Unauthorized credit and debit transactions: know your rights and responsibilities

From: Financial Consumer Agency of Canada

How you’re protected from unauthorized transactions

Visa, Mastercard, American Express and Interac have committed to protect you against financial loss if someone uses your credit or debit card without your permission.

You’re responsible for taking reasonable care to keep your account information and personal identification number (PIN) safe. If you did, they’ll usually reimburse you in full.

Learn more about these commitments and policies:

Credit card transactions you didn’t authorize

There’s a maximum amount you’ll be responsible for if someone uses your credit card without your permission.

If a bank issued your credit card, the maximum amount is $50, unless you demonstrated gross negligence (in Quebec, gross fault) in safeguarding your:

credit card and its account information
personal authentication information (including personal identification number (PIN), passwords or other information they use to verify your identity)

If a federally regulated financial institution other than a bank issued your credit card, the maximum amount is the lesser of:

$50
the maximum amount set by your credit card agreement

Debit card transactions you didn’t authorize

You’re not responsible for losses due to situations beyond your control. For example, technical problems or someone used your card when you had already reported it as lost or stolen.

The maximum amount you’re responsible for usually can’t be more than the withdrawal limits of your debit card. However, you may be responsible for more than the balance of your account, for example if:

your account links to a line of credit or overdraft protection
your account links to 1 or more other accounts

Your responsibilities when using a credit or debit card

To receive a full reimbursement, you must:

notify your card issuer without delay:
- of any unauthorized transaction
- if you lost your card, or
- if someone stole it
keep your PIN confidential and never share it with anyone, not even a family member
avoid choosing a PIN that is easy to guess like a birth date or a telephone number

Generally, these conditions are similar across all card issuers. Contact the one that issued your card or check your credit or debit card agreement to verify the terms and conditions attached to it.

Your right to an investigation

Federally regulated financial institutions can’t hold you responsible for a transaction you didn’t authorize just because someone used an authentication technology to do it. This means a personal identification number or any other password or information that you create to be used to verify your identity. For example, if a person used your PIN to complete the transaction.

They must always fully investigate a transaction that you dispute. It doesn’t matter how someone processed it, including:

with your PIN
by magnetic swipe, or
through other technology

They should consider all factors that contributed to the unauthorized use of your credit or debit card. This includes circumstances beyond your control such as:

someone forced you
someone stole your card
there was a system malfunction
someone obtained your PIN through shoulder surfing

Shoulder surfing is when someone gets your PIN by looking over your shoulder. They do this while you enter it at an automated teller machine (ATM) or anywhere else you use your card.

Resolving unauthorized credit and debit transactions

Contact your card issuer right away if:

you notice an unauthorized transaction on your credit or debit account
you lose your card
someone stole your card

Find out how to resolve an unauthorized transaction.

When these rights apply to you

These rights apply when you’re dealing with a federally regulated financial entity like a bank, federal credit union or payment card network operator.

Find out if your financial institution is federally regulated.

Learn more about how your rights are protected.

Language selection

Search