Stop financial institutions from automatically giving updated card info to merchants

0 have signed. Let’s get to 100!

At 100 signatures, this petition is more likely to be featured in recommendations!
At 100 signatures, this petition is more likely to be featured in recommendations!

Background

When individuals create a recurring order or subscription using a card as payment, merchants have the ability to get updated card information from the card company. E.g. VISA has the VISA Account Updater (VAU) program and Master Card has the Master Card automatic billing updater program. This allows merchants to continue to charge a new card after an old card has be deactivated for fraud or normal expiration. These are good ideas and help both merchants and customers. However, if someone gets your number and signs up for a fraudulent subscription, those vendors can and do keep charging the card even after fraud has been reported to the card company and a new card has been issued.

Purpose

The purpose of this law is to give individuals the ability to combat "recurring charges" fraud without destroying the positive effects of updating merchants that have legitimate reasons to retrieve updated account information.

Request to Enact a new Law

Therefore, we are petitioning the congress to enact a new law requiring all institutions that make recurring payments to a merchant on behalf of their customers to:

  1. provide customers the ability to securely opt out of updating individual (or all) merchants with the customer's updated account information, thereby preventing those merchants from continuing to charge the account holder when account information changes. The institutions are required to provide this service by phone and online, if the institution has an online presence.
  2. provide customers the ability to securely block an individual merchant from charging their card for up to one year. The institutions are required to provide this service by phone and online, if the institution has an online presence.
  3. provide the merchants a secure notification within 30 days of the customer's withdrawal of permission to charge an account.

Boundary Rationale

"Up to one year" - Most disputes are resolved in one year.

"30 days" notification - Most institutions that pay merchants on a customer's behalf work in monthly cycles. Most merchants subscriptions are monthly.

"required... online" opt out - It is in the best interest of institutions and customers to allow account holders to opt out through their web portal or phone app, rather than through more traditional means. However all institutions should allow a phone call.

"online" means through a website or app provided by the institution.

"secure" means that data is protected from disclosure en-route and does not remove any regulatory requirements of other laws. E.g. The service encrypts data en-route by appropriate algorithms as specified by current NIST standards.

Motivating Circumstances

Someone got my credit card number and signed up for the YouTube service. My credit card company was happy that I was watching for fraud, refunded the transaction and sent me a new card. And this happened three months in a row. I eventually contacted my bank, Master Card, VISA, the BBB, and Google (although not in that order) with no way of stopping this other than to completely block the card. And there the card sits, virtually unusable now for six months.

 



Today: Scot is counting on you

Scot Anderson needs your help with “Congress: Stop financial institutions from automatically giving updated card info to merchants”. Join Scot and 4 supporters today.