The caller, who was a scammer, made seven payments from his accounts, including three to money remittance agencies, which triggered two-factor authentication codes. Lakely received the codes on his phone and gave them to the scammer. Later, Lakely realised he had been scammed and called the bank, but the bank was unable recover any of the $30,000 transferred out of his accounts. Lakely asked the bank to reimburse him, but it declined, saying he had not taken reasonable steps to safeguard his banking credentials. As a gesture of goodwill, it offered him $8,000.

 Our investigation

Banks must reimburse customers for unauthorised transactions, provided customers have taken reasonable steps to protect their banking credentials and complied with the terms and conditions of their account or card. We agreed with the bank that Lakely had not taken reasonable care to protect his banking credentials. He had failed to recognise the warning signs of a scam that should have been obvious to a reasonable person, such as the scammer’s request to download a remote access app; setting up a cryptocurrency account; the use of a so-called “dummy account” to protect his funds; and the transfer of funds to money remittance agencies – all destinations that were outside the bank and should therefore have raised his suspicions.

 We did, however, find that the bank had made no attempt to try to recover the first transaction of $4,600. It also made two procedural errors, although these had no effect on the bank’s attempts to recover the rest of the money. In light of this, the bank increased its offer to $12,600.

 Outcome

 Lakely accepted the bank's revised offer.