Hearings on Capitol Hill in response to recent retail data breaches shone a spotlight on the unequal treatment of debit cards compared to credit cards. The latter fall under the Truth in Lending Act, which places the maximum liability for fraudulent charges at $50 and offers dispute protection and fair credit billing that lets users stop payment on purchases.
Debit cards tied to a bank account, however, are governed by the Electronic Fund Transfer Act, which has varying degrees of liability protection. Users are not liable for charges if they report the loss or theft of a debit card immediately and if the card has not been used. Consumers who notify the bank within two business days are liable for up to $50, and liable for $500 on day three. After 60 days, consumers are liable for all purchases made with that card. Banks are required to extend the notification period if the cardholder can prove that “extenuating circumstances,” such as hospitalization, prevented him or her from reporting the theft sooner.
Out of 40 million Target customers who had their debit and credit card numbers stolen during the holidays, not all of them can be confident about their liability for fraudulent charges, said Ed Mierzwinski of the U.S. Public Interest Research Group (PIRG). “The zero liability promise the banks make is just a promise, it’s not the law,” he said to the Senate Banking Committee. “All plastic should be equal.” U.S. PIRG has called on the Consumer Financial Protection Bureau to close this disparity by writing a rule that gives debit cards the same safeguards as credit cards.