Stop financial institutions from automatically giving updated card info to merchants

Stop financial institutions from automatically giving updated card info to merchants

Started
June 18, 2021
Petition to
Signatures: 11Next Goal: 25
Support now

Why this petition matters

Started by Scot Anderson

Background

When individuals create a recurring order or subscription using a card as payment, merchants have the ability to get updated card information from the card company. E.g. VISA has the VISA Account Updater (VAU) program and Master Card has the Master Card automatic billing updater program. This allows merchants to continue to charge a new card after an old card has be deactivated for fraud or normal expiration. These are good ideas and help both merchants and customers. However, if someone gets your number and signs up for a fraudulent subscription, those vendors can and do keep charging the card even after fraud has been reported to the card company and a new card has been issued.

Purpose

The purpose of this law is to give individuals the ability to combat "recurring charges" fraud without destroying the positive effects of updating merchants that have legitimate reasons to retrieve updated account information.

Request to Enact a new Law

Therefore, we are petitioning the congress to enact a new law requiring all institutions that make recurring payments to a merchant on behalf of their customers to:

  1. provide customers the ability to securely opt out of updating individual (or all) merchants with the customer's updated account information, thereby preventing those merchants from continuing to charge the account holder when account information changes. The institutions are required to provide this service by phone and online, if the institution has an online presence.
  2. provide customers the ability to securely block an individual merchant from charging their card for up to one year. The institutions are required to provide this service by phone and online, if the institution has an online presence.
  3. provide the merchants a secure notification within 30 days of the customer's withdrawal of permission to charge an account.

Boundary Rationale

"Up to one year" - Most disputes are resolved in one year.

"30 days" notification - Most institutions that pay merchants on a customer's behalf work in monthly cycles. Most merchants subscriptions are monthly.

"required... online" opt out - It is in the best interest of institutions and customers to allow account holders to opt out through their web portal or phone app, rather than through more traditional means. However all institutions should allow a phone call.

"online" means through a website or app provided by the institution.

"secure" means that data is protected from disclosure en-route and does not remove any regulatory requirements of other laws. E.g. The service encrypts data en-route by appropriate algorithms as specified by current NIST standards.

Motivating Circumstances

Someone got my credit card number and signed up for the YouTube service. My credit card company was happy that I was watching for fraud, refunded the transaction and sent me a new card. And this happened three months in a row. I eventually contacted my bank, Master Card, VISA, the BBB, and Google (although not in that order) with no way of stopping this other than to completely block the card. And there the card sits, virtually unusable now for six months.

 

Support now
Signatures: 11Next Goal: 25
Support now
Share this petition in person or use the QR code for your own material.Download QR Code

Decision Makers