Bank not obliged to actively monitor transactions for scams

Common scams targeting bank customers,
In 2021, Marcia received an email purportedly from the Inland Revenue Department asking her to click on a link, enter her internet banking details and upload details for the second-factor authentication used to access her account. Marcia did as requested. The email was from a scammer.
May 2022

The scammer logged into her internet banking three times that day and made transfers between her accounts and then to other banks totalling $41,000. Marcia discovered the withdrawals that evening, realised she had been scammed and called the bank. The bank tried unsuccessfully to recall the funds.

Marcia asked the bank to reimburse her for the loss, but it would not. It said she had breached the terms and conditions of her accounts by disclosing her internet banking and second-factor authentication details. Marcia did not dispute she had breached the terms and conditions of her accounts, but she said the bank should have noticed that the transactions were fraudulent and prevented the funds from leaving her accounts.

Our investigation

We reviewed the email purportedly sent by the Inland Revenue Department.  While it appeared authentic, customers should never disclose their banking details or credentials to anyone.

Banks are under no general obligation to actively monitor a customer’s accounts for scams or to prevent them from making unwise decisions, although they are obliged to act if they identify any red flags. In Marcia’s case, we were satisfied the transactions did not raise any red flags. It is not unusual for customers to make transfers between accounts before making one-off payments.  We also noted that the transfers and transactions occurred in different internet banking sessions. 


We did not uphold Marcia’s complaint.

Print this page