EU court rules on liability for the loss of a bank card

If a bank card with which contactless payment is possible is lost, the bank customer does not bear the risk of the card’s misuse if the customer had reported the loss of the card.

The European Court of Justice (ECJ) made the decision in a case in which an Austrian consumer organisation (VKI) had sued for an injunction against the validity of the General Terms and Conditions for cards using the so-called Near Field Communication (NFC) contactless payment technology issued by DenizBank.

Among other things, the bank excludes its liability for unauthorised payments. In addition, the bank points out that the account holder bears the responsibility of NFC card’s misuse if the card is lost and that it is not possible to block this function if the card is lost.

The Austrian Supreme Court had referred the case to the ECJ for a clarification on the interpretation of the EU’s Payment Services Directive.

The ECJ has now ruled that contactless payment is an anonymised payment instrument and that this generally allows the bank to reduce its liability, but the bank could not invoke this relief from liability simply by making a demonstrably false claim that blocking the card was technically impossible.

DenizBank had claimed it could not be held responsible for small-euro amount payments of up to €75 made on lost or stolen cards outfitted with NFC technology. Businesses across the EU are exempted from requiring PIN verification of payments up to €50.

The customer must be able to report the loss or misuse of the card immediately and free of charge, the court ruled. After reporting, there should be no financial consequences for the customer, unless they have acted fraudulently.

Cards and smartphones equipped with NFC technology have become extremely popular, especially during the coronavirus pandemic where most businesses and customers prefer contactless payment to exchanging cash.

Felix Dappah