I’m a business owner and lawyer, and I’ve helped a lot of business owners with credit issues. So when business owners ask me whether they should use a debit or credit card, I have a pretty strong opinion about it.
Ditch your business debit card and use a credit card instead.
That’s not legal advice; it’s just common sense, and here is why.
When it comes to liability for fraudulent card purchases, there are two federal laws you need to be aware of. One is the Electronic Funds Act, spelled out in Regulation E (or “Reg E”), while the other is the Truth in Lending Act, or “Reg Z.”
Reg E covers debit cards used by consumers for consumer purchases. It does not cover business debit cards. Under Reg E, if your consumer debit card (not your business debit card) is used fraudulently, your responsibility for fraudulent purchases starts at $50 but can go higher.
Regulation Z covers credit card purchases. It also applies primarily to consumer transactions. In fact, it specifically says that it does not apply to “extensions of credit primarily for business, commercial or agricultural purposes.” But in a footnote, the Board of Governors of the Federal Reserve notes that even these business transactions remain subject to the parts of the regulation that deal with “the issuance of credit cards and liability for their unauthorized use.” In other words, unauthorized use of business credit cards is generally covered by Reg Z, which caps the maximum liability for fraudulent purchases at $50.
Pro tip: Business credit cards can make sure you always have emergency cash on hand. Browse your top business credit card matches for free and apply in minutes!
What About Zero Liability?
At this point, you may be confused because you’ve heard of “zero liability” for all debit and credit card purchases. Zero liability is a voluntary program offered by the card companies. Under these policies, cardholders (small business or consumer) are usually not responsible for any fraudulent charges, as long as they report unauthorized use right away.
For example, MasterCard’s website states:
“Have peace of mind knowing that the financial institution that issued your MasterCard won’t hold you responsible for “unauthorized transactions.” As a MasterCard cardholder, zero liability applies to your purchases made in the store, over the phone, online or via a mobile device and ATM transactions. As a cardholder, you will not be held responsible for unauthorized transactions if:
- you have used reasonable care in protecting your card from loss or theft; and
- you have promptly reported to your financial institution when you knew that your MasterCard was lost or stolen.
If you believe there has been unauthorized use on your account and you meet the conditions above, rest easy knowing you’re protected by Zero Liability.”
As is often the case, there are some exceptions.
MasterCard’s website states that, “zero Liability does not apply to the following (or certain) MasterCard payment cards: Commercial cards, unregistered prepaid cards or gift cards.”
A MasterCard spokesperson clarified the difference between commercial cards and small business cards in this way in an email:
“A commercial card is any card that is used by companies or organizations primarily for business to business transaction and include: fuel cards; purchasing cards; fleet cards and corporate travel cards. A small business card is issued by banks to small business merchants and companies for their B2B payments.”
Visa’s policy also excludes commercial card purchases. It says it “does not apply to certain commercial card transactions, or any transactions not processed by Visa. You must notify your financial institution immediately of any unauthorized use. For specific restrictions, limitations and other details, please consult your issuer.”
Under zero liability, as long as you report the loss or theft, or unauthorized use, of your small business card promptly, you should be covered in most cases for fraudulent transactions under the card issuer’s zero liability policy, regardless of whether you use a debit or credit card. But what if you don’t catch it right away?
Which Would Be Worse?
Under Reg E, which covers debit cards, if you know there has been unauthorized activity on your account and you fail to report it in a timely manner to your issuer, you could potentially lose all the money in your account, plus any overdraft line of credit. That’s rare, but it does happen.
Even if you do spot and report it quickly, seeing your bank account balance suddenly drop because unauthorized debit card purchases have hit your account can be pretty stressful, to put it mildly. You may be scrambling while your bank investigates. And remember, since these cards aren’t covered by Reg E, there is no specific statutory time limit by which they need to make you whole. You’re counting on your issuer to straighten it out quickly, and some may do so faster than others.
If it’s a credit card that’s been compromised, the worst-case scenario is that you probably have to get a replacement card and switch out card numbers for the bills you have on autopay. That’s a hassle, but not the worst thing in the world.
I feel a lot more comfortable with the certainty provided by federal regulation. So my advice to business owners is to use a credit card rather than a debit card if at all possible. Don’t want to pay interest? Then use your credit card like a debit card and pay it in full each month. And if you choose a rewards credit card, you can probably rack up some great rewards as well.