The benefit of credit cards is no one can literally drain your bank account via fraudulent access to a payment card directly tied to your bank (i.e. debit card in US nomenclature). This is a clear benefit regardless of location. Courts are slow and not scalable, and you don't want to be in a scenario where your bank has been drained right before you need to make important payments.
> The benefit of credit cards is no one can literally drain your bank account via fraudulent access to a payment card directly tied to your bank (i.e. debit card in US nomenclature
This difference is a consequence of law, not payment technology. It's entirely possible for someone to make fraudulent charges on a card up to its limit (which would be the analogue of draining a bank account), but CC companies are required by law to absorb fraud beyond a token amount. There's no technical reason why bank accounts couldn't be similarly protected, but banks have thus far been successful in preventing such laws from being enacted.
There is a functional difference in how credit/debit cards work, though.
With credit cards, you get an invoice with fraudulent charges at the end of the month. You can choose not to pay those charges, citing fraud. The bank will clear the charges if they agree.
With debit cards, the money is withdrawn directly from your account. You can report the unauthorized withdrawal, and the bank will reimburse you if they agree. In the meantime, you don't have access to the money.
And unlike a credit card, it's easy to vary the risk/limit with a debit card. Just keep the main funds on a separate, non-card accound, and transfer to the debit card account as needed.
I usually keep around $200 on my debit card, which means I lose at most $200. This way I also get a sense of my spending in terms of how often I have to transfer.
If I need to pay for more, I just transfer before paying. Takes me about 2 seconds with an SMS or through the bank app.
However, in the UK there is the Direct Debit Guarantee: the company holding your DD mandate can't withdraw more than you mandated, nor on some other date than the date you specify. Otherwise you have a claim against your bank, and they have no defense.
Part of it is inherent to the type of account. Ledgers have to balance out somehow, and fraud is going to temporarily be someones problem until it is resolved. Credit is, by definition, the bank's money.
For example, US also has similar laws for debit cards, but, by definition, when a charge is made to your bank account, it is made to your bank account.
>There's no technical reason why bank accounts couldn't be similarly protected, but banks have thus far been successful in preventing such laws from being enacted.
My bank's (Chase) policy limits debit card customer fraud losses to the same $50 that the law requires of credit cards.
Not sure about other banks, but while I'm not sad that I have this protection, Chase's anti-fraud measures for debit cards (mostly programmatic, I'm sure) are pretty draconian.
If I travel any significant distance from my home, transactions with my debit card are almost always declined and I either have to contact customer service (a big time waster) or use a credit card.
That's incredibly annoying, although if that's the reason my debit card fraud responsibility is limited to the same as a credit card, that's a trade off that some may be willing to make and some will not.
Given that my debit card has been the subject of fraudulent activity several times and the bank has made me whole every time, perhaps there's something to be said for the harshness of the debit card anti-fraud algorithms.
> My bank's (Chase) policy limits debit card customer fraud losses to the same $50 that the law requires of credit cards.
Yes, many banks do. But be aware that when using a debit card, it's just the bank policy of being nice that protects you. They have the right to change that policy on a whim.
When using a credit card, that protection is built into the regulations so you can count on it.
Always use a credit card, never a debit card, is the safest approach.
My impression is that all banks are pretty miserable to deal with when you travel, though I imagine if you move out of consumer-grade junk, that improves. I have a bank account (Navy Federal Credit Union) that got locked out when I used a cashier's check to buy a car (despite repeated assurances that there was a note in my account explaining the transaction in advance.) Unfortunately, their customer service is just a notch better than Google, with hold times routinely exceeding 3 hours, and lines periodically going dead; consequently, I'm going on 7 months without access to my accounts.
> This difference is a consequence of law, not payment technology.
Yes, that's the beauty of it. When using credit cards you can know you're not liable for losses, full stop. The bank can't suddenly change their policy because it comes from regulation.
There's an important difference here: bank accounts are not credit. If my card is stolen and charges are racked up, I'm no poorer until the fraud is detected and resolved. You don't spend cash when you use a credit card, you spend credit. There isn't a legal remedy for this.
In fact in most of Europe banks have to absorb the cost as well unless they can proof that you acted negligently (e.g wrote down your pin and had it in the same wallet as your card), it is the same essentially for online banking.
Out of curiosity, how do European banks avoid this issue? If my debit card or ACH info is compromised and someone drains my checking account, is there a way to use the stolen funds before the bank/court finishes their investigation?
How would they drain your bank account? There's quite a bit of 2FA they'd have to defeat. Easiest is stealing the card after skimming their PIN, but if you know it's stolen, you're going to block it pretty quickly, and there are limits to how much you can withdraw from an ATM.
The big problem with credit cards is that all the info needed to authorize a transaction is right there on the card. The second problem is that quite often you submit that data directly to the merchant or to whichever payment provider the merchant chose.
In the US, automated payments tend to be "pull based", where a company tells your bank "give me this much from this account, I have permission". The company can lie but, by the time you find out, the money is already gone and it can take a long time to get it back. The bank has no real incentive to get your money back.
With a credit card, on the other hand, you see what was taken _before_ you pay them. So you can tell the credit card company "this amount that was charged to me is not me, I'm not paying that". Then the credit card company has to look into it; they have incentive to figure out what happened (unlike banks) because they aren't getting payed back their "loan" to you until they do.
In India, now you have to approve all such scheduled payments with a 2FA and upto a limit. So even if I have approved ShadyCorp they can't demand more than approved amount.
Dutch banks used to work like that too, by "incasso", and in fact still do to some extent. But any incasso that hasn't been directly authorised by you with the bank can be undone (and apparently at an additional fee to the company that originated it; they really don't like it when that happens). So that's actually very similar to how credit cards work, but without the additional fee. These days you can easily manage all upcoming incassos through your banking app and block them before they happen, though I generally prefer to pay such recurring payments through automated "push" transfer.
The problem is that since direct debits are so easily reversible, in Germany they are not seen as a final form of payment (until the charge return time limit expires) as there is no form of dispute arbitration involved.
Merchants will usually not ship goods or provide services for a direct debit alone.
In Netherland incasso is mostly used for recurring membership fees, not the purchase of goods. Those are generally done through a direct, authorised transaction, which isn't so easily reversible.
> The big problem with credit cards is that all the info needed to authorize a transaction is right there on the card. The second problem is that quite often you submit that data directly to the merchant or to whichever payment provider the merchant chose.
Same with my (UK) DD card, when I use it online. I occasionally get challenged by Visa/Mastercard for some passphrase or whatever. For retail purchases, I can usually just swipe. Periodically I'm asked for a PIN.
I prefer DD over CC, because I have full control over my liabilities, should someone try to drain my account, just by adjusting the balance on the account (and I can't link my deposit account with the card; so that's where the rich pickings are kept).
Also, way back when, I was pretty relaxed about credit balances, and the CC company kept raising my limits; I got into a lot of debt. Nowadays I don't use credit unless I'm forced to (which hasn't happened for 20 years). So I have a CC, with a zero balance (and the CC company is going to shut it down, because I'm not using it).
The law says that the bank needs to give back your money immediately, at least in my country. If it turns out that it was your fault you don't get to keep the money, but you will have money to pay bills with during the investigation.
Laws and security adapts to whatever medium people tend to use, so common problems tend to have solutions. The laws in Europe are made to make debit card transactions and security reasonable, because almost everyone uses debit cards.
That's not true. As a business, at least, I can run an ACH Debit[0] with just a routing number, account number and name. NACHA rules prohibit this, but nothing programmatically prevents this from happening.
u/vimy was talking about European banks. There is no "pull" there. People freely share their account info because one can only push money in with that info.
That's still not true. Pull-based schemes are widely used across the SEPA region and in national schemes such as the UK's Direct Debits.
A notorious celebrity in the UK famously revealed his bank details as a stunt to show that a large-scale data loss incident wasn't a big deal and he ended up making an unexpected payment to a healthcare charity shortly afterwards.
I don’t know about the UK but in my SEPA country only companies can create pull-based schemes and they can’t do it without authorization of the bank account owner.
Mostly used for things like utility bills. So there’s zero danger in sharing your bank account number with someone.
1. It’s a bureaucratic mess. And scammers will also need to deal with the bank first.
2. With a paper form they need your autograph and other ID data. Or when it’s digital you need to authorize the request with your banking app.
There's two ways this could happen, but neither is super easy:
1) You've handed over your physical debit card and it's PIN code to a baddie and not informed your bank. Unlike the security code on credit cards the PIN code is not on the card. Unlike credit cards you need the actual physical card to transfer money.
2) You've given a baddie your online login info and had him send you a QR code which you then scan and approve the amount.
Notable what does not happen, which does with credit cards, is making a payment at a webshop and that webshop then leaking your card info to a baddie. No one other than the bank ever sees the "secret" part of the card info.
Out of curiosity, how do European banks avoid this issue?
In the UK we have a system of Direct Debits that is popular particularly for making recurring payments like household bills or subscriptions. You provide your bank account numbers to the merchant and they can collect the required money directly.
It sounds like a huge opportunity for abuse by merchants but the easy setup is balanced by a universal Direct Debit guarantee for account holders that basically says if any erroneous charge is made then you get your money back from your bank first and questions are asked later. Merchants are required to provide all customers who pay this way with certain information about the guarantee scheme (and everyone actually does).
That in turn sounds like an opportunity for abuse by customers but having personally run a business that accepts Direct Debits I can tell you that we have never seen a single abusive reversal of a Direct Debit payment. In contract we've had a few problems with legitimate charges to cards being reversed later and the whole system around chargebacks with credit cards seems to be unreliable for both merchants and cardholders.
German banks require the account owner's permission to pull money from a bank account and the owner has a 6 week window to get all their money back, no questions asked.
You (the account holder) do. Direct debits are instantly reversible for a month (maybe 2?).
You'll have to explain to the company that deducted the money why you reversed the charge though, and if it was legit after all you still need to pay them.
There is. It‘s 8 weeks (for any reason including "I‘d like my money back and rather do something else with it") or 13 months (for unauthorized charges).
At least in Germany, the dispute process for bank account debits is literally clicking a single button in online banking.
No proof or even reason for this is required in the first 8 or so weeks since the charge (or more than a year if the debiting merchant does not have a "direct debit mandate", which essentially means some sort of evidence of the account holder agreeing to be debited).
Giving someone your bank account number (~EU ACH info) only allows them to send you money, not take it from you. It's not a secret, some retail businesses list it on their websites.
So the only way those fraudulent transactions won't hit your bank account is if your bank account is not directly tied to the card, which makes it a credit card by definition (because you are being given credit for purchases and not having to pay for it immediately).
So it seems like what the parent is saying is true outside the US as well?
The benefit of credit cards is...credit, and the ability of the card to abstract the idea of spending money away from the consumer. Few things exemplify "out of sight, out of mind" better than credit cards. The model is amazingly profitable as well. Like printing money, literally.
Interestingly, in Japan, at least until recently, the way credit cards worked is, when you buy something you'd have to say how many payments you were going to pay it off in and your bank would automatically take money from your bank account at that level.
In other words, you'd go to some electronics store and by a $2000 TV and they'd ask "how many payments". You'd say 10 and you'd end up paying $200 a month. I don't know the origin of why they did it that way. To be clear, this was bank credit cards, not store cards. I imagined it was something to do with the commitment and knowing you couldn't just pay off some minimum. Purchases under a certain amount and/or by store you were not allowed to divide up.
I've had Japanese friends come to America and want to buy something for $500 and ask if they can have ask for 4 payments and have to explain that system doesn't exist here. If you want to make 4 payments you make 4 payments.
I've never looked into if the bank is giving all the money to the merchant and then charging the customer per month or if they're sending to the merchant per month. Nor did I ever look into interest fees. I just know it is (was?) common.
Possibly not all credit cards. We have the same in Romania - a lot of credit cards come with the option to pay in interest free (few installments) or sometimes interest bearing (more installments) installments. Sometimes at participating retailers, sometimes you just click on something in the bank's site.
Your spending limit is reduced by the whole amount but those interest free installments can be useful. Esp when you get 12-24 for stuff like TVs or furniture.
Other than that option, they act like normal credit cards. Pay next month, minimum payment, huge interest if you don't pay them in full, can contest any transaction, yadda yadda.
No one can drain ky bank account through my payment card either. For one, they lack the authorisation to do so, and for another, there's a limit (which I can change) to how much can be transferred per day.
Outside of the US, the banks do tell the criminals - otherwise the banks would be the hook. This is the fundamental difference between the US and the RoW: in the US, fraudulent withdrawals are the depositors problem[1] which banks don't expend too much effort into, elsewhere, it's the banks' problem, consequently banks go the extra mile to prevent fraudulent withdrawals, and when it does happen, are quick to make the depositor whole.
1. This and "identity theft" are emblematic of a mostly American tendency to pass the buck (and losses) to the least powerful and least informed entity (the depositor) for fraud committed against financial institutions using depositor's information.
I think they already know, because their efforts are mostly focused on trying to get that authorization. But whether you know about it or not, no authorization means you can't access the money. Requiring explicit authorization is key to security, and I'm extremely wary of payment systems that don't require it, like credit cards.
2FA, you get a popup in your bank app asking "Do you want to pay X euro to Y?" for online payments. Can turn that off if you want, but it isn't a big bother.
That‘s not how direct debit works. There is no accountholder involvement with processing direct debits, but they can be easily reversed (although after the fact).
There are related payment schemes though that do initiate a push payment (i.e. SEPA credit transfer), giving the accountholder control over the amount and payee, but they are not yet as ubiquitous or usable internationally.
That is exactly how my debit card transactions works. When I buy a game on steam using my debit card I get a popup in my phone asking if I really initiated the payment and lets me decline.
The payment page spins until I click ok on it in the phone, since my bank wont accept the transaction otherwise.
The grandparent post was asking about the German payment system, which presumably refers to SEPA Direct Debit, not debit cards.
What you are referring to is called 3DS, and it's a feature of both credit and debit cards. (It's available worldwide, but most commonly used in the EU, since it's mandated for ecommerce card transactions in many circumstances.)
I don't know how it works in Germany, but in the Dutch system, iDeal, I see the amount I'm authorizing. Of course if I'm sloppy and rapidly clicking through my bank's screens, I might not notice it if they changed the amount at the last moment, but any merchant that can be shown to do that would probably be in a heap of trouble.
I do think it's possible to authorize an unspecified amount; automated gas pumps seem to do that, but they seem to be the only ones, and it probably has a hard maximum.
Of course any PIN transaction that goes through the merchant's equipment is not quite as secure and relies on a level of trust that's not necessary for online payments, where I give my authorization through my own bank's website.
In the Netherlands the customer picks theirs from a list of banks on the iDEAL website then the transaction is done on their banks website. Other services can be fit in front to extend the choices with other payment processors.
If they do that (via direct debit), I can click a button in my online banking interface, immediately get the money credited back, and the merchant is debited that amount plus a fee.
You don't need to go to court to reclaim a fraudulent debit. For one, there's limits in place on card transactions and bank transfers with every bank. In every (read: two) situation I've had where my card was skimmed/used without permission, the bank cancelled my card and refunded the amount within 24 hours.
3% of your credit card spend is a steep cost to pay for that security though, they can't clean out all your money if you don't tie all of it to the debit card, just put a months worth there at a time and you are better off with debit unless you get your debit card stolen every year or so.
It isn't more work than credit either, instead of paying it off every month you fill it up every month.
And for fraud protection, 3% is only worth it if every 30'th purchase is fraud in some way. Personally I've never lost my card and never fallen for fraud, so it would just be 3% of my money thrown away for nothing.
Most places charge extra for any payment because of the high credit card cost. So you pay the 3% even with cash. Same reason quite a few restaurants have a sign with cash only. Same reason lots of restaurants in Europe had cash, card only for 20€+, no credit card (EC card was <1% fee, credit like 3% so they said no thanks).
In Denmark it's not unusual for company credit cards to be charged extra, and foreign credit cards to be charged even more.
(Before 2018, it could also apply to personal credit cards. It seems a step backwards to exempt them, as the national sysetem, Dankort, has much (much!) lower merchant fees, but now there's no incentive for people to prefer it to Visa/MasterCard.)
They don't charge extra for credit card payments, but they pay the fee on the majority of their payments, so it's baked into their margin. The cash-back arrangement reduces this by ~1% in effect.
> 3% of your credit card spend is a steep cost to pay for that security though
You're not paying anything for the protections the credit card offers.
Or more precisely, you are but we all are, even if you pay cash or with a debit card, since the vendor prices the items accordingly and there's no cash discount. (There are exceptions, but very rare in the US.)
And most credit cards give you cash back so it's actually cheaper.
> And most credit cards give you cash back so it's actually cheaper.
Do you really think that banks and card networks work for free?
Even if you use the best rewards card and never pay a cent of interest or fees to your bank, you can bet that the program on aggregate is running a profit for the issuer, or they would not be offering it in the first place.
In effect, your rewards have to be either paid by the merchant (i.e. you, in the end, in the form of higher prices for goods and services), or by other cardholders in the form of interest, fees, using a suboptimal card/rewards category combination etc.
> > And most credit cards give you cash back so it's actually cheaper.
> Do you really think that banks and card networks work for free?
They certainly don't work for free, I addressed that above.
The credit card fees the merchant has to pay are bundled in the price of each item, so you can't escape them. By using a cash back card you can recover some of it, so you're leaving money on the table if you pay by any mechanism other than a cash back card.
A few gas stations around here offer a discounted cash price. In those, I'll pay cash.
> they can't clean out all your money if you don't tie all of it to the debit card, just put a months worth there at a time and you are better off with debit unless you get your debit card stolen every year or so.
You can set up daily/weekly/monthly limits for debit cards, and separate ones for online purchases, physical terminals or ATMs, if you want.
Or from another point of view you're now hit with the higher bill even if you choose to pay by a more efficient method. It's debatable whether the EU's rule actually helps cardholders or whether it just protects the card networks and their overpriced payment schemes.
In Australia they allowed merchants to pass on the payment network costs, and a good lot of them did - so you might pay x for cash, x + 0.5% for debit card or EFTPOS (equiv of European EC card) or x + 2.5% for credit card. I think it was partially responsible for a significant reduction in the use of credit cards in the country. But perhaps not the dominance of Visa/Mastercard in POS transactions, since most debit cards are in their network.
At first I hated the rule, but then I realised it was exactly a rule that put the decisions in the hands of the customer and the merchant and took power from the card networks.
(I don't live in Australia at the moment so maybe this is changed. I gather there is now also app-based credit payments which have eaten into Visa/Mastercard's market, both for credit payments and for POS transactions. But how significant, who knows)
It isn't costing me 3% directly, it costs the vendor. Which is already baked into the costs and charged to all of the customers no matter their payment method (typically). So I get other benefits and points / cash back on my purchase, and anyone not using a credit card misses out on those things.
Its kind of a messed up system honestly. The people who are already well off and can get the top of the line credit cards get all kinds of great benefits. And the costs are subsidized by those who cannot get them.
