Customer files a dispute for unauthorized charges from Google that posted to his account from early Nov-Dec. Customer tells us (in December) that in November he notices unauthorized charges from Google. We cannot deny the December charges because the access device is not lost/stolen, correct? He still has 60 days from the first statement date in which the charges first appeared to avoid liability? It just seems there should be customer liabilty since he saw the fraud and could have prevent further unauthorized charges. Any way to deny this one?

Thank you

It is not just the physical card that is your access device; it is also the card number.

Reg E 1005.2(a)(1)(a)(1) “Access device” means a card, code, or other means of access to a consumer's account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.

If the cardholder had knowledge in November that their card number had been stolen, and you determine that Zero Liability does not apply because the cardholder was negligent (VISA) or did not report the loss promptly (MasterCard) you may be able to impose greater liability depending on when the transactions posted in relation to the cardholder learning of the loss/theft of the card number.

Helpful as always.

Thank you Brian!