Mastercard Rules

Sorry for all of the EFT related posts lately...

In reviewing our EFT disclosure, we talk about Mastercard's $0 liability and tell the customer that they can limit their liability to $0 if:

"A) You report the loss or theft of MasterMoney card within two business days of it being stolen

B) You demonstrate that you have exercised care with your card

C) You have not reported two or more incidents of unauthorized use on your account within the preceding 12 months and your account is in good standing"

My issue is with “A” above – this is a Reg. E requirement for lost/stolen access devices but after reading the Mastercard rules, I don’t think it applies to transactions completed through the MC network. In other words, the MC rules don’t care if the customer notifies the FI within two business days of it being stolen. Can anyone verify this? We are going to be updating our disclosure soon and I want to make sure this is being disclosed to the consumer correctly.

Somewhere along the line, someone clearly modified MasterCard's verbiage.

http://www.mastercard.us/zero-liability.html

From their Zero Liability webpage:

As a cardholder, you will not be held responsible for unauthorized transactions if:
1. your account is in good standing;
2.you have exercised reasonable care in safeguarding your card from loss or theft; and
3.you have not reported to your bank two or more unauthorized use events in the past 12 months.

Thanks so much for confirmation, Brian.

Hi Brian,

One additional question:

If the zero liability requirements are not met, does MC put a final cap on customer liability at $50? I am referring to section 6.3 (page 266)paragraph 1(b) of the MC manual here http://www.mastercard.com/us/merchant/pdf/BM-Entire_Manual_public.pdf

Also, there are no timelimits for customers to report unauthorized transactions under MC rules? Liability calculation seems easy for these types....pretty much always $0 and sometimes $50!

You read it correctly.

We use the Reg E timeframes for calculating liability for reporting lost/stolen card or fraud without an access device. As a MasterCard issuer are you saying that we can't use the Reg E timeframes or are we ok?



Thanks!

For signature based purchases, MasterCard limits the cardholder's liability to $50.00 if Zero Liability does not apply. Imposing greater liability under Reg E rules would put you in violation of your contract with MasterCard.

You may still use Reg E's liability schedule in 1005.6 for ATM withdrawals, PIN based purchases, and ACH debits.

We have looked at the timeliness of reporting under Reg E and held customers liable for greater than $50 for MasterCard credit transactions if for example the fraud reported occurred after the 60 day time frame from when the first statement was mailed where the first fraudulent transaction appeared.

Is this not compliant?

I am going to defer to Brian because I am getting my knowledge from him, but it is my understanding that if it is a signature based transaction that went through the MC network, you have to abide by the MC rules that are much more protective than Reg. E.

Basically, if the customer does not qualify for zero liability for whatever reason, then $50 is the max and I think that the notification requirements for the customer outlined in 1005.6 go right out the window. Very crazy I know...but it is seen as the cost of doing business and offering a debit card to customers. MC would say, if you don't like it, don't use our network!

So I would say it is not a violation of Reg. E, but is a violation of MC rules. Not sure what the punishment is for doing that.

This actually makes liability calculation for these types of transactions relatively simple. If it is signature based, just look to see if the customer qualifies for zero liability. If not, you can look to apply $50 max (as long as Reg. E liability limits would also allow you to do so in the certain instance since MC rules cannot impose greater liability than Reg. E).

Things could be worse. You could be in Massachusetts, where there is a $50 cap on consumer liability, period, in the state's version of section 1005.6.

Good point John! I remember reading your comments about that in another thread.

I read an interesting article about the Consumer Debit Card Protection Act of 2014 that also proposes limiting overall liability at $50 and lower provisional credit requirements from 10 business days to 7.

Pretty soon, consumers won't be responsible for anything. And the next piece of legislation will make it mandatory to issue a debit card to every account owner, with a daily limit not less than three times the individual's monthly gross income.

Don't give them any ideas!