In September 2019, Rosie became involved in what she thought was a genuine relationship with someone online who purported to be involved in the oil industry. Over the course of a year, the fraudster persuaded Rosie to make 21 international money transfers to different overseas accounts to fund an oil rig project. He promised to repay her "investment". The bulk of the money was transferred to Rosie's account from her father's account using his online banking details and netcode token. 

Rosie contacted the bank as soon as she discovered she had been defrauded, but the bank could not recover the money. She complained that the bank should not have issued her with a netcode token for her father's online banking. She also complained that it failed to block international money transfers to known scammer accounts, and failed to help her when she discovered the scam. 

Our investigation

The bank did not accept that it had issued her with a netcode token for her father’s online banking.  It said it would not issue a netcode token to anyone other than its customer. The bank’s diary note indicated it had issued the netcode token to her father. We did not have any evidence that the bank had issued the token contrary to its normal practice. We could also find no evidence that the bank had any grounds or reason to suspect Rosie was being defrauded. She had authorised all the transactions. Plus, banks have no general obligation to monitor customers' accounts to prevent them from making unwise decisions. We found that the bank had done all it could to help Rosie. The funds were probably transferred out of the accounts shortly after they were received.

Outcome

We did not uphold Rosie’s complaint.