Bank not liable for fraud loss

Common scams targeting bank customers,
Nilam received a call from a fraudster claiming to be from her overseas bank. Caller ID confirmed the number displayed matched that of the overseas bank. The fraudster said both her New Zealand and overseas accounts were under threat. The fraudster convinced Nilam to give him remote access to her computer so he could test the transfer of payments between her New Zealand bank account and overseas bank account. The fraudster said the transfers were needed for a “systems diagnostic test”, but they would not involve any actual movement of funds. With Nilam’s permission, the scammer then made three payments from her New Zealand account, including a payment that required Nilam to contact her bank to increase her daily limit.
October 2019

Two days later, Nilam contacted her New Zealand bank to say she had been scammed. The bank was able to recover $41,825, but $100,855 could not be retrieved. The bank said it would not reimburse her loss because her actions had breached the terms and conditions of her account and it was not therefore bound by its online fraud guarantee.

Nilam considered this response unacceptable because her overseas bank had already reimbursed other payments made by the same fraudster. She appointed a lawyer to appeal against the New Zealand bank’s decision, but the bank stuck by its position.

Our investigation

We found the bank was not liable for the $100,855 loss. Different countries have different requirements for invoking an online fraud guarantee. In New Zealand, the Code of Banking Practice provides that banks will reimburse customers for fraud losses resulting from unauthorised use of their cards or internet banking. As Nilam had given the scammers permission to make the payments, they weren’t unauthorised so the Code didn’t protect her.

We looked at what liability the bank had under its terms and conditions, as the Code is a minimum standard and banks can set their liability for fraud at a higher level if they wish. There was significant ambiguity about the scope of the bank’s liability under its terms and conditions. However, the liability was subject to the customer taking reasonable care and following the terms and conditions. The terms and conditions prohibited giving out text authorisation codes, and it seems Nilam had given these to the scammer. We thought it was also likely that she hadn’t taken reasonable care as there were several red flags in the scammer’s story which would have alerted a reasonable person to concerns about the legitimacy of the instructions. For example, she had asked her bank to increase her daily limit, circumventing a safeguard that logically should not have been necessary if, as the caller promised, the test transfers were not going to result in any actual movement of funds.

We did, however, find the bank should have given a better explanation of why it declined her claim and/or referred her to us sooner for independent advice, thereby avoiding her significant legal bill.


The bank offered to reimburse Nilam’s legal fees as a gesture of goodwill, and she accepted the offer. We also raised concerns with the bank about the confusion caused by its terms and conditions and identified this as an area that we will work with the bank to improve.

Print this page