More credit card safeguards

More credit card safeguards
Business Times
05 Sep 2009

Issuing banks agree to cap card members' liability at $100 for unauthorised transactions; online transactions will require second password

By SIOW LI SEN

INCREASED protection is on the way for credit card members against unauthorised charges and for card holders who make online purchases.

Yesterday, credit card issuing banks agreed to cap card members' liability at $100 for unauthorised transactions starting Nov 1.

By the first quarter of next year, those buying goods online will have to provide a second password, similar to existing online banking transactions, as part of enhanced security measures. This includes using tokens or getting an SMS from the bank for the second password.

On the move to limit cardmembers liability, the Association of Banks in Singapore (ABS) said that this means that before notification of a credit card loss to the issuing bank, the maximum liability for cardholders due to unauthorised charges is $100. But this cap will not apply if the cardholder has acted fraudulently or was grossly negligent.

An example of gross negligence cited by the ABS is leaving one's wallet unattended in the office and the card is then stolen, used and returned to the wallet without the cardholder realising it.

A cardholder would be acting fraudulently if, for instance, he disputes charges on his card which he claims to have been stolen overseas, when in fact he has under duress signed for exorbitantly priced drinks.

The move to limit liability is a U-turn by the industry which had earlier declined to do so.

Currently, only two card issuers, American Express and Maybank, have liability caps, of $100 and $500 respectively.

In July, there was a consumer uproar when three banks insisted that a human resource administration manager, Tan Shock Ling, make good her $17,100 charges after her credit cards were stolen from an unlocked car. The three banks were Citi, Royal Bank of Scotland and United Overseas Bank.

ABS director Ong Ai Boon yesterday said even after Nov 1, Ms Tan would still be considered as grossly negligent. 'You wouldn't leave $17,000 cash in your car, unlocked, unattended,' said Mrs Ong. 'It appeared that the car was not smashed, not broken into.' Mrs Ong said that two of the banks have given a discount to Ms Tan while one has insisted on full payment.

Adam Rahman, Citi Singapore head of corporate affairs, said that 'on a goodwill basis, we offered to waive 25 per cent of the sum charged to the card, as well as offered a three-month interest-free instalment repayment schedule for the remaining amount'. RBS and UOB declined to comment, citing customer confidentiality.

As for enhancing security for online transactions, the Monetary Authority of Singapore (MAS) yesterday said that it is working with the industry on the implementation of dynamic authentication for card-not-present or online transactions and the adoption of a chip technology platform. 'We are looking at a phased introduction of some initiatives in the first quarter of next year,' an MAS spokeswoman said.

The additional authentication will be similar to what is used for current banking transactions such as getting a randomly generated second password from a token or an SMS from the bank.

I wonder how the extra second authentication is to be done for online credit card transaction. So far, I never see any merchant prompting for that extra token.