Term and Definition: Credit Card Misuse
Der Credit Card Misuse refers to the unauthorized, unlawful use of a credit card to the detriment of the cardholder or a payment service provider. It is important to distinguish between criminal, civil, and data protection aspects, since unauthorized use can entail various legal consequences.
Legal Framework for Credit Card Misuse
Criminal Assessment
Offenses under the Criminal Code (StGB)
Credit card misuse is primarily addressed under the following offenses in the German Criminal Code:
- Fraud (§ 263 StGB): The use of a stolen or counterfeit credit card generally constitutes fraud as soon as deception leads to financial loss.
- Computer Fraud (§ 263a StGB): If a credit card is fraudulently used in electronic payment transactions, classification as computer fraud may apply.
- Forgery of Data of Evidentiary Value (§ 269 StGB): Manipulations aimed at deliberately falsifying credit card data (e.g., carding) fall under this offense.
- Unauthorized Use (§ 266b StGB): This particularly includes the use of a credit card in one’s own name when there is insufficient coverage or no authorization.
- Data Espionage (§ 202a StGB): “Phishing” and the spying of credit card data by third parties can also fulfill this offense.
Perpetrator Groups and Attempt
In principle, anyone who uses a credit card without authorization can be a perpetrator. Criminal liability begins at the earliest with the attempt, for example in the case of an attempted online purchase with stolen data.
Criminal Penalties
The penalty varies depending on the offense and the severity of the act; typically, fines or imprisonment of up to five years may be imposed, and even more in particularly serious cases.
Civil Law Aspects
Liability of the Cardholder
The cardholder has various duties of care towards the credit card company (e.g., secure storage of the card, protection of the PIN). If a duty is breached, liability for damages may arise, with liability limits regulated depending on the card agreement, § 675v BGB, and the general terms and conditions of the issuing institutions.
As a rule, the cardholder’s liability for unauthorized payments is limited to 50 euros, unless gross negligence or intentional misconduct is present.
Liability of the Payment Service Provider
The issuing payment service provider has comprehensive obligations to check and protect. If misuse occurs due to negligence, the cardholder can assert claims for reimbursement of damages.
Compensation and Chargeback Rights
Affected cardholders are generally entitled to a refund of unauthorized charges, provided that the misuse is reported in a timely manner. Deadlines and requirements for proof arise from the respective contract terms and statutory provisions (e.g., § 675v BGB).
Data Protection Law Implications
Credit card data are considered particularly sensitive personal data under the General Data Protection Regulation (GDPR). Data misuse can trigger claims for damages in accordance with Article 82 GDPR and is subject to strict reporting obligations to the data protection authorities.
Forms and Manifestations of Credit Card Misuse
Card Misuse by Third Parties
This especially includes the theft or “phishing” of credit card data, which is then used without the knowledge of the holder (for example, in online commerce).
Card Misuse by the Holder
The so-called Card Misuse (§ 266b StGB) refers to the case where the legitimate cardholder uses their card contrary to usage agreements, e.g., despite insufficient funds. Here, deception of the credit institution is the main focus.
Use of Counterfeit or Manipulated Cards
The use of technically manipulated credit cards (so-called “cloned cards”) is a frequent phenomenon, particularly in internationally organized fraud cases. Along with the actual misuse, this often also constitutes a criminal offense under § 269 StGB (forgery of data of evidentiary value).
Prevention, Detection, and Legal Consequences
Preventive Measures
- Protecting the PIN and Card Data
- Immediate Blocking of the Card in Case of Loss
- Awareness of Phishing and Social Engineering
Reporting and Investigation
In the event of misuse, a criminal complaint should be filed immediately with the relevant authorities. Investigations are often carried out in close cooperation between the police, banks, and international investigative authorities.
Legal Consequences
In addition to criminal sanctions, civil law claims for repayment and damages may also be brought against the perpetrator. In cases of repeated misconduct, credit institutions may permanently block card access.
International Aspects
European Union
At the European level, the Payment Services Directive (PSD2) and the GDPR set uniform minimum standards for protection against credit card misuse.
Cooperation Between Law Enforcement Authorities
The cross-border nature of many cases of misuse requires close cooperation between national and international bodies, such as through Europol, Interpol, or the network of Financial Intelligence Units (FIU).
Conclusion
The misuse of credit cards represents a complex legal matter at the intersection of criminal law, civil law, and data protection law. Due to increasing digitization, prevention and effective legal enforcement have gained significant importance. The legal protective framework is multifaceted and imposes high standards of care on all parties involved in credit card transactions.
See also:
Frequently Asked Questions
Who is legally liable in the event of credit card misuse?
In case of credit card misuse, liability largely depends on how the misuse occurred and whether the cardholder is at fault. As a rule, the cardholder is only liable up to a maximum amount of 50 euros according to § 675v BGB when unauthorized third parties have used the card. However, this limitation does not apply if the cardholder acted with gross negligence or intent. Gross negligence, for example, exists if the card and PIN were stored together or the PIN was given to third parties. If the cardholder has fulfilled their duties of care—such as keeping the card and PIN separate and notifying the bank immediately after the loss—then the bank must generally bear the loss. If misuse occurs after the loss has been reported, the cardholder is not liable at all, unless they acted fraudulently.
What legal steps can the cardholder take in the event of misuse?
If credit card misuse is detected, the cardholder should first promptly notify their bank and have the card blocked. It is also advisable to file a report with the police in order to prosecute the perpetrator criminally. Under civil law, the cardholder can request the bank to reverse unauthorized payments (§ 675u BGB). If the bank refuses, legal action for repayment may be possible. The cardholder may also claim damages if they have suffered a loss due to a delayed block or incorrect handling of the case by the bank.
How does gross negligence affect the liability of the cardholder?
If the cardholder has acted with gross negligence, they risk full liability for the total loss resulting from credit card misuse. Case law considers, among other things, the combined storage of card and PIN, providing the PIN to third parties, or failing to report a card loss as gross negligence. If gross negligence is established, the statutory limitation of liability to 50 euros (§ 675v para. 3 BGB) ceases to apply, and the cardholder may have to compensate the entire amount resulting from the misuse.
In which cases is a credit card company obliged to compensate for losses incurred?
The credit card company or the bank is required to compensate for the loss if the transactions were not authorized by the cardholder and the customer is not at fault or is only slightly negligent. The bank is also liable if the misuse occurs after the immediate blocking notification. In case of technical security deficiencies in the banking system or the unlawful processing of card data by third parties, the bank is also liable. The obligation to reimburse also exists if the bank has implemented the loss report and blocking request from the customer late or not at all. In the event of a dispute, the bank may have to prove that the customer authorized the misuse or caused it through gross negligence.
What deadlines apply for reporting and disputing credit card misuse?
Cardholders are required to report irregularities in their credit card account to their bank immediately, generally within eight weeks of becoming aware (§ 675z BGB). For reclaiming unauthorized payments, there is a cut-off period of 13 months from the date of debit. If misuse is reported after this period, the bank may refuse reimbursement. The reporting obligation serves both as evidence preservation and protection against further misuse.
What legal consequences does the perpetrator face for credit card misuse?
Credit card misuse is a criminal offense and can be prosecuted under § 263 StGB (fraud), § 266b StGB (misuse of cheques and credit cards), or § 263a StGB (computer fraud). Penalties range from fines to several years of imprisonment, depending on the seriousness of the case and the loss incurred. The perpetrator can also be ordered under civil law to pay full restitution for the damage caused. Attempted credit card misuse is also punishable.
Is there a right to compensation if the bank fails to promptly detect suspected misuse?
Banks and credit card companies are obliged to implement modern security and monitoring mechanisms to supervise transactions. If the bank culpably fails to identify atypical activity or obvious misuse early on, for example by not issuing warnings or temporary blocks, it may be liable for damages. The injured party then has a right to compensation, provided they did not breach significant duties of care themselves. However, the burden of proof for a breach of monitoring or advisory duties lies with the cardholder.
