VISA update to zero liability rules raises standard of care for cardholders
Tuesday, August 1, 2017
Visa has updated its core rules to reflect a different standard of care for zero liability protection for unauthorized transactions. Under the previous rules, a member would have zero liability for unauthorized transactions unless they were “grossly negligent” in the handling of the account or card. However, under Visa’s new core rules, a member will have zero liability unless they are “negligent or fraudulent” in handling the account or card.
“Going forward, credit unions will need to make a decision on how they want to handle unauthorized transactions on Visa accounts,” advised Jeanne Couchois, VP compliance & regulatory counsel for the Carolinas Credit Union League.
If a credit union continues to base zero liability determination on a gross negligence standard of care versus negligence, it would not negatively impact the cardholder. That being said, a credit union could choose to delay implementation of the new standard of negligence with the understanding that the credit union may assume some level of additional liability.
“Credit unions will need to do some risk management regarding the updated rules,” Couchois noted. “First, a credit union needs to determine whether it will follow the new rule and update its process.”
Opting Out of Implementation
If a credit union determines it will not implement the new rules and continue to base zero liability on a gross negligence standard of care, it will need to determine whether it is willing to take the risk and possibly assume some level of additional liability. A credit union will need to contact its forms provider and find out if it can continue using the same forms.
Opting In to Implementation
If a credit union decides it wants to implement the change, then contacting its forms provider is still an important step to determine when to notify members of the change and what forms are needed. For example, Regulation E requires credit unions to provide a change-in-terms notice to impacted members prior to implementing the revised standard of care for zero liability protection related to unauthorized transactions, as the potential for member liability increases under the new standard of care. Credit unions must send a change-in-terms notice to members at least 21 days prior to implementing the revised language within the Electronic Fund Transfers Agreement and Disclosure. The credit union will need to take a look at their Visa master agreement and see what it says regarding the change in liability.