Getting Caught Out By A Continuous Payment Authority

An Unexpected Credit Card Transaction

A while back I noticed an unexpected transaction on my credit card statement.  This was a company from which I had bought anti-virus software + a 3 year licence.  This licence had just expired and I had switched to an alternative provider.

I was puzzled.  I had made a single purchase from them and had not, as far as I knew, bought anything else.  So, I reported it to my credit card company as a fraudulent transaction.  A few days later I received a letter indicating that it was not fraud but a payment taken under a continuous payment authority.  I asked how to cancel it and they said there was nothing they could do: it was up to me to deal with the company in question.

So, I took it up with the company.  They initially tried to fob me off but when I persisted they eventually repaid the money in exchange for a declaration that I was not using the software.

What is a Continuous Payment Authority (CPA)?

CPAs are like Direct Debits, except that instead of you filling out a form to permit a company to take payments from your bank account, the company sets it up on your behalf.   All they need is the 16-digit number on your card.  This can apply to either a debit or credit card.  They can take any amount they like whenever they like.  They do not need to notify you of the amount in advance.

It is a very popular method of payment with gyms, insurance companies, software licence purchases, mobile phone contracts, etc.

In 2009 the rules changed and companies are supposed to get your consent before setting up a CPA.  However, it still seems common practice for them to opt you in to auto-renewal of their service and set up CPA to pay for it.  This is what happened with the anti-virus software I bought.  The information was there in the small print but they had not sought my active consent for these recurring payments.

Another change to the rules is that you have the right to instruct your bank or credit card provider to cancel the CPA.  They are obliged to do so under Regulation 55 of the Payment Services Regulations 2009.  In the above case, my credit card provider failed to inform me of this and left me to deal with the software company.  Later, once I knew the rules, I did instruct my credit card provider to cancel the CPA under Regulation 55.   They denied any knowledge of that regulation and refused to comply.  It look an email to their CEO to get an acknowledgement and apology.

Should I Have Had to go Through All That in the First Place? 

No, none of us should.  It is high time that companies stopped assuming we are happy to make recurring payments without asking us first.  Auto-renewal should not be something that we have to opt out of.  It should be something we opt in to if we want it.

The Financial Conduct Authority could do more to help.  The first time you become aware that a CPA has been set up should not be when money goes missing from your account.  Tougher rules are needed, so that:

  1. Any company setting up a CPA should have to inform both the account holder and the bank / credit card provider in writing.
  2. Banks / credit card providers should have to inform account holders when a CPA is set up.

Here are a couple of related articles: