So one day you get an email that you got $100 and all you need to do as a recipient is to click on a link and enter your full credit card details? Sounds like a phishing paradise.
In the US at least, these are not covered by the $50 limitation on losses on unauthorized transactions. In practice the banks often honor that anyway, but AFAIK they don't have to.
In this case however, it appears the bank could argue that when you got phished, you gave access to a third party.
Wow. I would never do this. It's a good practice never to use a debit card online, and it's unclear to me whether the service here offers any enforeceable assurances to participants.
