Legal Analysis and Victim Identification of Credit Card Fraud Cases ()
1. Introduction
While credit cards bring convenience to people’s lives, they also inevitably provide many opportunities for criminals to infringe on citizens’ property. In practice, there are numerous cases of credit card fraud, causing great property losses to cardholders. According to the statistics of the Blue Book on the Development of China’s Bank Card Industry released by the China Banking Association, as of 2019, the cumulative number of bank cards issued in China reached RMB 8.53 billion. In 2019, the amount of bank card transactions nationwide reached RMB 822.3 trillion, of which 71.54 billion were fraudulent transactions. In the case of credit card fraudulence, the fraudster is undoubtedly the criminal suspect in the case, while who is the victim of the case remains controversial. The traditional view holds that criminals illegally steal funds from one’s account, and the amount of assets in the account will be reduced accordingly, so the victim should be the depositor himself. This is in line with the general intuitive cognition. However, in reality, it is often difficult to recover the stolen funds in time, and in order to compensate for the loss, depositors can only make claims to the bank, but usually do not receive positive responses from the bank, thus leaving the relatively weak depositors in a passive situation. The author tries to explore another possibility in this paper, that is, to argue that banks are the real victims of fraud cases, and this conclusion will certainly motivate banks to continuously improve the security of their transaction systems, so as to provide a safer and more reliable guarantee for their own property security. In addition, the pattern of rights and obligations between banks and depositors will also change malleably.
2. Monetary Properties Determine the Victim Status of Banks
“A victim of a crime is a person who has suffered damage directly as a result of the crime (Lin, 2005).” Although affected by the crime, they can not be called victims of crime if only indirectly affected; only the object directly affected by the crime can be regarded as the real victims of crime. Accordingly, in the case of credit card fraud, the question of whether the suspect directly violated the bank’s funds or the customer’s deposits becomes the key to determining who is the victim, and the answer to this question must begin with the fundamental issue of the nature of bank deposits.
This section will discuss the nature of the deposit contract and analyze whether the depositor enjoys the real right or the creditor’s right when the deposit contract is established. The clarification of this issue will turn into the ground of the conclusion that “the bank is the real victim of the credit card fraud cases”. There are different opinions about the nature of the deposit contract. There are three viewpoints in the domestic academic circles. The first viewpoint holds that the deposit contract transfers the right of use rather than the ownership, that is to say, when the deposit contract is established, the depositor transfers the right of use of the deposit, but still has the ownership of the deposit. The second point of view holds that a deposit contract is a mixed contract, which is the superposition and mixture of principal-agent contract, consumption sustenance contract and principal-agent contract. The third point of view is that the deposit contract transfers the ownership of the deposit, that is, the depositor obtains the creditor status of the bank by transferring the ownership of the deposit. In our view, that third view is more in line with our reality for the following reasons.
First and foremost, Deposits are generally in the form of money. Money, as a very special kind of movable property, has three main characteristics. Firstly, money has a high degree of substitutability; the same type and quantity of money can be substituted for each other. Secondly, money has a strong liquidity; once circulated, it is henceforth free from the control of the original owner. Thirdly, money has the convenience of trade; the existence of money as a general equivalent greatly facilitated the transactions between people (Liang & Chen, 1997). In order to comply with these three characteristics, money is given the basic property of “possession is ownership”, that is, the possession of money is inseparable from ownership, and the possessor of money is the owner of money, and the loss of possession of money is also the loss of ownership of money. Accordingly, it can be concluded that when a depositor deposits money in a bank, the possession and ownership of the money is transferred to the bank, and the depositor’s personal deposit is then transformed into the bank’s own funds, and thereafter the depositor only enjoys a claim on the bank. The credit card is the evidence of the debt between the depositor and the bank, and the balance of the account shown on the card is the amount of the debt owed by the bank to the depositor.
Secondly, from the point of view of the bank’s business, absorbing customer deposits and then earning the difference through lending is the bank’s main source of profit. In order to meet this goal, the bank must take possession and obtain full ownership of the customer’s deposit, otherwise the lending behavior implemented by the bank does not become a disposition of other people’s property without the right. Therefore, “once the money is paid into the bank, it is no longer the person’s money, and this money is owned by the bank (Wang, 1999).” The depositor’s deposit of money into the bank is equivalent to replacing the ownership of the money with an equal amount of claim, and it is for this reason that banks call the deposit-taking business a liability business.
Thirdly, in terms of the current legal provisions, combined with the relevant provisions of China’s Bankruptcy Law and Commercial Bank Card, when a bank goes into bankruptcy liquidation, the principal and interest on individual savings deposits should be paid in priority after paying liquidation expenses, wages owed to employees and labor insurance costs. Based on the principle of “priority of property rights over claims”, if the depositors still have ownership rights to the bank deposits, they should have the “right to recover the original property” in the bankruptcy liquidation. However, our law is not designed in this way, and the depositors are placed among the creditors of the bank, which means that the law has regarded the depositors’ deposits as part of the bank’s assets and no longer belong to the depositors personally.
Again, judging from the meaning of possession, possession in criminal law focuses on the ability and state of control over things. The object of possession should be limited to “corporeal objects”, and should not extend beyond the boundary of “objects” to “rights”. Once the customer deposits the money to the bank, he loses the de facto control over the deposit; instead, the bank establishes a new possession relationship with the deposit by using the safe and other closed devices. The claim enjoyed by the customer, as an invisible and intangible right, cannot be actually possessed.
Finally, in terms of the sameness of the object of the crime, whether the thief takes cash from the counter or the ATM, the direct point of his crime lies in the cash, which is not in the possession of the depositor at this time, but is possessed by the bank and transformed into the bank’s private property. What the depositor enjoys is only a kind of claim against the bank. In terms of the logic of the crime, what the thief acquires and what the victim loses are the same items. What the thief acquires is cash, while the depositor does not lose cash, but only a claim. Therefore, only by affirming the identity of the bank’s victim and considering that what the thief violates is the bank’s cash can the object of the crime remain the same.
In summary, if we recognize that money still has the attribute of “possession is ownership” in the field of property crime, then the cash deposited by the customer is immediately possessed and owned by the bank, and the object directly infringed by the crime is actually the bank’s private property, so the bank should be the real victim of the credit card fraud case.
3. Jurisprudential Analysis of Credit Card Fraud Cases
However, the victim status of banks is often overlooked, the reason being that when a fraud case occurs, banks then offset their losses by extinguishing the depositor’s equivalent claim. The problem, however, is that although a third party has taken the money by way of fraudulent charge, the creditor-debt relationship between the bank and the depositor is not ipso facto extinguished as a result.
In the case of credit card fraud, the withdrawer who withdraws the deposit without the depositor’s own commission and impersonates the depositor’s own name is an act of impersonation. Regarding the nature of the impersonation and its legal effect, some scholars believe that “although the impersonation is not a typical direct agency, it is consistent with the agency in terms of interest structure (Jin, 2015).” Therefore, the act of fraudulent collection is actually an act of agency in civil law, and the relevant provisions of civil agency should be applied. Another scholar pointed out that “in the act of impersonation, the relator does not rely on the impostor having agency, but the relator relies on the impostor being the real right holder. In the case of impersonation of another person’s claim, especially the act of impersonation of deposit, it is more suitable for the application of the theory of debtor’s satisfaction of the quasi-possessor of the claim (Jin, 2013).”
I agree with the second viewpoint, that is, the jurisprudential background of credit card fraud cases is “the theory of debtor’s satisfaction of the quasi-possessor of the claim”. In such cases, the criminals are not in the name of the depositor’s agent, but directly in the name of the depositor himself to withdraw or spend money, leading the bank to mistakenly believe that the object of the transaction is the depositor. Therefore, it is more appropriate to define the impostor as a “quasi-possessor of the claim”. The so-called “quasi-possessor of the claim” refers to the person who is not the person who performs the right to receive, but from the general concept of transaction, has the ability to make people believe that the creditor, and to exercise the claim for their own intention (Shi, 2000). “The establishment of the claim quasi-possession system is the same as the principle of the bona fide acquisition system, so that the debtor who relies on the possession of the creditor’s certificate in good faith (i.e., the claim quasi-possessor) will be legally determined by the debtor’s act of liquidation, and will not be required by the real creditor for secondary liquidation again, and its purpose is to protect the security and promptness of the transaction (Liu, 2003).”
The bank’s act of payment is actually an act of debt settlement. According to the principle of debt law, satisfaction is one of the causes of debt extinction, and generally, only the performance of the contract by the debtor to the creditor himself can produce the effect of debt satisfaction. But in some cases, the performance by the debtor to a third party other than the creditor, such as the “quasi-possessor of the claim”, can also achieve the effect of debt satisfaction. The “quasi-possessor” is not the real creditor, but objectively has the appearance of the right to make the debtor believe that he is the creditor himself. Specifically, in the case of credit card fraud, the bank card and password is the identity mark of the depositor’s creditor status. Once the third party has obtained the depositor’s bank card and password, it has the identity of “creditor quasi-possessor”. If the third party uses the depositor’s bank card for consumption or withdrawal, because he can provide the depositor’s bank card and the correct password, it is enough to make the bank misunderstand him as the depositor himself, and then the money that should be paid to the creditor is wrongly handed over to the third party. Whether the bank’s performance is valid or not is directly related to whether the debt relationship between the bank and the depositor is thus extinguished.
In terms of the civil law legislation, in order for the debtor’s payment to the debtor-in-possession to be valid and effective, two conditions must be met. One is that the debtor-in-possession must have the appearance of a right sufficient to make the debtor believe that it is the true creditor; and the other requests that the debtor must have performed the debt to the debtor-in-possession in good faith and without negligence. If both conditions are met, the bank is deemed to have received the payment from the depositor, and the debt relationship between the bank and the depositor is extinguished by satisfaction, and the bank is relieved from making a second payment to the depositor; otherwise, the bank’s performance to the fraudster does not have the effect of debt satisfaction, and the bank still has to repay the principal and interest to the depositor, and its loss can only be recovered from the fraudster.
4. Analysis of Commonbank Defenses in Credit Card Fraud Cases
In the case of credit card fraudulence, who should bear the loss of depositors, what is the basis of bearing the responsibility, how to balance the interests between banks and depositors, how to fairly distribute the burden of proof and other issues are often regarded as the focus of judicial determination. Once we have repositioned the victims of credit card fraud cases and clarified the jurisprudential background of the fraud cases, we can view and interpret the common defenses of banks in the fraud disputes from this perspective.
4.1. The Defense of “Criminal before Civil”
Case 1: Ms. Hu, a resident of Wuhan, had her bank card information stolen by others and RMB 250,000 transferred from her account by the suspect. Ms. Hu took the bank to court and the court of first instance ruled that the bank should pay Ms. Hu’s deposit, and the bank appealed against the ruling. The Wuhan Intermediate Court dismissed Ms. Hu’s lawsuit because it considered the case to be a suspected economic crime.
In credit card fraud disputes, banks often ask the court to suspend the proceedings on the grounds that the case is suspected of a criminal offense, and then open a civil trial after the outcome of the criminal case has been dealt with. However, this defense has two improper points. There is no such thing as a trial in absentia in criminal proceedings, and if the suspect of credit card fraud cannot be arrested and brought to justice, no criminal trial can be conducted. Therefore, if the bank’s defense is established, it means that the civil proceedings are postponed indefinitely due to the abscond of the suspect in the criminal case. Besides, the principle of “criminal before civil” is based on the premise that criminal cases and civil disputes point to the same legal relationship. When civil disputes must be based on the settlement results of criminal cases, the civil procedure shall be suspended pending the outcome of the criminal case. However, the three legal subjects involved in the credit card fraud case form two different legal relationships. In other words, according to the previous analysis, in the credit card fraud case, what is violated by the crime is actually the bank’s private property, so the bank should participate in the criminal proceedings as the victim; while the civil relationship between the bank and the original cardholder is formed based on the savings deposit contract. The two legal relationships are independent and parallel and thus can be established at the same time. The “criminal before civil” defense of the original cardholder’s civil request confuses the two originally independent legal relationships.
4.2. The Defense of That the Use of the Private Password Is Deemed as the Personal Operation
Case 2: On July 4, 2010, the suspect Mr. Lin released coal supply information on the Internet, and Mr. Liu, who saw the information, made contact with Mr. Lin and signed a coal sales contract. After that, Liu applied for an agricultural bank card at the request of Lin and deposited RMB 1.95 million to pay for coal. On July 10, Liu informed Lin that the coal payment had been deposited and could be shipped. Then, Lin asked to check whether the coal payment was credited to the bank. When Liu took him to the ATM to check the balance of the deposit, Lin took advantage of Liu’s unpreparedness to spy on the password of Liu’s bank card, and then Lin rented a car and fled overnight. On the evening of July 13, he used a fake bank card to consume all the money in Liu’s bank card through a POS machine in Macao.
It is a common clause in the bank card application contracts of major banks in China that “all transactions made with the PIN are deemed to be made by the cardholder himself.” This article treats all bank card transactions verified by password as the personal operation of the cardholder himself, so in disputes over stolen bank cards, the bank party often refuses to pay the original cardholder again on the ground that it has fulfilled its payment obligation as promised. The author believes that different situations should be discussed based on the way in which the suspect obtained the depositor’s bank card password and information on the card.
4.2.1. The Suspects Obtained Both the Cardholder’s Bank Card and Password before the Fraud
In the ATM transaction mode, the criminals use devices to detect the information of other people’s bank cards and then forge “cloned cards”, and then install camera probes near ATMs or fake keyboards and other security devices to obtain the cardholder’s bank card password, so that they can withdraw money from other people’s accounts without having the real bank cards.
When the suspect obtains both the cardholder’s bank card and password and then steals them, it is equivalent to the suspect asserting a claim against the bank as a quasi-possessor of the claim. According to the requirements of the deposit contract, while the bank party guarantees the repayment of principal and interest, the depositor should also keep the bank card, ID card and password information properly. It is not realistic to expect depositors to never lose their bank cards, but the privacy and uniqueness of the password determine that the password can only be set and controlled by the depositor himself. Except for the depositor directly telling the password to a third party, the depositor’s relaxation of vigilance or lack of precaution when operating ATMs or POS machines may lead to the leakage of the secret. The security of the deposit is not only the obligation of the bank, but also the responsibility of the depositor. If the depositor does not do a proper duty of confidentiality resulting in improper disclosure of the password, it objectively increases the risk of the deposit being fraudulently claimed, “especially in the ATM transaction mode, anyone who has the bank card and password can withdraw the deposit or consumption (Jin, 2013).”
In this situation, the bank is not responsible for the losses of the depositor. The first reason is that the depositor will accidentally disclose the secret, resulting in a third person can use it to commit a crime. The depositor himself has imputability in the fact of promoting others to become a quasi-possessor of the claim. Based on the appearance of the rights held by the third party’s trust, the bank’s payment for the savings contract in line with the rules of the transaction, that is, “where the password matches the transaction are considered legitimate transactions”, can constitute a valid settlement of the depositor himself, and the depositor should bear the legal consequences of the settlement. Besides, the bank originally had the obligation to pay the principal and interest to the depositor but the wrongdoer violated the bank’s property through fraudulent charge. In this process, the depositor improperly disclosed the password to help the crime, thus the depositor’s negligent behavior and the wrongdoer’s fraud together constitute a “plural-party tort without contact” to the bank”. The bank therefore has the right to pursue the corresponding tort damages from the depositor, except that according to the principle of set-off, the bank is allowed to offset the losses caused by the depositor based on negligence by way of eliminating the depositor’s equivalent claim; in terms of legal consequences, that is, the bank does not need to make secondary payments to the depositor after making payments to the fraudster.
4.2.2. The Suspect Obtains the Cardholder’s Bank Card Information and Password, and Carries out Fraud by Cloning the Counterfeit Card
This kind of situation is the “transaction dispute over counterfeit card” that often occurs in practice, which refers to “a third party using a forged bank card and a real password to illegally transfer property under another person’s bank card account through ATM withdrawals, transfers or POS spending, etc., and the cardholder sues the card issuer, demanding the bank to pay the amount of deposits stolen (fraudulently charged) by others in the lawsuit (Xu, 2014).” Since the means of counterfeit card transactions are more concealed and the harm is more serious, whether the cardholder or the bank should be responsible for the loss of funds is not uniformly recognized by courts all over the country. However, regardless of whether the suspect stole a real bank card or a forged bank card, the essence of the crime is to assert a claim against the bank in the capacity of a quasi-possessor of the claim.
According to the foregoing, in order for the bank’s payment to the prospective possessor of the claim to have the effect of satisfying the debt, the bank must be bona fide and not negligent when paying the fraudster,i.e., whether the bank has fully performed its contractual obligations. Specifically, the following two points should be included. Firstly, the bank should check the identity of the person who withdraws money, and examine whether the person who withdraws money is the depositor himself; and secondly, the bank should verify the authenticity of the credentials, that is, it should examine the authenticity of the credentials such as bank cards and bankbooks. If the bank fails to do either of ones, it means that the bank is negligent.
As a strong owner of capital and technology, and as a creditor issuing institution, the bank should have the software technology and hardware equipment to identify the authenticity of the bank card issued by it, but it fails to identify the counterfeit card and still transacts with the impostor. In either case, it is difficult for the bank to say that it is bona fide and not negligent in the counterfeit card transaction. Therefore, in such cases, the bank’s payment to the fraudster does not produce the effect of debt settlement, and the creditor-debtor relationship between the bank and the depositor has not been eliminated, so the bank should continue to fulfill its obligation to repay the principal and interest to the depositor, and its loss can only be recovered from the fraudster.
4.3. Defense of That the Burden of Proof Shall Be Borne by the Depositor
Case 3: On June 11, 2004, Cheng found that the balance of his bank card was over RMB 30,000 less when he made a deposit. Cheng thought that the bank’s failure to perform its duty of proper custody led to his property losses, he took the bank to court. After investigation by the Beijing Municipal Public Security Bureau Daxing Branch, by looking at the bank surveillance video when Cheng’s bank card was fraudulently charged, the withdrawer was a man wearing a black sun hat and the brim of the hat covered his face. Cheng said he did not know the person. The court heard that the case with the current known knowledge and facts can not be explained, and the evidence provided by Cheng can not prove that it’s the fault of bank in the provision of bank card transaction services that directly led to the loss of property. Besides, it also could not confirm the reason of password leakage, and could not completely exclude Cheng’s own accidental leakage of the password which led to the bank card was fraudulently charged. The bank was not liable in the final judgment.
The court actually applied the doctrine of burden of proof in that case. Based on the decision, it is clear that the court believed that the burden of proof should be on the depositor’s side. “Regardless of the type of litigation procedure implemented, it is inevitable that the facts underlying a legal dispute will not be fully clarified or important facts will not be ascertained by the final point of trial.” (Lin, 2008) This is possible in any litigation. When the specific reason for the fraud of the depositor’s bank card can be verified, the judge can of course make a decision based on the facts that have been ascertained; whereas if the reason for the fraud of the depositor’s bank card cannot be verified, the judge may not refuse to make a decision for that reason, but must choose one side to rule against the depositor in accordance with the principle of allocation of the burden of proof.
The burden of proof, as its name, indicates that the party who has the burden of proof has the obligation to clarify the relevant facts, otherwise it will only swallow the bitter fruit of losing the case. At present, the most convincing doctrine on the allocation of the burden of proof is still Rosenbeck’s “normative theory”, which holds that “the party who claims the validity of a legal norm should bear the burden of proof of the preconditions of that legal norm (Rosenbeck, 2002).” In other words, a legal norm can give a party a corresponding right, so the party claiming that right should bear the burden of proving the elementary facts corresponding to the legal norm that gives rise to that right.
When the bank obtains the ownership of the depositor’s deposit, it also becomes the debtor of the depositor, and then it should fulfill the obligation of repaying the principal and interest according to the depositor’s own requirements. However, in the fraud case, the bank, as the debtor, did not pay the deposit to the real creditor, which is actually a kind of breach of contract. The key to the depositor’s claim for damages for breach of contract lies in whether he can prove that the bank failed to correctly identify the counterparty to the transaction when performing the contract. In this regard, the depositor can prove through the public security organs or apply for the court to retrieve the surveillance video of the transaction to prove that the transaction was not done by himself, or prove that his bank card was never lost and others were using counterfeit cards for the transaction, which proves that the bank has breached the contract by wrongly performing the contract to a third party without the right to claim.
In the face of a breach of contract lawsuit filed by the depositor, the bank’s reasonable defense is that its payment to the thief is in accordance with the aforementioned “debtor-in-possession satisfaction of claims”. According to the conditions of the “debtor-in-possession system”, whether the bank’s payment to the third party can produce the effect of debt satisfaction depends on whether the third party has the status of a quasi-possessor of the claim and whether the bank is in good faith and without negligence when making the payment. Specifically, since the third party can provide the relevant information of the depositor’s bank card, it objectively enjoys the status of quasi-possessor of the claim, and the next issue is to judge whether the bank is bona fide and non-negligent. If the third party uses a counterfeit card for consumption or withdrawal, and the bank fails to identify the counterfeit card and still transacts with the impostor, it is difficult to say that it is not negligent, so the bank must first prove that the third party is not using a counterfeit card in the transaction. Besides, the real bank card must be complemented by the correct password to complete the transaction. It is too harsh for banks to directly prove what leaks depositors have committed. Taking into account the allocation of the burden of proof when the evidence is far from the parties, the password of privacy, uniqueness and exclusivity determining that the password can only be set and controlled by the depositor himself, the opposite presumption can be adopted accordingly. As long as the bank can prove that its savings system is safe and stable and there is no hidden danger of leakage, the possibility of leakage by the bank can be ruled out, thus presuming that the leakage of the password belongs to the responsibility of the depositor. The bank’s payment behavior is thus not at fault.
4.4. Summary
In this section, on the basis of repositioning the victims of the credit card fraud cases and clarifying the legal background that should be applied to the credit card fraud cases, the author analyzes the common defense reasons of banks in judicial practice. When a fraud case occurs, depositors usually sue banks to make up for their losses because criminals can not come to the case in a short time. However, judging from the judicial practice of courts in various places, some courts will suspend the lawsuit on the grounds of “criminal before civil”, some courts will judge depositors to lose, and some courts will judge banks to bear part of the responsibility. The trial practice in the past two years shows that the trend of courts ruling banks to bear most or even all of the responsibility in the credit card fraud cases is becoming increasingly obvious. This is also in line with the basic proposition of this paper. In the credit card fraud cases, the object of the crime is actually the bank’s property, and the bank has the right to require the tortfeasor to bear the liability for compensation. However, in the case of no fault of the depositor, the bank’s payment to the third party does not constitute the debtor’s payment to the creditor’s rights quasi-possessor, nor will it have the effect of debt liquidation. The deposit contract between the bank and the depositor is still valid and unaffected, so the depositor has the right to require the bank to repay the principal and interest according to the deposit contract.
5. Conclusion
The emergence of bank cards is a revolutionary event in the history of banking development. In recent years, China’s bank card business has developed rapidly. Bank cards are more commonly used in daily life, and the responsibility of bank cards being stolen and brushed is increasingly prominent. In the face of disputes over credit card fraud cases, we should not only take into account the social responsibility of banks and the protection of financial consumers’ rights and interests, but also properly maintain the financial order and reasonably distribute financial risks. Based on the above cognition, the conclusion of this paper is hereby drawn:
1) The bank is the real victim of credit card fraud cases, which conforms to the basic attribute of money. It is consistent with the theory of debt repayment in civil law, and can also make an effective response to the common defense of the bank in judicial practice. This conclusion means that the bank will bear the main or full responsibility in credit card fraud cases. In the face of the increasingly severe situation of bank card fraudulence, in principle, it is a good system choice for banks to bear the risk of credit card fraudulence, which is conducive to promoting the banks in a strong position to continuously improve the security technology of bank cards, and reducing the cost burden of individual users.
2) In order to encourage banks to actively strive for the space of liability relief, with the help of the theory of “debtor’s repayment of creditor’s rights to quasi-possessor” and “infringement of several persons without intentional contact”, when the bank’s payment to the thief is goodwill with no fault, the bank can be exempted from the second payment to the depositor. It will boost the bank to actively fulfill the corresponding security obligations, thus finally promoting the long-term development of the whole bank card industry.