family member then loses the card or loans it to someone else, and additional unauthorized charges later appear, the cardholder typically will be liable for those charges as well.
The Consumer Financial Protection Bureau (CFPB) puts it this way in its comment to Section 1026.12 of Regulation Z (12 CFR Part 1026) of the Truth in Lending Act:
If a cardholder furnishes a credit card and grants authority to make credit transactions to a person (such as a family member or coworker) who exceeds the authority given, the cardholder is liable for the transaction(s) unless the cardholder has notified the creditor that use of the credit card by that person is no longer authorized. (Comment 12(b)(1)(ii)3.).
Therefore, unless either your customer notified you in advance that his family member was not authorized to use the subject credit card or your customer’s family member stole the card in order to rent equipment the cardholder then used, the cardholder is almost certainly going to be liable to his credit card issuer for the charges his family member agreed to.
Thus, although it may seem obvious that your customer’s breach of his own credit card agreement should not support his attempt to defraud an equipment lessor who dealt with him in good faith, you’ll probably have to explain this point to your merchant services provider in order to defeat his chargeback claim.
Regarding fraud, having a family member sign a charge authorization with intention of later using that fact as a means of escaping liability for payment arguably constitutes fraud.
Fraud can give rise to both civil liability lawsuits and criminal penalties, which can include fines and/or incarceration. By attempting to avoid payment by using the fact that his family member signed the charge authorization, your customer may have unwittingly exposed himself and/or his family member to much more liability than he realized.
What you and every other equipment lessor should do:
Perform an initial compliance audit. Make certain your credit card practices comply with all applicable laws and security requirements. Penalties can be severe, including up to $2,500 per violation for Fair and Accurate Credit Transactions Act (FACTA) compliance failures.
• PCI DSS compliance. Start with payment card industry data security standards (PCI DSS) compliance. PCI DSS were established in 2004 by a consortium of the major credit card issuers, including American Express, Visa, MasterCard and Discover, one of their goals being to protect payment card data. Among other things, PCI DSS stipulates that only the account number, expiration date, service code or cardholder name on any payment card may be stored by a participating merchant, and that the merchant must utilize technical precautions for safe storage, such as cryptography, truncation, index tokens and securely stored random keys or “pads.”
• New Visa rules. Also, bear in mind that Visa recently automated and simplified its dispute-resolution process, partly in an effort to better protect merchants from invalid chargeback claims. In doing so, it shortened response and resolution times, standardized its chargeback “reason codes” and created four distinct categories for such codes, including fraud, authorization, processing errors and consumer disputes. This is a positive step for merchants, including equipment lessors, but it also highlights the need for having your authorization documents signed, available and ready for submission in response to chargeback claims.
• Applicable laws. A number of different laws also apply including the following federal laws. Many states also have enacted similar and/or supplemental legislation.
Fair and Accurate Credit Transactions Act (“FACTA”) (15 U.S.C. § 1601, et seq.), 2003: An amendment to the Fair Credit Reporting Act, which seeks to protect consumers from identity theft by, among other things, limiting information regarding consumer credit that can be stored electronically by merchants and requiring account number truncation on card receipts.
The Truth in Lending Act (TILA) (a/k/a “Reg. Z”) (12 C.F.R. § 226), 1968: Requires disclosures regarding consumer credit, including its terms and costs in a standardized format.
The Credit Card Accountability Responsibility and Disclosure (CARD) Act of 2009: An expansion of the Truth in Lending Act, this law gives consumers the right to cancel certain credit transactions, regulates certain credit card practices, and provides a means for fair and timely resolution of billing disputes.
The Fair Debt Collection Practices Act (FDCPA) (15 USC §. 1692, et. Seq.), 1977: A federal amendment to the Consumer Credit Protection Act, which establishes legal protections from abusive debt collection practices.
The Fair Credit Reporting Act (FCRA) (15 USC §. 1681, et. Seq.): Regulates the collection, dissemination and use of consumer information, including consumer credit information.
The Federal Fair Credit Billing Act (FCBA), 1977: Another amendment to the Truth in Lending Act, the FCBA protects consumers from unfair billing practices and provides a mechanism for addressing billing errors in credit card accounts. This allows consumers to dispute credit card charges, requiring among other things, that such disputes be submitted in writing to the credit card’s “billing inquiries” address within 60 days of the applicable statement date. It also requires card issuers to acknowledge the dispute within 30 days, investigate the claim, and address the issue with the consumer by making the necessary corrections or explaining why no corrections will be made within 90 days.
Respond quickly to address the specific chargeback issue by taking the following steps:
• Respond in writing. Respond to the credit card company’s inquiry in writing as soon as possible and, in this particular case, cite the customer’s conduct and request that the credit card issuer refrain from participating in what may be the customer’s attempt to commit fraud.
• Consider notifying the police. If the customer truly intended to use the fact that his family member signed his credit card authorization in an effort to commit fraud, both civil and criminal penalties may apply.
• Follow up and be diligent. We routinely hear from clients who have ultimately prevailed as a result of their own diligence in following up, even in disputes they originally thought they’d lose.
Update your process.
• Obtain critical acknowledgments beforehand. Include in your standard rental contract terms an acknowledgment by each customer that all equipment is free of defects and fit for your customer’s intended use, operation and environment.
• Obtain personal guarantees. Include a personal guarantee on your rental contract. Doing so not only gives you an extra option for recovery, but it also gives you leverage by exposing the guarantor’s personal assets to your claims. Don’t assume that everyone who signs your contract automatically will be subject to the guarantee. Drivers and delivery personnel aren’t likely to be held liable even if they sign it, and some larger customers will simply refuse to do so. You always can cross it out and initial it if you’re dealing with a customer who refuses to sign it — if you still want to rent to that customer.
• Require execution of acceptance certificates. Have your customers sign acceptance certificates acknowledging that each item of equipment you deliver is free of defects at the point of delivery — this helps overcome customers’ claims that the equipment somehow became defective between the time it was rented at your facility and the time it was received by the customer at the worksite. “Defective Merchandise” is one of the specific chargeback reason codes Visa accepts — eliminate it by getting a signed acceptance certificate.
• Use a proper credit card authorization. Have your charge account customers sign a credit card authorization form that, at a minimum, authorizes you to charge at least 100 percent of the value of each rented item to the card. The card may not have sufficient available credit remaining, but the real effort is to set forth a readily determinable amount authorized in order to counter claims that a specific dollar amount was not authorized by your customer as “Incorrect Amount” is another specific chargeback “reason code” accepted by card issuers. The authorization specifically identifies all parties your customer wishes to authorize as signatories, expressly waives all setoffs and chargebacks and includes an additional personal guarantee just in case the customer violates the rental agreement, or for example, sends his family member to sign your rental contract.
• Incorporate enhanced e-signature technology. Incorporate an e-signature function into your credit card processing regime that allows you and your delivery personnel to capture signatures from your customers on all of your documents — the rental contract, delivery certificate and credit card authorization — at the same time in the same place. The ability to geolocate and timestamp signatures and automatically combine them in a single electronic file can be helpful for purposes of timely responding to chargeback disputes as well as overcoming claims that one or more of such documents was not actually signed by an authorized party. This can now be done via text or email through “Flow,” a technology that handles the documentation, accounting and credit card processing simultaneously, making the process far simpler than it has been in the past.
Remember, even if you lose a chargeback claim, you still have legal remedies. Chargeback determinations do not have the force of law; winning them just saves you the time and trouble of suing the customer. If you must pursue litigation, you’ll want to have as much documentary support as possible. Taking the above steps before you’re hit with a major dispute can be worth tens of thousands of dollars.