Category Archives: Regulation

Credit hire & the cancellation regs

There’s lots of noise, perhaps not so much lately, regarding the 2008 regs that require a cancellation clause be incorporated in all credit contracts signed at the consumer’s home or place of work. I’ll not go into the progression of the various cases that covered these ‘unenforceable’ and, indeed, illegal contracts – that’s been done to death elsewhere.

However, what were the regulations supposed to do? Protect the consumer, right? In the credit hire context, is that the effect? I’d say no, in reality.

The hirer always has the ability to return the vehicle to the hire provider; there’s no obligation to continue with the vehicle. So, effectively, he can terminate the accruing costs under the terms of the agreed contract conditions and warranties. These provide ‘additional benefits’ to the consumer as dwelled upon in Dimond -v- Lovell. On returning the vehicle, the consumer can still avail himself of these benefits such as the right to continue with the credit agreement and for the hire provider to recover his losses from the tortfeasor.

Exercising the right to cancel leaves the consumer liable to pay, within a reasonable time, the accrued hire costs (at the “commercial rate”) and is left on his own to recover that contentious loss from the insurers of the at-fault party.

Consumer protection? Hardly!

Has anyone run this argument? Not that I know of and brains bigger than mine have been working on this for a long time. Although there was a recent case in the Appeal Court that addressed the cancellation regs in a different context that found against the serious affect of the regulations. See Robertson -v- Swift.

Data Storage


It seems there will be some red faces at travel insurer Staysure after their legacy systems were hacked and customer card payment details extracted.

Reports suggest that the data taken is not directly useful as the hack only obtained the card security code, rather than the card number also. Why the CVV was stored hasn’t been explained as yet and I am sure the Data Commissioner will be wanting that question answered. The card payment rules prohibit that information from being retained. Further, to store it in an unencrypted manner opens significant risk.

I am sure that there will be an in-depth investigation of all security policies and the necessary changes implemented. The FCA may yet impose fines once the scale of the security breach is exposed.

Hopefully, no customers have had their accounts used fraudulently.