USING PAYMENT CARDS ONLINE:
FREQUENTLY ASKED QUESTIONS (FAQs)
These frequently asked questions (FAQs) were developed by the OECD’s Committee on Consumer Policy, in consultation with experts from consumer groups and the business community. They are intended to educate consumers about the online use of credit and debit cards issued in any of the OECD’s 30 Member countries. However, there are important differences in the laws and business practices within these countries, so consumers should read their cardholder agreements carefully and consult the additional informational resources provided under Question 12.
General concerns about the safety of using payment cards online
Question 1. Is it safe to use a credit card (pay later) online?
A. In general, it is just as safe to use a credit card online as off line. In fact, under the laws of some OECD countries, you have no liability if your card is used online without your permission. Card issuers may also offer protections for your online transactions. If you notice a charge for a purchase that you did not make or authorise, you should contact your card issuer immediately (by phone and by letter), question the charge, and ask the issuer to have the charge removed from your account.
Even with the protections offered by some governments and card issuers, it is important to be cautious when you use your credit card online. For example, use a secure browser (see Question 8) and look for a Web site’s policy about the privacy and security of your payment card information. Read it. If it does not meet your personal privacy or security standards, consider doing business with another Web site.
Question 2. Is it safe to use a debit card (pay now) online?
A. In general, it is wise to use the same care online to protect your account information, including your PIN code, as you would offline. When you use a debit card, the payment amount is taken out of your account almost immediately. If a problem occurs, your account can be emptied very fast. That means that mistakes or unauthorised uses may occur initially at your expense, rather than the card issuer’s expense. Many OECD countries limit your liability for the unauthorised use of your debit card if you report the problem promptly, and a few countries provide additional protections as well. Many debit card issuers also offer protections against the unauthorised use of your debit card.
As always, even with the protections offered by some governments and card issuers, just as with offline transactions, it is important to be cautious when you use your debit card online. For example, use a secure browser (see Question 8) and look for a Web site’s policy about the privacy and security of your payment card information. Read it. If it doesn’t meet your personal privacy or security standards, consider doing business with another Web site.
Question 3. How safe is it to send payment card information in an e-mail?
A. Messages sent by e-mail have no special security protections. Be wary of including your payment card information in an e-mail.
Question 4. If someone else uses my payment card to buy something on the Internet and I did not
authorise the purchase, do I have to pay? If yes, for how much am I liable?
A. As a payment cardholder, you have many protections against the unauthorised use of your payment card. Many OECD countries have laws that limit your liability for unauthorised transactions, and some card issuers provide additional protections voluntarily. These protections are implemented in a variety of ways. In some cases, you may be liable for a portion of the unauthorised charge; in others your liability may depend on when and how you notify your card issuer. Contact consumer protection authorities in your country or your card issuer to find out what protections you have and how to use them.
Question 5. If I buy something on a Web site using a payment card, but I don’t receive the product, do I
have to pay? What can I do if the product I ordered is not what I get? What do I do if I am
billed for the wrong item on my payment card account statement?
A. Some OECD countries have laws protecting payment cardholders in the event of non-delivery or delivery of the wrong item. In some cases, card issuers provide protections. These protections may differ depending on the type of payment card used. In either case, you may want to contact the merchant to try to resolve your problem directly. You can also contact the card issuer.
Question 6. If I use a payment card to buy something on a Web site and I am unhappy with the quality,
what can I do?
A. Cardholder protections against problems related to the quality of goods purchased online are less common. Your best bet is to do what you would do offline: try to resolve the issue directly with the merchant. If you are not successful, contact your card issuer. Legal protections may apply in some countries. In some countries, such protections differ depending on the type of payment card used. You might also consider alternative dispute resolution. If you are not successful in resolving your grievance, you can complain to a law enforcement agency.
Question 7. What can I do if the amount on my payment card statement is different from the amount
specified by the Web site when I made my purchase?
A. Read your monthly statements promptly. Contact the online merchant and ask that the discrepancy be explained or fixed. You can also contact the payment card issuer by letter to ask that the discrepancy be fixed. Keeping good records about your transactions, including print-outs of your purchase confirmation pages, should help you resolve any errors.
Understanding the online payment process
Question 8. When I use a payment card to buy online, how do I know how safe my payment card
A. Generally, if you use a secure browser, transmission of your payment card information will more likely be safe. A secure browser is one that supports a security measure called SSL (Secure Sockets Layer), which encodes and protects your data before it leaves your computer. Most major browsers (for example, Internet Explorer and Netscape Communicator) support SSL. Also:
Think about limiting your transactions to Web merchants that use security measures like SSL. To verify this feature, make sure the Web address (URL) for the order form begins with “https:” instead of “http:”
Prior to submitting payment information, look for an icon (for example, a closed padlock or a key) on the bottom of your computer screen to signal that your transmission will be secure.
Remember that messages sent by e-mail do not benefit from special security protections, so be wary of including payment card information in an e-mail.
Question 9. Sometimes, just as I am about to provide information to a Web site, a window pops up that
says I am about to enter a secure Web site. Other times, there is a message that says I am
about to enter a non-secure Web site. What do these messages mean?
A. Your browser generates these messages to tell you about the security of transmission of your information. The first type of message signals that you are about to make a secure connection to the Web site. Once the connection is secured, the information that you provide to the Web site (for example, your payment card information) will be encoded so that it can’t be read while in transit. The second type of message indicates that you are leaving the secure connection. Be wary about divulging any payment card information unless you have a secure connection.
Question 10. When I am in the middle of a transaction and I input payment card details into the spaces
provided by the Web site, can my information be accessed by others if I hit the “back”
button? If my computer crashes when I’m in the middle of a transaction, is my information
A. The information that you type usually doesn’t leave your computer until you click the appropriate button to send your payment details. Whether you use your “back” button or your computer crashes, your payment card details generally are in your control until you decide to send them to the online merchant.
However, at a public computer or at a computer you share with someone else, such as at a library or Internet café, the information you type may be more accessible. Be more cautious about releasing your financial information in this situation and review your monthly statements carefully for possible unauthorised charges.
Question 11. Where does my information go once the transaction has been completed and how do I
know that it has been stored securely?
For more information
Question 12. Where can I get more information?
A. The Web puts many resources at your fingertips:
For educational initiatives related to electronic commerce in OECD countries:
To locate consumer protection authorities in OECD countries:
To file a complaint about cross-border e-commerce with those authorities, or get tips about safe online shopping:
For information about online alternative dispute resolution:
For additional information about consumer policy at the OECD, visit: