Rights disparities

Last reviewed: September 2011
Google Wallet, paying with your cell phone
Link your phone to a credit card for protection.
Illustration by James Yang

Things often go wrong during the processing of 300 million noncash payments each day, so it's important to know your rights when using any payment method. In our survey, one in four Americans said they had an unauthorized charge, billing error, noncredited payment, or other problem in the last year when paying for purchases or paying bills.

Your right to get your money back when something goes wrong—errors, goods not delivered as promised, fraud—varies by the payment option used. Again, the underlying method of payment tied to your mobile device will govern your rights in such instances, according to a new study by Consumers Union. Here are how the methods stack up, from best to worst:

Credit cards

Federal regulations limit losses to $50 from unauthorized charges resulting from a lost or stolen credit card, which includes loss of the phone itself or loss of a chip or wireless transmitter on the phone. And you may not have to pay even that under MasterCard's and Visa's voluntary zero-liability policies. Consumers aren't liable for billing errors reported within 60 days. Consumers also have "chargeback rights" to undo a charge on their credit account if goods or services weren't delivered as promised or were defective or otherwise unacceptable.

Debit cards and bank accounts

Federal law allows debit users to get their money back for unauthorized transactions, but there are no chargeback rights. If the phone, chip, or other payment device is lost or stolen, the consumer's liability for unauthorized transactions is limited to $50 if reported within two business days of the date the person learns of the transactions. After two days, liability can climb to $500 or more. If an unauthorized charge is not the result of a lost or stolen card or phone, the consumer has no liability, as long as the error is reported within 60 days. Missing funds must be recredited to customers' accounts within 10 business days.

Because banks want to encourage the use of mobile banking and other cost-saving automation, they typically provide additional voluntary protections. For online and mobile banking, Wells Fargo, for example, will restore 100 percent of stolen funds, as long as you didn't give your online user name, password, or PIN to others and you notify the bank about unauthorized transactions within 60 days of a bank statement showing the fraud.

Prepaid cards

These have no guaranteed protections against unauthorized transactions, so you can lose whatever balance you had on the card. The cards may have some protections in their contracts, but they're essentially voluntary and can be rescinded at any time.

Visa and MasterCard prepaid-card holders may get assurances from those brands' zero-liability policies, which protect against unauthorized use and require issuing banks to give provisional credit for losses from unauthorized use within five business days of notification. But those policies have loopholes. Visa's doesn't cover ATM or PIN transactions not processed by the Visa network. MasterCard's policy offers no protection if a consumer reported two or more unauthorized events in the past 12 months, and it doesn't cover ATM or PIN transactions.

Like other prepaid cards, gift cards have no federal protection from unauthorized transactions, so consumers become subject to the gift card mobile application's terms and conditions to redeem funds lost due to fraud or error.

Phone-bill charges

Your rights in this area are unclear. Any protections are based on the wireless carrier's contract, and they vary widely. Consumers Union reviewed the contracts of 18 wireless carriers to find out what kind of baseline protections they contained; none provided protections for mobile payment transactions that are as strong as those guaranteed by law when consumers use a credit card or debit card. Consumers Union is calling on wireless carriers to adopt strong consumer safeguards against unauthorized or erroneous mobile-payment charges in their customer contracts.

Consumers may have some rights under state laws or public utility agency rules, but those also vary from state to state. So far, only the California Public Utilities Commission provides its state's residents the right to reverse unauthorized charges. California consumers can also bar third parties from putting charges on their phone bill.

Bottom line

Pay by credit card to get the best protections whenever you buy online or pay by cell phone, make a major purchase in a store, or worry that a seller might not deliver as promised. Avoid prepaid debit cards and billing to your telephone account. Ask your carrier to block third-party charges to your landline and cell phone.

Convenience come-ons

Most of the new electronic payment options tout convenience, and some seem to deliver. It's certainly easier to remember and peck out a phone number and PIN with PayPal Mobile than it would be to type in credit-card account numbers and other online checkout details on a tiny cell phone keypad. Square, Obopay, and mobile banking P2P (person to person) capabilities give consumers the ability to pay more sellers electronically in more places.

But the convenience of other schemes is debatable. To pay for a latte using a Starbucks Mobile bar code displayed on your smart-phone screen, you have to own or sign up for a Starbucks prepaid payment card, download an app, and link and load the phone-based account to a credit or debit card. That adds steps and cards to the payment process, and the last step—scanning instead of swiping—is no simpler.

In a press release, MasterCard said Google Wallet "will eventually be able to do more than a regular wallet ever could." But now, it can't even hold your driver's license or competing credit cards. "We're looking to work with all of the banks," says Nate Tyler, a Google spokesman.

But other credit-card issuers, including BB&T, Nordstrom, Pentagon Federal Credit Union, and US Bank, are partnering with Visa's digital wallet; American Express has its own Serve mobile app. That could create clutter or limit your choice to one digital wallet brand unless phone manufacturers, banks, cell carriers, and payment processors develop inter-operable systems.

"The consumer doesn't want to set up multiple wallets," says Jennifer Schulz, head of innovation for Visa, which says it expects to launch its digital wallet this fall. "Today you have control of what's in your physical wallet and how it's used, and we believe that digital wallets have to remain in the consumer's control." Visa's digital wallet will be able to hold Visa and competing cards from American Express, Discover, and MasterCard.

Bottom line

Take convenience claims with a grain of salt. Consider new payment choices, but separate true benefits from marketing hype. Keep your mobile shopping tools independent from any branded digital wallet you might choose.

Security and fraud

Every payment option comes with some risk of loss or theft, but the banking and payment systems have safeguards to reduce that risk, and consumers can take common-sense steps to protect themselves. Understanding the threat, however, is key.

Electronic payment methods, both online and mobile, may be especially nerve-racking, but in fact, security redund?ancies offer some assurances. For starters, if the worst happens and you lose your phone, your cellular carrier can disable it and the financial institutions can shut off access to your accounts. In the normal course of mobile banking and paying, the smart-phone browser itself provides website authentication and verification on secure "https" sites. The banks and payment processors employ user names, passwords, PINs, and other measures to verify your identity and encrypt the data to make it unintelligible to eavesdroppers.

"If you lose your phone, a crook can't just punch in a few numbers and get into your bank account," says Mary Monahan, a partner and director of research at Javelin Strategy and Research, a consulting company in California. Banks also don't send your pass codes or user names via text, and banking apps don't store passwords or identifying information about you or your account on the phone itself. PINs sent by payment processors have a short life, so even if a thief found one on the phone, it would be useless.

You can buy security software for your mobile devices, such as Norton Mobile Security, which detects and removes malware, blocks unwanted calls and texts, and can remotely locate, lock, or wipe out the memory if the phone is lost.

Bottom line

You can control the risk of loss by knowing the threats with each form of payment and taking steps to protect yourself. Don't share your personal identification and account information, use security software and procedures for your e-commerce, and always keep cash and payment cards in a safe place.