Swedish Consumer Agency criticizes unlawful terms on unauthorized transactions: key take-aways for card-issuers
Written By
Senior Associate
Sweden
I am a senior associate in the Finance & Financial Regulation Group in Stockholm. My passion lies in fintech, innovation, financial regulation, data protection and AI, as well as combining my knowledge in these areas to provide high quality cross-sector advice to our clients.
Related
Practices
Sectors
Countries
Offices
On 28 October 2025, the Swedish Consumer Agency (“SCA”) published the results of its targeted review of contractual terms related to unauthorized transactions in debit and credit card agreements across eight financial institutions in Sweden. The finding reveals a widespread non-compliance with mandatory consumer protection rules, raising serious concerns.
Key findings
Several problematic practices related to handling of unauthorized transactions were identified.
Unreasonable card storage restrictions
Several issuers' card agreements state that the cardholder must take the necessary measures to protect themselves against unauthorized use of the card. The agreements specifically exemplify this by stating that the card must not be left "unattended in a hotel room" or "other temporary accommodation". Several card issuers apply contractual terms that stipulate that consumers must keep their cards under constant control in environments with an increased risk of theft, e.g. the card must never be “stored behind your back”. In both cases, the SCA found these terms disproportionate and contrary to Chapter 5, Section 5 p.1 of the Swedish Payment Services Act (2010:751) (“PSA”) that stipulates that the payment service provider is responsible for ensuring that the conditions for the use of a payment instrument are objective, non-discriminatory and proportionate. The SCA found therefore that these terms are unreasonable according to Section 3 of the Act (1994:1512) on contractual terms in consumer relations (“CCA”).
Several issuers’ card agreements state that cards in "environments with a high risk of theft" must be kept under constant control and exemplify such high-risk environments as “homes left unlocked", "homes with open windows" and "workplaces". The SCA’s conclusion is that such high requirements go beyond what can be considered reasonable and risk burdening the consumer with an increased responsibility current regulation.
Multiple excess charges for unauthorized transactions
Certain agreements allow for multiple excess charges (Sw: självriskbelopp) to be charged to consumers in cases of several cases of unauthorized transactions, e.g. excess charge per card or per combination of card and a claim/incident, which contravenes mandatory consumer legal provisions in the PSA that cap consumer liability to a single amount, regardless of the number of incidents. Therefore, the SCA found such terms imposed an undue burden on consumers and thus deviate from the consumer protection intention of the PSA.
Unilateral reversal of refunds
Some terms permit the issuer to withdraw refunded amounts from the consumer’s account if the transaction is later deemed authorized. The SCA considered this practice unlawful and imbalanced, undermining the consumer’s legal position.
Imposing strict formal requirements on reporting of unauthorized transactions
Several card issuers apply strict formal requirements on reporting of unauthorized transactions, such as, for example, submitting a police report when disputing a transaction, which the SCA considers unreasonable as the current legislation only requires a so-called neutral notification, that is not a specific form or documentation.
In several cases, the agreements require reporting to be submitted via a specific reporting channel or using a specific reporting form. Even this is considered as a formal requirement and is thus contrary to the rule of neutral notification.
Delayed account restoration
Several issuers include terms stating that account restoration after unauthorized transactions will only occur after an investigation. This contradicts the current legislation that requires that the account balance is restored immediately or no later than the end of the following business day after being notified (unless there is a reason to suspect that the transaction was authorized).
What’s next?
The SCA has announced that it will initiate supervisory proceedings against the companies included in this review. The firms will be given the opportunity to amend their terms to comply with the relevant regulations. This review serves as a reminder that consumer protection in financial services and demonstrates its importance. If you operate in Sweden, it is important for you to read the report and make any necessary adjustments, if necessary.
