I don't understand how failure to 'opt out' can constitute a positive
authorization. As with any charge that has not been authorized, I just rely
on insisting that the card company do a charge-back.
It is not difficult to understand. Many services are provided on the
basis that annual renewal is automatic rather than subject to explicit
confirmation. Where this is the case, it is usually simpler for payment
to be automatic too, and thus SOs, DDs, and CPAs lend themselves to
this kind of thing.
Failing to explicitly opt out of an otherwise automatic renewal will lead
to a renewal becoming effective, and depending on any cancellation notice
period required, will lead to your becoming liable for payment, whichever
method of payment has been agreed.
You need to be careful if you do that, because typically you *will* have
given a continuous rather than one-off authority at the outset.
I think they would be unable to comply, because the request for payment,
submitted by the service provider to the card provider, is not generally
accompanied by evidence of authorisation, and the card provider has no
way of knowing whether the authority which the service provider claims
you have given is continuous or not.
I am sure that there must be as it is possible for one-off payments to
be rejected and for continuous payments to be charged against an account
even after the user thinks it has been closed. So the service provider
must have some way of telling the difference.
Sorry, I meant card provider. My question still stands. It is widely
reported here that it is (almost) impossible to get a card issuer to
stop a CCA. There have even been reports of card companies re-opening a
closed account (sometimes months later) when a supplier submits a charge
from a CCA. Yet a one-off transaction can be declined. Surely this indicates
that the card issuer must be able to tell the difference otherwise they
would either be able to decline the CCA charge or would not be able to
decline a one-off charge.
This is an area where the whole system needs tightening up. Some
mechanism should be put in place where a CPA needs to be registered
with the card provider before it becomes effective. This should
provide the cardholder with better ability to cancel his authorisation
if for some reason he has difficulty getting a merchant to stop
charging his card. Banks have fairly tight rules and procedures that
must be followed before allowing direct debits to be applied to bank
accounts, and I don't see why they allow things to be so much more lax
with credit cards.
I disagree, it would make the system too complicated. If on the other
hand you were to argue that the whole CPA system should be scrapped,
I'd be inclined to agree. There is no need for it because a DD does
everything a CPA can do.
This ability already exists. He simply withdraws the authority and informs
the merchant. If the merchant continues to make charges, these will then
be unauthorised and the cardholder can simply require the card provider
to reverse them. If the merchant persists, he will eventually lose the
privilege of being allowed to accept card payments.
Is it not the case that merchants are suitably vetted before being
allowed to "originate" DD requests, but that the signed DD authority
never actually needs to be presented to the bank? AIUI it is possible
to set up a DD authority over the phone without anything in writing.
Presumably, therefore, even when there *is* a written authority in
place, the form simply stays with the merchant, for production to the
bank only if required to defend a charge-back.
That being the case, there is no procedural difference to speak of
between DDs and CPAs.
The problem that many people have is being unable contact the merchant
to inform them that authorisation is being withdrawn. This could be a
result of having originally giving authorisation via a web site that
no longer exists, or a telephone number that's no longer used by the
merchant. Unless they can track down a physical address at which they
can serve written notice of withdrawal of authorisation they are stuck
with a CPA that carries on indefinitely.
I don't think its good enough to say it would be too complicated to
solve that problem. The industry needs to sort itself out to make sure
that cardholders cannot be trapped in that situation.
They could try using a telephone directory or doing a web search. If all
else fails, their card provider should be able to supply contact details.
It shouldn't be necessary to serve a physical written notice. They
simply need to be informed by any means available. You can always
just keep using chargebacks, and sooner or later they will get the
But at a more basic level, even the explicit withdrawal of authority
should only rarely be necessary, namely only where it is desired to
move to a different method of payment. Otherwise, when one cancels
a service, the merchant should cease making charges automatically,
and should deem the authority to have been withdrawn implicitly.
Yes, perhaps it *is* difficult for me to understand. These companies could
just as easily obtain a positive authorization. It is outrageous for them
to take 'didn't not authorize' as equivalent to 'authorized', and if they
play that game then they should expect a level of chargebacks.
It's much easier for me to understand the principle that if I authorise an
organisation to charge my card then I am liable to cough up the same to the
card company, and that in all other cases I'm not. Couldn't be simpler. And
I think it *is* the principle that upon which we hold our credit card
accounts, otherwise we are pretty much stuffed.
I'm a little disappointed, RR, that you are so ready to give up this
protection. It seems quite fundamentally important to me.
What are these services that are provided on the basis that annual renewal
is automatic, and does this basis apply regardless of whether you pay by
cash/cheque or credit card?
Well, liability for payment is surely a separate issue from whether you have
authorised a payment from your credit card. Being liable to pay for
something does not give the creditor the right to infer an authorisation to
charge your card.
I can see that the two are going to be bound up in the OPs case, insofar as
it is very unlikely that there was an option to sign up for continuous
renewal without a corresponding authorization for continuous CC charge. But
it's the fact that he has not authorised his card to be charged which is
the point of issue. The fact that he is almost certainly not liable to pay
at all is a separate argument, IMNSHO.
When you say I need to be careful, it sounds as though I have any choice in
the matter. The scenario under discussion is the one where I (or the OP)
have missed an opt-out. It's too late to be careful!
Just to be clear though: I would not ignore an opt-out out of sheer
However, if I found myself charged for something which I never intended to
buy, and where I knew I had never explicitly given my consent for my card
to be charged for (which seems to be the situation that the OP is concerned
about), then it would be reasonable to rely on the principle that I simply
hadn't authorised the payment. The charge would be put into dispute, the
retailer would not be able to demonstrate that I had authorised it, and the
card co would rightly demand *its* money back from the retailer.
I agree with that. But the service provider is liable to demonstrate the
existence of the authority, whether continuous or not, if demanded.
But that's what they *have* done. They've asked you, and you've agreed,
to authorise not just the first payment but all future ones. Your authority
remains in place until you withdraw it. It's that simple.
It isn't really outrageous at all. It seems quite reasonable that the
option should be made available for automatic renewal of insurance
policies or subscription services, because it's more convenient for
everyone if a business relationship requires only two adminitrative
events, namely start and stop, instead of start, restart, restart,
and then to have a failure to restart imply a stop (which can have
dire consequences if you forget to restart something like a car
insurance and end up stopping it unintentionally). It is just one
little step further to apply the same start stop principle to the
payment mechanism as to the subscription itself.
Quite, but just as you might authorise your bank for direct debits,
where you don't need to explicitly refresh it every year, why don't
you accept that a similar arrangement should be possible with a
What protection is being given up? You have the option of not giving
the authority to start with. But if you do give it you still retain
the protection, if you've withdrawn the authority, that you can simply
tell your card provider that a repeat charge was not authorised, and
they will then put in a chargeback against the merchant.
Many insurances are now operated in this way. They send you a letter at
renewal time asking you to let them know if you wish to cancel, and that
if you want to renew, you need do nothing. ISP subscriptions, contract
mobile phones, etc.
Probably, but cash is not really an option except in face to face
transactions, and cheques are gradually becoming obsolete, so the
only remaining options are standing order, single orders (such as
direct one-off payments by online banking), or direct debits, or
Of course from a merchant's point of view there's more chance of
not getting paid if they have to relay on the customer pushing the
payment than if they've been given the OK to pull the payment, so
they may well offer auto-renewal only where pull authority has been
I guess that some types of service providers will simply not offer
their service at all unless you give them either a DD or a CCA.
I completely agree. But there is little point in making only the incurring
of the liability automatic without making the settling of the liability
automatic also. If you're going to be involved in one administrative
event (making the payment) you might as well make the other (incurring the
liability by confirming you wish to renew subscription) explicit too.
You are contradicting yourself here. Evidently he did sign up for automatic
renewal and if this would not have been possible without also giving a
continuing CC authority, then he must have given that authority. Therefore
it is untrue to say that "he has not authorised his card to be charged".
You have just pointed out that incurring liability and settling it are
totally separate. Missing the opt-out is carelessly incurring the
liability. What I meant by "you need to be careful" is that -having
done so- you must not try to pull the plug on the settlement by telling
the card issuer that the charge was unauthorised when in fact it was,
since you would then be committing fraud.
Indeed, but in this he is in the unenviable position of not being able
to prove a negative. He may be able to prove that you had at some point
given a continuing authority, but he would not be able to prove that you
had not subsequently withdrawn it. Therefore he can't really prove that
he had the authority at the time the disputed payment was requested.
The odds are stacked in your favour.
Are we at cross-purposes? I have no objection to auto-renewals. In some
cases I'll even agree to them. I am concerned about auto-auto-renewals,
where you find yourself in an auto-renewal situation passively, by omission
to prevent it.
Looking back at what the OP said, he used the phrase 'falling for' in
relation to auto-renewals. He talked of 'missing' an opt out. If the
solution to his problem is simply 'don't sign up for auto-renewals' then I
don't think he would have bothered raising the issue, so I presume (though
I can't speak for him) that he's referring to something more insidious,
i.e. auto-renewal with no positive agreement on his part.
(Apologies to Reentrant if 'he' is actually a 'she': for he read (s)he.)
Yes it is indeed quite reasonable for such an option to be available. I
really don't think the that Reentrant would have a problem with the option
being available to him.
I do absolutely accept that. No problem.
Perhaps I phrased it badly. I am thinking that if you accept auto-renewal
(and the implied repeat authorisation for a CC charge) as the default model
(albeit only for your 'approved' list of goods and services), then it will
become the norm, and you (and the rest of us) will be forever running
around trying to prevent charges being made on our credit card.
Ah, now this is important. It depends whether you have already given your
consent for such an arrangement. If you have then fair enough. I you
haven't then a chargeback is entirely reasonable, and the best course of
The only quibble I have is whether a failure to opt out (i.e. simply not
doing something) can be treated by the provider as an implicit
authorisation. Clearly the may try to do so, and successfully so in many
cases perhaps, but if you're in the position of having 'fallen for' and
auto renewal which you didn't want, it's a point of principle which I
reckon could be relied on to get the transaction reversed.
It wasn't 'DD or CCA' that I wanted to highlight. Clearly these are designed
for auto-renewal. I was only trying to highlight the suspicion that it is
credit cards (and I suppose debit cards), where the information for a
single payment is technically sufficient to put through further charges (in
contrast to cash/cheque) that is driving this auto-renewal model.
Your wording (a long way up from here!) seemed to suggest that auto-renewal
t'was ever thus, and the growth of use in credit/debit cards were not the
cause of it becoming commonplace.
Yes, okay. It was an 'aside' on my part. (My brain hurts now!)
I'm just making the assertion that he hasn't given the authority, because if
the situation is one in which he feels he has 'fallen for' giving it, then
the manner in which it was obtained was not sufficiently strong for it to
actually have been obtained. Yes, this is an opinion, and you may not agree
I'm not advocating concealing any facts, so no risk of being accused of
fraud. Merely point out that you missed it. The provider could have asked
for an explicit approval, so the provider took the risk.
Well they should be if you are in the right!! (My answer is predicated on
the OP being honest in only using this approach where he has genuinely
found himself faced with a charge which he didn't intend to authorize, and
didn't actually give any positive authorisation for.) If the provider
doesn't like the odds, he can avoid playing the game.
You mean you're worried about someone taking out a policy and signing up
for auto-renewal without realising? OK, I can see that that would be
a genuine concern, but I dare say that in such cases common sense would
prevail, and a customer would be able to back out, at least at first
renewal, though the provider might not be so understanding next time.
The OP was speaking hypothetically, in a way which suggests he is (or
would be) fully aware that the policy or service is in fact of the
auto-renewing variety, and is concerned only about the situation where
he might forget to cancel before the renewal becomes effective. In
general, though, I think these things are normally associated with
paperwork (or electronic equivalent) reminding the subscriber that
renewal is imminent and they should cancel by such-and-such a date if
they wish it not to go ahead. But it's true that such reminders can
come while one is away on business/holiday for several weeks and would
be unable to act upon them. I presume this is what he had in mind by
"missing an opt-out".
I don't think so. We're not all forever running around trying to prevent
funds being taken from our current accounts by DD, provided we deal with
reputable traders, so there ought never to be much of a problem, since
the rogue credit card chargers can be dealt with by chargebacks, just as
we are protected from rogue DD-ers by the DD guarantee.
Nevertheless I do wonder where this CCA stuff has sprung up from, given
there is not really any need for it when we already have DD. Perhaps it's
because payment cards are more international and not every country has
the equivalent of DD (or the accompanying guarantee), or perhaps it's
because it's easier for traders to sign up for card merchant services
than to gain approval to originate DDs.
Well, let's hope so. But I still say that it shouldn't really be possible,
virtually by definition, to sign-up for auto renewal (or more particularly
auto payment) without realising it.
You could be right, but personally I can't reconcile that interpretation
with what he wrote. The idea of lodging a preemptive 'no CCAs' with his
card company, even if it was a runner, doesn't seem consistent with that
I know that DD is probably the closest analogue to CCA that we have to
compare, but there are significant differences which make it hard to accept
that kind of read-across. DD payments go through explicit DD mechanisms
rather than looking like unrelated single payments, the authorisations are
lodged in advance with the bank (though maybe not proof of the
authorisation), there is a DD guarantee, and the DD has no 'normal
non-recurring' manifestation in the way that CCAs are just the repeat
application of single CC payments.
Running around? Take the (true) situation where I took out a year's motor
insurance over the telephone. When the paperwork came through there was a
statement on the T&Cs to the effect that unless I took some avoiding action
(which I call 'running around') then the policy would be renewed
automatically and my card charged for the premium.
A phone call objecting to the principle of their CCA opt-out model would
undoubtably be processed in exactly the same way as a mere 'no thanks, but
thanks very much for asking'. There would be no incentive for them to
desist, every incentive to continue, and, like I say, it will become the
Relying on a charge-back is a better approach, IMO.
I think it is a combination of
(1) the general ubiquity of 'cardholder not present' transactions generally
(which are now so common (telephone, Internet) that nobody (except me!)
thinks of them as unusual in any way; and
(2) the fact that a single 'cardholder not present' authorisation is
accompanied by sufficient information to allow, technically at least,
further payments to be taken. I can't think of any other 'single-shot'
payment mechanism that meets this criterion.
Perhaps that system that Cahoot were doing for a while, where you can
conjure up a one-time card number against your account, could be used as a
cardholder defence against opt-out CCAs, rather than just the general fraud
that it was targetted at.
BeanSmart.com is a site by and for consumers of financial services and advice. We are not affiliated with any of the banks, financial services or software manufacturers discussed here.
All logos and trade names are the property of their respective owners.
Tax and financial advice you come across on this site is freely given by your peers and professionals on their own time and out of the kindness of their hearts. We can guarantee
neither accuracy of such advice nor its applicability for your situation. Simply put, you are fully responsible for the results of using information from this site in real life situations.