Handing over codes breached bank’s security advice

Home Guides & cases Case notes Other - 55543

Handing over codes breached bank’s security advice

Categories:

Common scams targeting bank customers,

Summary:

A scammer called Gobind on his landline and tricked him into granting access to his internet banking accounts, and then made two international transfers. In the lead-up to the transfers, the scammer convinced Gobind to turn off his mobile, saying he had sent it a signal to block unauthorised access and turning it on would render the device unusable.

Published:

November 2018

The scammer knew the bank would text verification codes to Gobind’s mobile before processing the payments, so he persuaded Gobind it would be safe to turn on his cellphone, quickly read out the codes and turn off the device again. Gobind did this without reading the content of the text message, and the payments went through.

The bank tried to contact Gobind after the second payment but could not get through because he was still talking to the scammer on his landline and his mobile was turned off. It got through after business hours, and Gobind confirmed he had not authorised the payments. The bank tried unsuccessfully to recall the funds early the next business day.

Our investigation

The Code of Banking Practice requires banks to reimburse customers who are genuine victims of internet banking fraud, unless they have been negligent or have failed to follow the security advice in their bank’s terms and conditions. Gobind failed to follow this advice because he gave the scammer the unique codes. He was therefore not entitled to any reimbursement of lost funds.

We also looked at whether the bank had taken reasonable steps to recover the funds. By trying to get the money back the next day, it had complied with the industry standard, and we were satisfied it took reasonable steps to recover the funds.