I guess it depends on the degree to which the OS made it clear the details would be retained and reused without any verification. Like if she actively turned on some feature which allowed "one click purchases" or something then ok, her fault. If it was some default thing then I think it's harder to argue she actually authorised any of this.
I do agree customers have some responsibility to secure their own payment credentials, but it goes both ways.
I guess it depends on the degree to which the OS made it clear the details would be retained and reused without any verification. Like if she actively turned on some feature which allowed "one click purchases" or something then ok, her fault. If it was some default thing then I think it's harder to argue she actually authorised any of this.
I do agree customers have some responsibility to secure their own payment credentials, but it goes both ways.
(post is archived)