Customer disclosed codes to supposed bank employee despite requirement not to do so

Common scams targeting bank customers,
Nina received a call from someone claiming to be from her bank who said the bank had detected fraudulent transactions on her account and she had to help reverse the payments into her account. The person spoke to Nina for nearly two hours, and during that time Nina provided her credit card details as well as two authentication codes sent to her mobile phone.
September 2023

Nina thought she had passed on this information and the codes to help the bank reverse fraudulent transactions. In fact, the person was a scammer and used the information to make two transactions with Nina’s credit card totalling $15,236. The bank offered to reimburse Nina for half of the loss as a gesture of goodwill, as well as reverse fees and interest charged on half of the scammed amount. Nina considered the bank should reimburse the full amount as she did not authorise the payments.

Our investigation

The two transactions were unauthorised. Nina had passed on the codes in the belief she was reversing the payments back into her own account. She did not consent to the transactions. The Code of Banking Practice requires banks to reimburse fraud losses if a customer was not dishonest or negligent, complied with the bank's terms and conditions, and took reasonable steps to protect his or her banking credentials.

The scammer was undoubtedly convincing in his claim to be from the bank but, by giving the caller both the credit card details and authentication codes, Nina acted negligently and in breach of the card terms and conditions.  The bank was not therefore liable for her loss.



Nina accepted the bank's offer.

Print this page