Execution of a merely reserved credit card charge by the bank after the client reported fraud
The problem that the client presented to the Ombudsman arises in numerous cases of fraud in connection with credit and debit cards. Card fraud is often discovered quickly by the clients concerned, sometimes even within seconds after they have authorized a transaction under false pretenses created by the fraudsters. Card transactions are usually shown as “reserved” in the client accounts between authorization and definitive booking. Clients who report a fraud to the bank during this period do not understand why the reserved and therefore still pending payments are still executed despite their report.
According to the explanations that the Ombudsman receives from the card issuers, it is common for a card payment to appear as “pending” or “reserved” on the client accounts between authorization and actual booking. This makes it clear to clients that this amount has already been spent, although it still appears on the account balance. After authorization, the card-issuing bank must first be informed of the payment processing via the card network. Only when the merchant has submitted the payment via the network to the card-issuing bank is the payment definitively booked to the client account. This so-called “settlement” takes place with a certain delay of usually a few days. After authorization by the client, however, the payment must be executed, as the recipient, i.e. the merchant who has accepted the card for the payment of goods or services, has an unconditional claim to it. As a rule, the merchant is not involved in the fraud and has provided its service in reliance on the payment. Due to the rules of the card network, payment cannot be refused, even if it is claimed that the payment was made by the fraudsters using fraudulent card details. This unconditional payment obligation is central to the functioning of the card payment system.
Whether the payment made can be reclaimed after it has been booked is determined by the rules of the so-called chargeback procedure of the card networks, with which the cardholder can, among other things, object to an unauthorized payment. However, this procedure is subject to an important restriction, which has an impact in many cases of fraud. If the card transaction was confirmed by the client with an additional means of authorization such as a 2-factor authorization (3D-Secure or similar), a chargeback procedure is not possible. Merchants who use such a system, which incurs costs for them, do not have to participate in the chargeback procedure. The 2-factor authorization is intended to make online card payments more secure overall and thus also benefit clients. For this system to be effective, it is essential that the text of the authorization requests via SMS or app are read accurately on the cardholder’s mobile device. If the amounts or merchants on the messages do not match the client’s expectations, but show a different transaction, the client must not proceed with the authorization and should contact the card issuer immediately.
The Ombudsman closed the case with this explanatory notice.