Bank not liable for fraudulent payment

Home Guides & cases Case notes Fraud & scams - 64650

Bank not liable for fraudulent payment

Categories:

Fraud & scams,

Summary:

Ingrid received a call from someone purporting to be from her telecommunications provider. The caller offered to assist her resolve technical problems on her computer. She granted this person remote access to her computer and they were able to access her internet banking and transfer $10,000 from one of her accounts. The transaction required verification using a text code sent to Ingrid’s mobile phone. The code was entered, and the transaction proceeded. When Ingrid saw the code on her phone later that day, she called the bank and learned of the scam. The bank asked if she had given the scammer the code and she said she thought she had. Later, however, she told the bank she did not give out the code. She added that her phone was in another room during the morning in question.

Published:

August 2020

Our investigation

The Code of Banking Practice provides banks will reimburse customers who lose funds as a result of unauthorised access to their accounts, unless the customer has acted negligently or fraudulently or breached the bank’s terms and conditions.

We focused on how the scammer got the code sent to Ingrid’s phone. If Ingrid told the scammer the code, she wasn’t entitled to reimbursement because disclosing the code is a breach of terms and conditions. We discounted a SIM swap scam immediately because Ingrid’s phone did receive the code (hence her call to the bank). In a SIM swap, the code goes to the scammer’s own phone. We also explored whether the code was shared by remote-access software on her phone or message-sharing between her phone and computer. We sought expert advice on electronic-sharing and concluded it was unlikely the code was shared in this way – her phone’s operating system didn’t support message-sharing and it had never had remote access software on it.

Having excluded the possibility that the code was shared electronically, the only plausible explanation was that Ingrid told the scammer the code. We explained this to Ingrid and said we would not find the bank responsible for reimbursing her.