Santos logged in to what he thought was the online banking website on his laptop. What he saw on his screen were fake transactions out of his account. The caller told him to expect the bank to send security codes to his mobile phone to help protect his account. When the codes came through, Santos read them out to the caller. In fact, the codes authorised two transactions totalling $45,000 from his account. The bank refused to reimburse Santos for his loss.

Our investigation

A bank is required to reimburse customers for losses suffered as a result of transactions made on their account without their authority – as long as they had not been dishonest or negligent, had taken reasonable steps to protect their banking, and had complied with the bank’s terms and conditions. Santos had disclosed the codes sent to his mobile phone to the scammer, but he did not authorise the transactions in question. A customer authorises a transaction if it is done with the customer's knowledge and consent. Santos genuinely believed he was transferring money to a holding account at his bank to protect his funds from scammers.  However, we found that, in sharing codes without reading the accompanying messages, Santos failed to take reasonable steps to protect his banking and therefore breached the bank’s terms and conditions. The messages contained clear warnings that the payments were to an unknown person, and a reasonable person would have noticed this and made further enquires.

Outcome

We were unable to uphold Santos's complaint.