New CFPB rules for prepaid cards

Archived From: Finance
  • Page :
  • 1
  • Text Only
Voting History
rated:
Mildly interesting, to MSers and others. Most important from my perspective:

+ Error resolution rights: Financial institutions must cooperate with consumers who find unauthorized or fraudulent charges, or other errors, on their accounts to investigate and resolve these incidents in a timely way, and where appropriate, restore missing funds. If the financial institution cannot do so within a certain period of time, it will generally be required to provisionally credit the disputed amount to the consumer while it finishes its investigation.

+ Protections for lost cards and unauthorized transactions: The new rule protects consumers against withdrawals, purchases, or other unauthorized transactions if their prepaid cards are lost or stolen. The rule limits consumers’ liability for unauthorized charges and creates a timely way for them to get their money back. As long as the consumer promptly notifies their financial institution, the consumer’s responsibility for unauthorized charges will be limited to $50.

The new rule will generally apply to prepaid accounts starting Oct. 1, 2017.

Link to press release: http://www.consumerfinance.gov/about-us/newsroom/cfpb-finalizes-...

Member Summary
Most Recent Posts
Bad analogy.  A real $100 bill is still a real $100 bill and exists in a physical form.

When I convert cash into a prepai... (more)

DTASFAB (Oct. 07, 2016 @ 10:29a) |

Several years ago, thieves were stealing unactivated cards, opening them, recording the 23 numbers on each (16-digit acc... (more)

DTASFAB (Oct. 07, 2016 @ 10:34a) |

As of about 2 weeks ago I've been hit with one of these. They're still doing this. The giveaway is that the glue that th... (more)

Stubtify (Oct. 07, 2016 @ 10:37a) |

Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

so will these new requirements result in an increase of the fees on prepaid cards?

rufflesinc said:   so will these new requirements result in an increase of the fees on prepaid cards?
  Unlikely. 

Terrible news.

Hmmm.

"Additionally, with a few exceptions, issuers must submit all agreements to the CFPB, which intends to post them on a public, Bureau-maintained website at a future date."

But that requirement doesn't kick in until October 2018.

Note that the rule does not apply to "gift cards and gift certificates" and uses a loose definition of prepaid cards "covers accounts that are marketed or labeled as “prepaid” that are redeemable upon presentation at multiple, unaffiliated merchants for goods or services, or that are usable at automated teller machines (ATMs)".

I say the definition is loose in that it describes in common terms how most prepaid cards function today. I could see banks coming up with a new product with just enough limitations so it doesn't meet the definition.

I have not read the entire document, but many of the protections reflect interpreting prepaid cards with an overdraft protection benefit as falling under the laws covering credit cards.

Another tidbit I noticed was "A digital wallet provider urged the Bureau to exclude P2P products from the definition of prepaid account, arguing that P2P functionality is more similar to a closed-loop payment system than to open-loop GPR cards."

I'm guessing that was Paypal. (Note, that exclusion didn't make it into the final rule)

"redeemable upon presentation at multiple, unaffiliated merchants for goods or services"
I think this will get anything that clears on the Big 4 networks.

P.S. Although I am definitely NOT a fan of CFPB, my overall reaction is positive. Back in the day, when I was using reloadable Vanilla card and had a dispute, it took a letter to the STATE banking regulator to get attention and resolution. As a money service business, the issuer was then subject mostly to state regulation, vs. federal. I'm glad they're basically extending the federal credit card protections to these instruments. Also, in maybe an odd way, the new rules lend a certain "legitimacy" to prepaid cards in general, i.e., they used by people other than criminals and MSers.

tuphat said:   ...
my overall reaction is positive
...

  
I would agree with that sentiment.  I think this rule will prevent many of the practices where users would be charged scam fees such as for checking balance/transaction history.

I think they would have a hard time arguing closed-loop since the rule rejected the P2P argument, but I still don't put it past them to try some way to game the word 'unaffiliated' or some other caveat in the rule.

I hate this. I agree it's likely to capture anything that clears on the big 4 networks, which is going to make it harder to buy one-time use Visa gift cards anonymously. It's also going to make it more difficult than it already is to buy money orders with those pin-based "debit" gift cards. I recently bought a OneVanilla Visa one-time use card with embossed numbers (in the black and silver package) and where the cardholder name would be on a credit card, it said, "PREPAID CARDHOLDER." This was new.

I look at any prepaid card as cash. Once you use it, it's gone. No merchant disputes, no fraud protection, no nothing. Hand over a card worth $500 to a cashier for a $4 purchase and you're risking $496. I'm totally ok with that and I've never gotten burned, knock on wood. There's no safety net, nor should there be. If they want to more strictly regulate reloadable cards like Netspend and PayPal prepaid cards, I don't really give a crap about those. But the one-time use cards should be left alone. They're fine just how they are.

But what if a sealed card you just bought is then used by a scammer DTASFAB? (sometimes within minutes of activation) I've had this happen multiple times despite being very careful with checking packaging and quickly disposing of the pre-paids. The resulting shitshows with Incomm, US Bank, and Greed Dot are why the CFPB had to act. If these guys had their shit together (or weren't intending to screw consumers) no intervention would be necessary.

myhotrs said:   But what if a sealed card you just bought is then used by a scammer DTASFAB? (sometimes within minutes of activation) I've had this happen multiple times despite being very careful with checking packaging and quickly disposing of the pre-paids. The resulting shitshows with Incomm, US Bank, and Greed Dot are why the CFPB had to act. If these guys had their shit together (or weren't intending to screw consumers) no intervention would be necessary.
  
Exactly this. 

Maybe I'm just lucky, or maybe Vanilla doesn't suffer as much fraud as the others.  99% of my gift cards are Vanilla or Amex.

gatzdon said:   
Another tidbit I noticed was "A digital wallet provider urged the Bureau to exclude P2P products from the definition of prepaid account, arguing that P2P functionality is more similar to a closed-loop payment system than to open-loop GPR cards."

I'm guessing that was Paypal. (Note, that exclusion didn't make it into the final rule)

It was Google Wallet.

USB GCs were (maybe still are?) sequentially numbered right on the frigging store shelf and they all expire the same month. All a scammer needs to do is buy one, then generate and drain a bunch of preceding numbers and wait for the succeeding numbers to activate. I used to unload them within a couple days, but due to a shutdown had to stop for a while. Within about 2 weeks all four of my remaining cards were drained (at places like Amazon, Ticketmaster, etc). It took about 3 months, 4-5 phone calls, and a few letters to dispute and get replacements. Then additional calls to waive the activation fees on the replacement cards (because the fraud wasn't my fault). Thankfully I didn't have to elevate beyond the card customer service and I assumed fraud protections were built in, but I'm glad CFPB is acting on it.

The numbers on Vanilla cards were never sequential and I've never had a problem with them, even if I had them for a few months.

scripta said:   USB GCs were (maybe still are?) sequentially numbered right on the frigging store shelf and they all expire the same month. All a scammer needs to do is buy one, then generate and drain a bunch of preceding numbers and wait for the succeeding numbers to activate. I used to unload them within a couple days, but due to a shutdown had to stop for a while. Within about 2 weeks all four of my remaining cards were drained (at places like AmazonTicketmaster, etc). It took about 3 months, 4-5 phone calls, and a few letters to dispute and get replacements. Then additional calls to waive the activation fees on the replacement cards (because the fraud wasn't my fault). Thankfully I didn't have to elevate beyond the card customer service and I assumed fraud protections were built in, but I'm glad CFPB is acting on it.

The numbers on Vanilla cards were never sequential and I've never had a problem with them, even if I had them for a few months.

  Mine have all been drained in local Walmarts. Similar BS from USBank trying to charge a new activation fee. How can they use these online without the CVV code? 

Stubtify said:   
scripta said:   USB GCs were (maybe still are?) sequentially numbered right on the frigging store shelf and they all expire the same month. All a scammer needs to do is buy one, then generate and drain a bunch of preceding numbers and wait for the succeeding numbers to activate. I used to unload them within a couple days, but due to a shutdown had to stop for a while. Within about 2 weeks all four of my remaining cards were drained (at places like AmazonTicketmaster, etc). It took about 3 months, 4-5 phone calls, and a few letters to dispute and get replacements. Then additional calls to waive the activation fees on the replacement cards (because the fraud wasn't my fault). Thankfully I didn't have to elevate beyond the card customer service and I assumed fraud protections were built in, but I'm glad CFPB is acting on it.

The numbers on Vanilla cards were never sequential and I've never had a problem with them, even if I had them for a few months.

  Mine have all been drained in local Walmarts. Similar BS from USBank trying to charge a new activation fee. How can they use these online without the CVV code? 

  Amazon.com.
Alternatively, in about two minutes I can write a script that will test random CVVs on the balance check page until it finds the correct one. The captcha is not a deterrent in any way.. I can pay about 1/10 of a penny to someone in China, India, or Russia to sit in a sweat shop all day and solve them.

scripta said:   USB GCs were (maybe still are?) sequentially numbered right on the frigging store shelf and they all expire the same month. All a scammer needs to do is buy one, then generate and drain a bunch of preceding numbers and wait for the succeeding numbers to activate. I used to unload them within a couple days, but due to a shutdown had to stop for a while. Within about 2 weeks all four of my remaining cards were drained (at places like AmazonTicketmaster, etc). It took about 3 months, 4-5 phone calls, and a few letters to dispute and get replacements. Then additional calls to waive the activation fees on the replacement cards (because the fraud wasn't my fault). Thankfully I didn't have to elevate beyond the card customer service and I assumed fraud protections were built in, but I'm glad CFPB is acting on it.

The numbers on Vanilla cards were never sequential and I've never had a problem with them, even if I had them for a few months.

I think I've had maybe four US Bank gift cards in my entire life.  When I'm not buying Vanilla or AMEX, it's Metabank.  Never been a problem.  I still have some Vanilla cards I've been sitting on for over two years.

On the vanilla sites (specific Visa and MC sites, not the generic onevanilla.com) it tells you the date and time of the most recent attempt to use the card.  If there's no activity for like 18 months, the activation date at the bottom just disappears, and only the activation date at the top remains.  The balance remains available as long as the card itself hasn't expired.

Strangely, I can no longer change the registration zip code on the specific Visa and MC sites.  I have to go to onevanilla.com for that.

And usbank allows 1-999 incorrect cvv attempts without blocking the card? No way.

DTASFAB said:   I think I've had maybe four US Bank gift cards in my entire life.  When I'm not buying Vanilla or AMEX, it's Metabank.When I used to do a "run," I'd hit the drugstore daily limit with OV and got the rest from a local grocery store, which only carried USB.

myhotrs said:   scammer DTASFAB?

checking packaging and quickly disposing of the pre-paids.
 

  For those of us not living in the dark web can you please translate this?

Stubtify said:   
Mine have all been drained in local Walmarts. Similar BS from USBank trying to charge a new activation fee. How can they use these online without the CVV code? 

  some (dumb) merchants do not ask for CVV.  

besides that, a thief could use a stolen identity to set up (1) a checking account, (2) a merchant account & (3) an "e-commerce" site  (It would "coincidentally" neglect to ask for CVV).  

then process X # of transactions (from fellow thieves using stolen pre-paids).  transfer $$$$ to a bogus checking account.  move $$$$ out of checking account.  split profits with crime buddies.  close merchant account/e-commence site/checking account.  rinse & repeat.  

 

Stubtify said:   And usbank allows 1-999 incorrect cvv attempts without blocking the card? No way.
  ...This is US Bank we are talking about.

I have been fairly lucky. Only time so far was 6 months ago, one of my (Kroger / US B) numbers hacked and used to make $100 and $150 purchases at a fast food restaurant about 1500 miles away. They also used the number to make a couple hundred dollars in phone calls to call someone in Prison. (Apparently there are some large fees somewhere involving this?) . Numerous charges for $1.XX , and $10-$15 for that.

Dispute was a huge pain as I had to carefully itemize about 30 charges.

Got a replacement card pretty quickly along with about 75% of my balance. I thought I was going to get shorted, but eventually all the charges were refunded / applied to my new card.

DTASFAB said:   I hate this. I agree it's likely to capture anything that clears on the big 4 networks, which is going to make it harder to buy one-time use Visa gift cards anonymously. It's also going to make it more difficult than it already is to buy money orders with those pin-based "debit" gift cards. I recently bought a OneVanilla Visa one-time use card with embossed numbers (in the black and silver package) and where the cardholder name would be on a credit card, it said, "PREPAID CARDHOLDER." This was new.

I look at any prepaid card as cash. Once you use it, it's gone. No merchant disputes, no fraud protection, no nothing. Hand over a card worth $500 to a cashier for a $4 purchase and you're risking $496. I'm totally ok with that and I've never gotten burned, knock on wood. There's no safety net, nor should there be. If they want to more strictly regulate reloadable cards like Netspend and PayPal prepaid cards, I don't really give a crap about those. But the one-time use cards should be left alone. They're fine just how they are.

  So if someone prints a fake $100 bill with the same serial number as the $100 bill in your pocket then deposits it, you'd be OK with your $100 being rejected by the bank since they already have a bill with that serial number?

Glitch99 said:   
DTASFAB said:   I hate this. I agree it's likely to capture anything that clears on the big 4 networks, which is going to make it harder to buy one-time use Visa gift cards anonymously. It's also going to make it more difficult than it already is to buy money orders with those pin-based "debit" gift cards. I recently bought a OneVanilla Visa one-time use card with embossed numbers (in the black and silver package) and where the cardholder name would be on a credit card, it said, "PREPAID CARDHOLDER." This was new.

I look at any prepaid card as cash. Once you use it, it's gone. No merchant disputes, no fraud protection, no nothing. Hand over a card worth $500 to a cashier for a $4 purchase and you're risking $496. I'm totally ok with that and I've never gotten burned, knock on wood. There's no safety net, nor should there be. If they want to more strictly regulate reloadable cards like Netspend and PayPal prepaid cards, I don't really give a crap about those. But the one-time use cards should be left alone. They're fine just how they are.

  So if someone prints a fake $100 bill with the same serial number as the $100 bill in your pocket then deposits it, you'd be OK with your $100 being rejected by the bank since they already have a bill with that serial number?

  Oh and by the way, the BEP was using regular color printers to make that $100 bill.

That's what this rule is about, shifting the burden back to the financial institutions peddling these products.  If they are forced to stand behind the product and accept responsibility for the fraud, they will step up their game and make changes to minimize/eliminate the fraud.  As it stands now, the average customer eats the loss (they don't know their rights like a churner does) and the banks were just fine with that.

Glitch99 said:   
DTASFAB said:   I hate this. I agree it's likely to capture anything that clears on the big 4 networks, which is going to make it harder to buy one-time use Visa gift cards anonymously. It's also going to make it more difficult than it already is to buy money orders with those pin-based "debit" gift cards. I recently bought a OneVanilla Visa one-time use card with embossed numbers (in the black and silver package) and where the cardholder name would be on a credit card, it said, "PREPAID CARDHOLDER." This was new.

I look at any prepaid card as cash. Once you use it, it's gone. No merchant disputes, no fraud protection, no nothing. Hand over a card worth $500 to a cashier for a $4 purchase and you're risking $496. I'm totally ok with that and I've never gotten burned, knock on wood. There's no safety net, nor should there be. If they want to more strictly regulate reloadable cards like Netspend and PayPal prepaid cards, I don't really give a crap about those. But the one-time use cards should be left alone. They're fine just how they are.

  So if someone prints a fake $100 bill with the same serial number as the $100 bill in your pocket then deposits it, you'd be OK with your $100 being rejected by the bank since they already have a bill with that serial number?

Bad analogy.  A real $100 bill is still a real $100 bill and exists in a physical form.

When I convert cash into a prepaid credit/debit/gift card that I know can be used in a non-physical form, I'm knowingly taking on the risk.

Short answer to your question is yes, I'd be OK with that, but it's a terrible comparison.

sfchris said:   
myhotrs said:   scammer DTASFAB?

checking packaging and quickly disposing of the pre-paids.

  For those of us not living in the dark web can you please translate this?

Several years ago, thieves were stealing unactivated cards, opening them, recording the 23 numbers on each (16-digit account, 4-digit expiration date, 3-digit CVV) and resealing the package.  Then they put them back on the shelf and waited for some sucker to buy them.  Somehow, they were notified when specific individual cards were activated, and took the opportunity to drain them before the legitimate buyer could use the card in question.

DTASFAB said:   sfchris said:   
myhotrs said:   scammer DTASFAB?

checking packaging and quickly disposing of the pre-paids.

  For those of us not living in the dark web can you please translate this?

Several years ago, thieves were stealing unactivated cards, opening them, recording the 23 numbers on each (16-digit account, 4-digit expiration date, 3-digit CVV) and resealing the package.  Then they put them back on the shelf and waited for some sucker to buy them.  Somehow, they were notified when specific individual cards were activated, and took the opportunity to drain them before the legitimate buyer could use the card in question.


As of about 2 weeks ago I've been hit with one of these. They're still doing this. The giveaway is that the glue that they use is much stronger than the standard fugitive glue. When I notice that I immediately call the card in for fraud.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017