In September 2024, Claire’s friend came to stay with her in New Zealand. Payments totalling $8,000 were made out of her account to the same cryptocurrency trader. Claire reported these payments, along with the payment a year earlier, to the bank, saying she had not authorised them.

The bank doubted her story. It said she had transferred funds between her accounts shortly before the disputed payments, which were made from her phone. It also said Claire had given conflicting statements about who she thought had accessed her account. Initially, she said she didn't know, then that it might have been family members, and then that it was her new friend. The bank refused to reimburse the money.

Our investigation

Claire told us that she had been having treatment for cancer at the time, and this had affected her cognitive ability. Looking back, she was sure her new friend had accessed her phone. However, she had given friends and family members the access code to her phone while on holiday so they could play music through her Spotify app. Her banking app PIN was the same as the access code to her phone – a breach of the bank's terms and conditions, which said customers could not use their PINs for other purposes.

However, we considered the bank had neither tried to recall the payments nor responded to her complaint within a reasonable timeframe. The bank accepted this and offered to reimburse the payments in full, along with $2,000 to compensate for the stress and inconvenience she had suffered. 

Outcome

Claire accepted the bank's offer.