Autumn then asked the bank to break her term deposit so she could pay for medical costs for her mother, and the bank provided her with a temporary overdraft of $30,000 until her term deposit matured. These funds were not sent to her parents, but to fund remittance agencies – again via POLi Pay and authorised with multi-factor authentication on her banking app.

Autumn disputed the charges, and the bank was able to recover $8,000. But Autumn had lost $25,000. She asked the bank to reimburse her for this amount, but the bank refused, saying its records indicated she had authorised the payments.

Our investigation

Autumn denied all knowledge of the payments, so it seemed a scammer may have accessed her account. But to make the transfers, the scammer would have had to know her internet banking credentials and have access to her device and banking app – along with the opportunity to access the device at least a dozen times over a two-week period without her noticing this fact. Gaining such access would have been impossible unless Autumn had failed to take reasonable steps to protect her banking credentials, or had failed to comply with the bank’s terms and conditions. In such circumstances, banks are not required to reimburse unauthorised payments.

Autumn might have been tricked into making the payment through some type of scam – a possibility she strenuously denied – but banks aren’t usually required to reimburse customers who have been tricked into making payments.

Outcome

We did not uphold Autumn’s complaint.