Continuous Payment Authority

Reentrant wrote:


I don't understand how failure to 'opt out' can constitute a positive authorization. As with any charge that has not been authorized, I just rely on insisting that the card company do a charge-back.
Cliff.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Clifford Frisby wrote:

It is not difficult to understand. Many services are provided on the basis that annual renewal is automatic rather than subject to explicit confirmation. Where this is the case, it is usually simpler for payment to be automatic too, and thus SOs, DDs, and CPAs lend themselves to this kind of thing.
Failing to explicitly opt out of an otherwise automatic renewal will lead to a renewal becoming effective, and depending on any cancellation notice period required, will lead to your becoming liable for payment, whichever method of payment has been agreed.

You need to be careful if you do that, because typically you *will* have given a continuous rather than one-off authority at the outset.

I think they would be unable to comply, because the request for payment, submitted by the service provider to the card provider, is not generally accompanied by evidence of authorisation, and the card provider has no way of knowing whether the authority which the service provider claims you have given is continuous or not.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I am sure that there must be as it is possible for one-off payments to be rejected and for continuous payments to be charged against an account even after the user thinks it has been closed. So the service provider must have some way of telling the difference.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Graham Murray wrote:

Yes, the service provider can, but the card provider can't.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Sorry, I meant card provider. My question still stands. It is widely reported here that it is (almost) impossible to get a card issuer to stop a CCA. There have even been reports of card companies re-opening a closed account (sometimes months later) when a supplier submits a charge from a CCA. Yet a one-off transaction can be declined. Surely this indicates that the card issuer must be able to tell the difference otherwise they would either be able to decline the CCA charge or would not be able to decline a one-off charge.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 15 Aug 2009 13:16:24 GMT, Ronald Raygun

This is an area where the whole system needs tightening up. Some mechanism should be put in place where a CPA needs to be registered with the card provider before it becomes effective. This should provide the cardholder with better ability to cancel his authorisation if for some reason he has difficulty getting a merchant to stop charging his card. Banks have fairly tight rules and procedures that must be followed before allowing direct debits to be applied to bank accounts, and I don't see why they allow things to be so much more lax with credit cards.
Chris
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Chris Blunt wrote:

I disagree, it would make the system too complicated. If on the other hand you were to argue that the whole CPA system should be scrapped, I'd be inclined to agree. There is no need for it because a DD does everything a CPA can do.

This ability already exists. He simply withdraws the authority and informs the merchant. If the merchant continues to make charges, these will then be unauthorised and the cardholder can simply require the card provider to reverse them. If the merchant persists, he will eventually lose the privilege of being allowed to accept card payments.

Is it not the case that merchants are suitably vetted before being allowed to "originate" DD requests, but that the signed DD authority never actually needs to be presented to the bank? AIUI it is possible to set up a DD authority over the phone without anything in writing. Presumably, therefore, even when there *is* a written authority in place, the form simply stays with the merchant, for production to the bank only if required to defend a charge-back.
That being the case, there is no procedural difference to speak of between DDs and CPAs.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sat, 15 Aug 2009 17:02:47 GMT, Ronald Raygun

The problem that many people have is being unable contact the merchant to inform them that authorisation is being withdrawn. This could be a result of having originally giving authorisation via a web site that no longer exists, or a telephone number that's no longer used by the merchant. Unless they can track down a physical address at which they can serve written notice of withdrawal of authorisation they are stuck with a CPA that carries on indefinitely.
I don't think its good enough to say it would be too complicated to solve that problem. The industry needs to sort itself out to make sure that cardholders cannot be trapped in that situation.
Chris
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Chris Blunt wrote:

They could try using a telephone directory or doing a web search. If all else fails, their card provider should be able to supply contact details.

It shouldn't be necessary to serve a physical written notice. They simply need to be informed by any means available. You can always just keep using chargebacks, and sooner or later they will get the message.
But at a more basic level, even the explicit withdrawal of authority should only rarely be necessary, namely only where it is desired to move to a different method of payment. Otherwise, when one cancels a service, the merchant should cease making charges automatically, and should deem the authority to have been withdrawn implicitly.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ronald Raygun wrote:

Yes, perhaps it *is* difficult for me to understand. These companies could just as easily obtain a positive authorization. It is outrageous for them to take 'didn't not authorize' as equivalent to 'authorized', and if they play that game then they should expect a level of chargebacks.
It's much easier for me to understand the principle that if I authorise an organisation to charge my card then I am liable to cough up the same to the card company, and that in all other cases I'm not. Couldn't be simpler. And I think it *is* the principle that upon which we hold our credit card accounts, otherwise we are pretty much stuffed.
I'm a little disappointed, RR, that you are so ready to give up this protection. It seems quite fundamentally important to me.
What are these services that are provided on the basis that annual renewal is automatic, and does this basis apply regardless of whether you pay by cash/cheque or credit card?

Well, liability for payment is surely a separate issue from whether you have authorised a payment from your credit card. Being liable to pay for something does not give the creditor the right to infer an authorisation to charge your card.
I can see that the two are going to be bound up in the OPs case, insofar as it is very unlikely that there was an option to sign up for continuous renewal without a corresponding authorization for continuous CC charge. But it's the fact that he has not authorised his card to be charged which is the point of issue. The fact that he is almost certainly not liable to pay at all is a separate argument, IMNSHO.

When you say I need to be careful, it sounds as though I have any choice in the matter. The scenario under discussion is the one where I (or the OP) have missed an opt-out. It's too late to be careful!
Just to be clear though: I would not ignore an opt-out out of sheer bloody-mindedness.
However, if I found myself charged for something which I never intended to buy, and where I knew I had never explicitly given my consent for my card to be charged for (which seems to be the situation that the OP is concerned about), then it would be reasonable to rely on the principle that I simply hadn't authorised the payment. The charge would be put into dispute, the retailer would not be able to demonstrate that I had authorised it, and the card co would rightly demand *its* money back from the retailer.

I agree with that. But the service provider is liable to demonstrate the existence of the authority, whether continuous or not, if demanded.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Clifford Frisby wrote:

But that's what they *have* done. They've asked you, and you've agreed, to authorise not just the first payment but all future ones. Your authority remains in place until you withdraw it. It's that simple.

It isn't really outrageous at all. It seems quite reasonable that the option should be made available for automatic renewal of insurance policies or subscription services, because it's more convenient for everyone if a business relationship requires only two adminitrative events, namely start and stop, instead of start, restart, restart, and then to have a failure to restart imply a stop (which can have dire consequences if you forget to restart something like a car insurance and end up stopping it unintentionally). It is just one little step further to apply the same start stop principle to the payment mechanism as to the subscription itself.

Quite, but just as you might authorise your bank for direct debits, where you don't need to explicitly refresh it every year, why don't you accept that a similar arrangement should be possible with a credit card?

What protection is being given up? You have the option of not giving the authority to start with. But if you do give it you still retain the protection, if you've withdrawn the authority, that you can simply tell your card provider that a repeat charge was not authorised, and they will then put in a chargeback against the merchant.

Many insurances are now operated in this way. They send you a letter at renewal time asking you to let them know if you wish to cancel, and that if you want to renew, you need do nothing. ISP subscriptions, contract mobile phones, etc.

Probably, but cash is not really an option except in face to face transactions, and cheques are gradually becoming obsolete, so the only remaining options are standing order, single orders (such as direct one-off payments by online banking), or direct debits, or debit/credit cards.
Of course from a merchant's point of view there's more chance of not getting paid if they have to relay on the customer pushing the payment than if they've been given the OK to pull the payment, so they may well offer auto-renewal only where pull authority has been given.
I guess that some types of service providers will simply not offer their service at all unless you give them either a DD or a CCA.

I completely agree. But there is little point in making only the incurring of the liability automatic without making the settling of the liability automatic also. If you're going to be involved in one administrative event (making the payment) you might as well make the other (incurring the liability by confirming you wish to renew subscription) explicit too.

You are contradicting yourself here. Evidently he did sign up for automatic renewal and if this would not have been possible without also giving a continuing CC authority, then he must have given that authority. Therefore it is untrue to say that "he has not authorised his card to be charged".

You have just pointed out that incurring liability and settling it are totally separate. Missing the opt-out is carelessly incurring the liability. What I meant by "you need to be careful" is that -having done so- you must not try to pull the plug on the settlement by telling the card issuer that the charge was unauthorised when in fact it was, since you would then be committing fraud.

Indeed, but in this he is in the unenviable position of not being able to prove a negative. He may be able to prove that you had at some point given a continuing authority, but he would not be able to prove that you had not subsequently withdrawn it. Therefore he can't really prove that he had the authority at the time the disputed payment was requested.
The odds are stacked in your favour.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ronald Raygun wrote:

Are we at cross-purposes? I have no objection to auto-renewals. In some cases I'll even agree to them. I am concerned about auto-auto-renewals, where you find yourself in an auto-renewal situation passively, by omission to prevent it.
Looking back at what the OP said, he used the phrase 'falling for' in relation to auto-renewals. He talked of 'missing' an opt out. If the solution to his problem is simply 'don't sign up for auto-renewals' then I don't think he would have bothered raising the issue, so I presume (though I can't speak for him) that he's referring to something more insidious, i.e. auto-renewal with no positive agreement on his part.
(Apologies to Reentrant if 'he' is actually a 'she': for he read (s)he.)

Yes it is indeed quite reasonable for such an option to be available. I really don't think the that Reentrant would have a problem with the option being available to him.

I do absolutely accept that. No problem.

Perhaps I phrased it badly. I am thinking that if you accept auto-renewal (and the implied repeat authorisation for a CC charge) as the default model (albeit only for your 'approved' list of goods and services), then it will become the norm, and you (and the rest of us) will be forever running around trying to prevent charges being made on our credit card.

Ah, now this is important. It depends whether you have already given your consent for such an arrangement. If you have then fair enough. I you haven't then a chargeback is entirely reasonable, and the best course of action.
The only quibble I have is whether a failure to opt out (i.e. simply not doing something) can be treated by the provider as an implicit authorisation. Clearly the may try to do so, and successfully so in many cases perhaps, but if you're in the position of having 'fallen for' and auto renewal which you didn't want, it's a point of principle which I reckon could be relied on to get the transaction reversed.

It wasn't 'DD or CCA' that I wanted to highlight. Clearly these are designed for auto-renewal. I was only trying to highlight the suspicion that it is credit cards (and I suppose debit cards), where the information for a single payment is technically sufficient to put through further charges (in contrast to cash/cheque) that is driving this auto-renewal model.
Your wording (a long way up from here!) seemed to suggest that auto-renewal t'was ever thus, and the growth of use in credit/debit cards were not the cause of it becoming commonplace.

Yes, okay. It was an 'aside' on my part. (My brain hurts now!)

I'm just making the assertion that he hasn't given the authority, because if the situation is one in which he feels he has 'fallen for' giving it, then the manner in which it was obtained was not sufficiently strong for it to actually have been obtained. Yes, this is an opinion, and you may not agree with it.

I'm not advocating concealing any facts, so no risk of being accused of fraud. Merely point out that you missed it. The provider could have asked for an explicit approval, so the provider took the risk.

Well they should be if you are in the right!! (My answer is predicated on the OP being honest in only using this approach where he has genuinely found himself faced with a charge which he didn't intend to authorize, and didn't actually give any positive authorisation for.) If the provider doesn't like the odds, he can avoid playing the game.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Clifford Frisby wrote:

You mean you're worried about someone taking out a policy and signing up for auto-renewal without realising? OK, I can see that that would be a genuine concern, but I dare say that in such cases common sense would prevail, and a customer would be able to back out, at least at first renewal, though the provider might not be so understanding next time.

The OP was speaking hypothetically, in a way which suggests he is (or would be) fully aware that the policy or service is in fact of the auto-renewing variety, and is concerned only about the situation where he might forget to cancel before the renewal becomes effective. In general, though, I think these things are normally associated with paperwork (or electronic equivalent) reminding the subscriber that renewal is imminent and they should cancel by such-and-such a date if they wish it not to go ahead. But it's true that such reminders can come while one is away on business/holiday for several weeks and would be unable to act upon them. I presume this is what he had in mind by "missing an opt-out".

I don't think so. We're not all forever running around trying to prevent funds being taken from our current accounts by DD, provided we deal with reputable traders, so there ought never to be much of a problem, since the rogue credit card chargers can be dealt with by chargebacks, just as we are protected from rogue DD-ers by the DD guarantee.
Nevertheless I do wonder where this CCA stuff has sprung up from, given there is not really any need for it when we already have DD. Perhaps it's because payment cards are more international and not every country has the equivalent of DD (or the accompanying guarantee), or perhaps it's because it's easier for traders to sign up for card merchant services than to gain approval to originate DDs.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ronald Raygun wrote:

Well, let's hope so. But I still say that it shouldn't really be possible, virtually by definition, to sign-up for auto renewal (or more particularly auto payment) without realising it.

You could be right, but personally I can't reconcile that interpretation with what he wrote. The idea of lodging a preemptive 'no CCAs' with his card company, even if it was a runner, doesn't seem consistent with that view.

I know that DD is probably the closest analogue to CCA that we have to compare, but there are significant differences which make it hard to accept that kind of read-across. DD payments go through explicit DD mechanisms rather than looking like unrelated single payments, the authorisations are lodged in advance with the bank (though maybe not proof of the authorisation), there is a DD guarantee, and the DD has no 'normal non-recurring' manifestation in the way that CCAs are just the repeat application of single CC payments.
Running around? Take the (true) situation where I took out a year's motor insurance over the telephone. When the paperwork came through there was a statement on the T&Cs to the effect that unless I took some avoiding action (which I call 'running around') then the policy would be renewed automatically and my card charged for the premium.
A phone call objecting to the principle of their CCA opt-out model would undoubtably be processed in exactly the same way as a mere 'no thanks, but thanks very much for asking'. There would be no incentive for them to desist, every incentive to continue, and, like I say, it will become the norm.
Relying on a charge-back is a better approach, IMO.

I think it is a combination of (1) the general ubiquity of 'cardholder not present' transactions generally (which are now so common (telephone, Internet) that nobody (except me!) thinks of them as unusual in any way; and (2) the fact that a single 'cardholder not present' authorisation is accompanied by sufficient information to allow, technically at least, further payments to be taken. I can't think of any other 'single-shot' payment mechanism that meets this criterion.
Perhaps that system that Cahoot were doing for a while, where you can conjure up a one-time card number against your account, could be used as a cardholder defence against opt-out CCAs, rather than just the general fraud that it was targetted at.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

BeanSmart.com is a site by and for consumers of financial services and advice. We are not affiliated with any of the banks, financial services or software manufacturers discussed here. All logos and trade names are the property of their respective owners.

Tax and financial advice you come across on this site is freely given by your peers and professionals on their own time and out of the kindness of their hearts. We can guarantee neither accuracy of such advice nor its applicability for your situation. Simply put, you are fully responsible for the results of using information from this site in real life situations.