Nina thought she had passed on this information and the codes to help the bank reverse fraudulent transactions. In fact, the person was a scammer and used the information to make two transactions with Nina’s credit card totalling $15,236. The bank offered to reimburse Nina for half of the loss as a gesture of goodwill, as well as reverse fees and interest charged on half of the scammed amount. Nina considered the bank should reimburse the full amount as she did not authorise the payments.

Our investigation

The two transactions were unauthorised. Nina had passed on the codes in the belief she was reversing the payments back into her own account. She did not consent to the transactions. The Code of Banking Practice requires banks to reimburse fraud losses if a customer was not dishonest or negligent, complied with the bank's terms and conditions, and took reasonable steps to protect his or her banking credentials.

The terms and conditions of Nina’s credit card required her not to disclose her PIN, passcode, and any authentication codes to anyone – including family members, merchants, the police, anyone claiming to be a bank employee and anyone claiming to be in a position of authority.

The scammer was undoubtedly convincing in her claim to be from the bank, but the terms and conditions of her card were explicit that she should not disclose authentication codes sent to her mobile phone to anyone, including anyone claiming to be from the bank. By disclosing the codes to someone on the phone, Nina had failed to comply with these terms and conditions, and the bank was not therefore liable for her loss.

Outcome

Nina accepted the bank's offer.