Juliette explained she had lost her debit card a few weeks earlier and had meant to report it lost but had not got around to doing so (and still had her credit card which she had continued to use). She did not think she was at risk by not reporting the card lost immediately because no one could have known her PIN. She also could not understand how the person could have accessed her credit card and savings accounts because her debit card was not linked to those accounts.

The bank said the person with her debit card knew her PIN and asked whether she had disclosed it to anyone. Juliette maintained no one knew her PIN and she had not written it down anywhere. The following day, Juliette went to the branch where staff told her that the woman who had tried to use her debit card had been into the branch two weeks earlier and changed the PIN on it. The bank said it would be investigating the matter and agreed to reimburse her the lost $4,000 immediately.

The bank later told Juliette that the woman had been allowed to change the PIN after a teller failed to follow correct identification procedures. The bank offered her $2,000 in compensation. However, Juliette then discovered the woman had deposited and transferred funds from her account and changed some of her details. Juliette was concerned about the woman’s motives and whether the bank had passed on any of her personal information, even though the bank had told her this had not happened. The bank told Juliette that it was satisfied the woman with her card had honestly believed it was hers and had not been acting fraudulently. She was not satisfied by the bank’s explanation, noting that a staff member at the branch had told her the woman had tried to apply for a loan in her name on her second visit to the branch.

Our investigation

The woman had been able to change the PIN because of a significant error on the bank’s part – a failure to follow basic identification procedures. However, the bank gave us inconsistent information about how the woman had been able to withdraw funds from Juliette’s credit card and savings accounts. Eventually we learned that the woman had accessed the accounts using the debit card at the branch’s ATM, and that all her accounts could be accessed in this way – something Juliette was unaware of.

Juliette was reimbursed for the direct loss and was subsequently reassured that the teller had not directly given the woman access to her credit card and savings accounts. However, Juliette remained concerned that her personal information may have been shared with the woman so that the woman could impersonate her.

We considered the bank’s response to these concerns to be far from satisfactory. It downplayed the seriousness of what had happened and dismissed the possibility of the woman acting fraudulently. It also provided unclear and inconsistent information. Juliette was left with more questions than answers and felt the bank was protecting the woman and treating her with more care than it was showing her. The matter dragged on, exacerbating Juliette feeling very vulnerable.

We reviewed the teller logs to determine what happened during the woman’s second visit to the branch. While she may have visited the branch with the intention of applying for a loan in Juliette’s name, the logs showed that the bank simply took various steps to try and identify her before blocking the accounts. Juliette was reassured by this.

Outcome

We shared our concerns about the bank’s handling of the complaint with the bank. The bank offered Juliette an apology and increased its compensation offer to $5,000. Juliette accepted this offer.