The scammer logged into her internet banking three times that day and made transfers between her accounts and then to other banks totalling $41,000. Marcia discovered the withdrawals that evening, realised she had been scammed and called the bank. The bank tried unsuccessfully to recall the funds.
Marcia asked the bank to reimburse her for the loss, but it would not. It said she had breached the terms and conditions of her accounts by disclosing her internet banking and second-factor authentication details. Marcia did not dispute she had breached the terms and conditions of her accounts, but she said the bank should have noticed that the transactions were fraudulent and prevented the funds from leaving her accounts.
Our investigation
We reviewed the email purportedly sent by the Inland Revenue Department. While it appeared authentic, customers should never disclose their banking details or credentials to anyone.
Banks are under no general obligation to actively monitor a customer’s accounts for scams or to prevent them from making unwise decisions, although they are obliged to act if they identify any red flags. In Marcia’s case, we were satisfied the transactions did not raise any red flags. It is not unusual for customers to make transfers between accounts before making one-off payments. We also noted that the transfers and transactions occurred in different internet banking sessions.
Outcome
We did not uphold Marcia’s complaint.
Print this page